Ecommerce fraud is up according to fraud prevention firm Forter and its 2019 Fraud Attack Index highlights some disturbing trends in the $140bn a year online retail market.
Despite efforts to thwart fraud, between Q2 2018 and Q2 2019, the dollar amount of ecommerce fraud has increased by 12% as fraudsters move from brute force attacks that rely on volume of indiscriminate attempts to more targeted attacks that aim to maximize the amounts they can steal at one time.
Reflecting this is the fact that account takeover attacks decreased 14% year-over-year, while the number of fraud victims who have had an intermediary account opened in their name jumped 200% past the previous all-time high. Fraudsters are also increasingly targeting loyalty programs.
Loyalty program fraud grew by a whopping 89% as fraudsters took advantage of these programs’ generally weaker fraud prevention measures. Loyalty program fraud is especially appealing to fraudsters because they typically don’t need the same amount of information, such as credit card numbers, to be successful. At the same time, the gains from loyalty program fraud can be just as tangible as those that do.
Loyalty program fraud isn’t the only kind of ecommerce fraud that is growing in popularity among criminals. Other methods of fraud on the rise in the last year include:
Buy Online Return In Store (BORIS), up 23%. Returns abuse is a $17bn a year problem and fraudsters are increasingly taking advantage of retailers’ accommodating returns policies for nefarious purposes.
Buy Online Pick Up In Store (BOPIS), up 23%. Armed with an individual’s correct billing and personal details, fraudsters use click and collect offerings to more easily take possession of ill-gotten products.
Identity manipulation, up 30%. With stolen personally identifiable information (PII), often obtained through sophisticated social engineering attacks, fraudsters can use legitimate information when executing their fraud attempts.
Instrument manipulation, up 15%. By gaining control of devices using malware and social engineering, fraudsters can better conceal their attacks. For example, by obtaining access to a victim’s computer, or a computer in the same geographic region, fraudulent purchases are more likely to evade detection as they will appear to come from a legitimate device.
Coupon, up 10%. Discount codes intended for friends and family can be widely distributed, thus resulting in retailers losing out to larger numbers of discounted orders than intended.
Fraud prevention versus customer experience
According to Forter, the rise in ecommerce fraud is related to retailers’ efforts to reduce friction and create better customer experiences:
‘Customers now, more than ever, expect a friction-free shopping experience with no delays along their path to purchase or fulfillment. With new methods of fraud circumventing legacy fraud prevention systems, customers who meet added friction have more options than ever before and will drop off retailer sites in search of better experiences elsewhere for the same products. In a recent Forter survey, half of Americans agree that they were less likely to buy something online if the entire checkout process takes longer than half a minute. Furthermore, the average customer will wait just ten seconds for their credit card to be verified, and one in three have clicked out of purchasing their item when having to reenter their credit card info.’
Obviously, retailers have a fine balance to strike. Blunt, aggressive fraud prevention methods clearly have the ability to push legitimate customers away. At the same time, retailers can’t afford not to respond to emerging fraud threats.
As a starting point, retailers must assess all parts of their business, paying special attention to areas their fraud prevention efforts might have overlooked historically, such as loyalty programs. They should also consider building smarter fraud prevention systems that take into consideration the relative risk of transactions. For instance, knowing that, according to Forter, express shipping orders are twice as risky — fraudsters want to get fraudulently-purchased products into their hands as quickly as possible — retailers might find it sensible to apply more scrutiny to these orders.