In our continuing saga on the wide world of large-scale fraud schemes, enter the invisible army of online commerce operators with the motivation and ability to steal consumer credit accounts and to create new accounts. One of their current objectives is to commit fraud by buying clothes and shoes and accessories to resell or to receive illegal chargebacks.
In fact, the apparel industry suffered a whopping 70% year-on-year increase in U.S.-based fraud attacks in 2016. This is according to new research that examines online fraud activity from the e-commerce fraud prevention provider Forter together with the Merchant Risk Council.
Let’s take a closer look at the results of the research, and examine what businesses can do to protect themselves from the growing threats.
Forter’s 2016 Fraud Attack Index
Israel-based Forter looked at data on more than 136 million transactions to compile its 2016 Fraud Attack Index, revealing a 79% increase in fraud incidents for U.S. domestic retail orders when comparing Q4 2015 to Q4 2016. Interestingly, online fraud attempts on international orders in Q4 2016 decreased by 13% when compared to incidents recorded in the same period in 2015. Nevertheless, fraud activity in online retail orders from outside the U.S. were 62% higher than in domestic orders during the fourth quarter of 2016.
Impact of EMV adoption
According to fraud research analysts at Forter, after the October 2015 adoption of EMV (microchip) credit cards in the United States, a rise in the number of domestic fraud attacks on online commerce sites was anticipated. As hoped, U.S.-based operators were negatively affected by not being able to easily copy the necessary data from physical cards. However, domestic fraudsters then shifted to increase their online pursuits, dramatically boosting domestic CNP (card not present) fraud activity last year.
Increase in online payment hacking
The 2016 Forter report noted an alarming upward trend in the Account Takeover (ATO) domain. Fraud operators have also shifted focus from “Merchant ATO” (breaking into accounts managed on the seller’s website in order to masquerade as returning customers) to “online payment ATO” (hacking into customer accounts managed by online payment services including PayPal, Apple Pay, Google Pay, and Amazon Payments).
Thus Merchant ATO activity, which was on the rise in 2015, actually decreased last year. However, this represented a shift in account targeting by type rather than indicating an overall decrease in activity. The 2016 Fraud Attack Index reveals a 131% increase in all ATO attempts against U.S. online payment accounts.
Online payment fraud prevalent in apparel, with a 69% increase
Evaluating the online payment fraud differences between retail categories, Forter analysts also published the year-on-year percentage increases or decreases in fraud attacks for specific product verticals:
- Apparel – 69% increase
- Food and beverages – 49.8% increase
- Electronics – 1.8% decrease
- Luxury goods – 8.4% decrease
- Digital goods – 22.6% decrease
- Travel & hospitality – 33% decrease
With an increase of nearly 50% over 2015, Forter’s data reveals that the food and beverage trade has also seen a dramatic increase in online fraudulent payments in the past year. As the five-quarter graphical analysis shows, the apparel industry remains under the threat of online fraud more than any other U.S. retail sector. Some of the contributing factors include widening deceptive buying practices and the large and growing market for stolen credit card information.
Forter’s report also warns online merchants and consumers that botnets are becoming increasingly popular with fraud players due to their ability to increase both the scale and reach of online attacks.
What to do
Fortunately, solutions are available that can help detect fraudulent activity and to prevent losses due to payment fraud. These solutions can:
- Help customers reduce fraud-related financial losses by screening multiple payment scenarios while providing increased security for transactions in key business processes
- Capture and analyze high volumes of transaction data from multiple sources and provide real-time detection to help quickly identify and halt fraud activity
- Stop payment processing in real time on transactions that are associated with revealed fraud patterns
- Offer prebuilt rules for fraud detection – for example, identifying customers located in high fraud-risk countries, and screening full customer addresses against politically exposed persons (PEP) lists
- Prevent open access to identifying customer data and improve protection against sensitive information misuse
- Mask sensitive data-capture fields before field values are handed over to a user interface
This article, GRC Tuesdays: Fraud Consumes U.S. Online commerce with an Appetite for Apparel, originally appeared on the SAP BusinessObjects Analytics blog and has been republished with permission.