As technological progress continues at breakneck speeds, the payments and commerce ecosystems are changing. Traditional interactions in physical stores are increasingly being replaced by digital ones, or combined into hybrid experiences that may begin in one space and end in another.
As a result, consumers have grown to expect an integrated digital experience that is seamless, instant, and omnichannel. For example, a customer may research an item on their laptop, visit a store to try it out, and go home to then complete the transaction with a mobile phone. With just one click, consumers can order and pay for the item, and expect same day delivery.
In such a dynamic world, the nature of fraud is changing, too. Since consumers have come to expect a frictionless experience, and companies are striving to oblige, online criminals are changing their methods to exploit emerging vulnerabilities.
These trends are covered in the Seventh Edition of Forter’s Fraud Attack Index. By using Forter’s extensive database, the report surveys over $140 billion in e-commerce transactions tracing the current state of fraud. By assessing such a vast collection of transactions, Forter’s report is the most extensive research ever conducted on fraud.
Doing more with less
One central finding in the Fraud Attack Index is that the quantity of fraud attacks is decreasing in many segments. However, merchants should not rest on their laurels: the quality of the attacks is improving as fraudsters are becoming evermore skilled and precise.
“We continue to see greater sophistication in attacks as fraudsters learn more about the way payments are handled, especially disputes and returns,” said Aaron McPherson, VP of Research Operations at Mercator Advisory Group.
He explained that the shift away from large scale, indiscriminate attacks to more precise attacks on a smaller scale is borne from “the natural desire to make more money with less effort.” More sophisticated attacks often yield more money while reducing the chances of getting caught.
“Generating a large number of attacks makes it easier for law enforcement to track you,” explained McPherson. “Better to keep a low profile and be more selective.”
The report noted that, due to numerous high profile data breaches, fraudsters are benefitting from the bevy of personal data floating around on the dark web. This availability of personal data is driving fraud toward account-based vulnerabilities rather than the traditional transactional fraud of the past.
In line with the trend away from quantity and instead to quality, account takeover attacks declined by 14% over the past year. But the successful attacks have become more intricate.
One and a half million victims of account fraud had an intermediary account opened in their name first, the report found, a 200% increase from the previous high.
Another factor identified by Forter is that fraudsters are capitalizing on the frictionless experience which defines modern e-commerce.
“By streamlining particular processes (including shipping and checkout) in order to better compete with other online brands, retailers have simultaneously created vulnerabilities in their platforms that fraudsters are looking to exploit,” noted the report’s authors.
The problem is that if merchants introduce more protections to safeguard e-commerce, they run the risk of losing customers.
“An old saying is the only perfectly secure system is one that nobody can use,” said McPherson. He noted that the rollout of 3D Secure, an EMVCo technology for securing e-commerce payments, was abandoned by merchants once they realized it was leading to higher cart abandonment rates. An improved version is being tested now, but many merchants are hesitant to embrace it.
The lack of friction is causing many segments to witness an increase in fraud. For example, fraud related to loyalty programs increased by 89% percent between Q2 2018 and Q2 2019. Opportunistic fraudsters are seizing loyalty points and redeeming them online with minimum friction, since “merchants have a lower threshold for preventive measures that could create increased friction for their good shoppers.”
Another type of fraud that has witnessed an increase is Buy Online Return In Store (BORIS). It has increased by 23% over the past year and has cost retailers in the U.S. more than $17 billion per year, according to Forter’s report. BORIS is easy to carry out because merchants are becoming more customer-centric, meaning that they likely have permissive return policies to please the customer.
In addition to exploring loyalty fraud and BORIS, the report sketches out the contours of fraud across numerous segments, ranging from the apparel & accessories industry to the travel industry, and everything in between.
By reading Forter’s report, merchants can better understand the current e-commerce landscape and how fraud vectors are changing in response to shifting commercial trends. Armed with this information, businesses can better prepare for the types of fraud they’re likely to encounter in the coming months and years.
“Fraud prevention is an arms race that requires constant vigilance and innovation,” said McPherson. “Next time you get annoyed by another password reset or challenge question, have some pity for the people who have to keep us safe.”
Forter’s Seventh Edition Fraud Attack Index can be viewed here.