Even in normal circumstances, the fraud landscape is constantly evolving. Criminals and merchants are locked in a perpetual battle, with both sides adopting the latest tools and adapting their methods accordingly.
For instance, when merchants began to rollout point-of-sale terminals equipped with EMV technology to safeguard card-present transactions, criminals shifted to digital fraud vectors. In turn, merchants have increasingly adopted fraud prevention solutions that utilize artificial intelligence to detect suspicious behavior.
Then COVID-19 spread around the world, disrupting entire industries, threatening the health of billions, and causing widespread changes to commercial and social behavior. Shuttered stores and fear of contracting the virus mean more and more people are migrating their activity to the online world, forcing merchants to accommodate surging levels of online traffic.
In this environment, the already fluid nature of fraud has been greatly bolstered. For merchants trying to understand what the notable impacts are and how they can keep up with evolving fraud threats, the cybersecurity firm NuData’s report “2020 H1: Fraud Risk at a Glance” is a good place to start.
Over 6 months of data-driven insight
The best way to understand how fraud is changing is to drill into the data—and a lot of it. This is exactly what NuData, a Mastercard company, did in its recent report. From January 1 to June 30, analysts monitored the NuData network for important changes to global traffic patterns.
The analysts then supplemented this evidence with data from the NuData Trust Consortium, a detailed collection of information “about attempted attacks on NuData clients,” which is “used to gather historical trends and train the machine learning models for attacker recognition and fraud prevention solutions.” In 2019, for example, NuData analyzed over 650 billion behavioral events, allowing the company to develop a deep understanding of the fraud landscape.
NuData’s findings compellingly highlight the changes in user habits and fraudulent activity, thereby allowing merchants to “make sense of what’s happening in the threat landscape,” as the authors of the report explained.
The high-level trends
The report is packed with helpful statistics and detailed trends, but here are four major takeaways of how fraud has been impacted since the pandemic began:
- 96% of attacks on financial institutions were sophisticated – they attempt to look like humans
- Account creation attacks have increased drastically
- High-risk mobile traffic increased by 55%
- The average dollar value of a chargeback grew 124%
The increasing sophistication of fraud attacks
NuData’s analysts break attacks into two categories: sophisticated and basic. A basic attack is one that focuses on high volume rather than quality; the hacker does not bother trying to appear human. In a sophisticated attack, the hacker focuses more on trying to appear like a legitimate user. A sophisticated attack “displays expected browser or application behavior and runs scripts in the environment to create this human-like interaction.”
NuData found that sophisticated attacks are on the rise, with financial institutions (FIs) being the hardest hit, as the following graphic shows.
Since FIs have been improving their security tools to stop basic, volume-focused attacks for a while now, fraudsters are developing more elaborate methods to bypass these systems. This could entail using human intervention to manually solve a bot-detection challenge such as CAPTCHA, which helps attacks bypass common bot detection tools.
NuData’s analysts noted that while FIs are the hardest hit now, they “expect to continue seeing human-looking attacks increase across all industries.” Given this, companies need fraud prevention platforms that utilize behavioral tools to detect human-looking attacks.
Criminals are targeting account creations
Another major finding was that account creation attacks against merchants have increased during the pandemic compared to the same time period last year. An account creation attack is when a bad actor creates a fake account in order to later commit fraud with it. For instance, a criminal might create an account to make fraudulent purchases using a stolen credit card.
Between March and June, “one in every two account creation attempts was flagged as high risk by the NuData platform.” This underscores the need to safeguard the entire e-commerce lifecycle, from when an account is created to when a transaction occurs.
Riskier behavior on mobile channels
E-commerce and digital goods traffic is surging due to the pandemic. During the first half of the year, companies involved in online commerce had an average traffic increase of 67% compared to 2019.
With more people browsing, ordering, and transacting online, fraudsters are looking to take advantage. NuData found that there was a 55% growth of high-risk mobile traffic during the first half of the year.
These numbers demonstrate the need for merchants to invest in improving their security tools to enhance the user experience while safeguarding against high-risk activity.
Already costly, chargebacks are getting more expensive
Although the white paper unpacks more trends, the final trend addressed here pertains to chargebacks, which is when a customer disputes having made a purchase and seeks reimbursement.
Even before COVID-19 hit, chargebacks were costing U.S. issuers a substantial sum of money. According to a report from Ethoca, chargebacks cost issuers $585 million in 2019, and this amount was expected to grow to $690 million in 2020. However, the pandemic has caused a surge in chargebacks, meaning that the $690 million projection made prior to the pandemic is going to be too low. As the following graphic shows, chargebacks from both deliveries and in-store purchases crept up beginning in March, when the pandemic began. During this time span, the total fraud dollar value of chargebacks “increased by 36% for goods shipped to customers and 124% for in-store pickup.”
The sharp uptick in both the frequency of chargebacks and the dollar value of these disputes highlights the importance of having an effective dispute resolution platform. Crucially, merchants should adopt “tools that provide advanced notification of incoming fraud and customer disputes so that merchants can take action to resolve them before they become chargebacks.”
COVID-19 has changed the way people shop and socialize by forcing more activity into online channels. As merchants and FIs cope with the influx of legitimate online interactions, fraudsters are looking to exploit vulnerable systems and capitalize on the all confusion. NuData’s report unpacks this changing landscape and empowers merchants and financial institutions to fight back. While some of the key trends are outlined here, far more insight is contained in the paper, including pandemic traffic patterns by industry. Those interested in learning more can access the paper here.