Do Cyber Criminals worship the devil?

We have no idea, but eCommerce fraudsters did generate precisely 666k attacks against merchants protected by Forter's fraud detection during 2016.

In 2016, our system reviewed hundreds of millions of online and mobile transactions, supporting buyers and sellers from 132 countries, and returned a real-time approve or decline decision for every one of them. Now that 2016 is drawing to a close, we thought it would be fun to take a look at some of the data from those transactions, our fraud detection stats, and see what we can learn about fraud and fraudsters in 2016.

2016 was a year of online fraud

We expected 2016 to be a heavy year when it came to online fraud, and we were definitely right about that.

A major factor in the rise of fraud this year was the US adoption of EMV (microchip cards). The purpose of EMV cards is to make card present fraud more difficult, and it's succeeded in that goal - the industry is already seeing less counterfeit card fraud. However, as in every other country, pushing fraudsters out of the physical fraud space simply encouraged them to move online.

Add to that the growth of e-commerce, which makes it more and more attractive to criminals as a target. Add the wealth of fraud opportunities presented by mobile (and the fact that many retailers haven't yet started to optimize antifraud for mobile). Add an increasingly sophisticated online criminal underworld. Take into account the fact that, for fraudsters, there's a lower barrier to entry than ever before and apps to help them easily available... You can see why there's a lot of online fraud nowadays.

2016 was a year of online fraud detection

When there's fraud, there's fraud detection - or at least you'd hope that's the case! For merchants with Forter, it certainly was.

Despite the rise of online fraud, our customers were protected by accurate, fully automated fraud prevention. The system proved itself adept at identifying and blocking new types of attacks (thanks to our unique combination of machine learning and human expertise). Retailers with Forter received instant, frictionless decisions for every order, high approval rates, and insights into developing fraud trends. Any chargebacks, of course, were covered by our full fraud chargeback guarantee. We feel confident that all of this is why Forter received 13 awards this year - it's simply the solution merchants need for the challenges that they currently face.

And the 2016 nastiest fraudster award goes to…


A Lithuanian fraudster believed to be in his early 20s (Is it really him in the picture? Who knows. We found it on one of his numerous fake profiles) who attacked Forter merchants 1,211 times in one month (and succeeded 0 times).

Now here's the breakdown. In 2016 we saw:

666,000 attempted attacks

Number of the devil? Maybe so, at least when it comes to fraud detection. This year our system saw 666,000 attempted fraud attacks. These ranged from simple brute force attacks to highly sophisticated ones leveraging anything from social engineering to fake websites, ATO and more.

They all had one thing in common: the person behind them was a fraudster, using or manipulating a victim's details, trying to steal from an online retailer who would end up paying the price.

About 28,000 individual fraudsters

Fraudsters like to repeat themselves. If they find a way through your defenses, they'll make the most of it and exploit that weakness for all they're worth. They know you'll catch on sooner or later, so they maximize the opportunity while it's there. Even if they're unsuccessful on a website (and for merchants with Forter, that's almost always the case) they'll still often try more than once. They might vary the attack slightly, or use a different card if they're wondering whether the one they've got is still valid.

Since Forter protects many sites, we also see the same fraudster popping up on two, four or eight sites. This is especially true across sites that sell similar products. Criminals often specialize, preferring to target online gift card sites, or apparel sites, or luxury goods sites - whatever is easiest for them, personally, to monetize. Of course, having caught them once Forter's system catches them even faster the next time: our patented velocity technology can identity a returning user even when they're trying hard to hide and aren't reusing a single piece of information. But the fraudsters don't know that.


Was your machine used for fraud this year?

13,000 new proxies in the US

One of the ways online criminals conceal themselves, their identity and their location is by pretending to be somewhere else. That frequently involves using an IP address that's somewhere more convincing than a fraudster's real one. Even relatively rookie fraudsters often know they need an IP in the US for a US credit card. Sophisticated fraudsters will go for an IP address that's very close to a billing address - the same city for sure, and more typically the same zip code. The closer the better.

There are plenty of legitimate reasons that people around the world use proxies. But in those cases, they don't care which zipcode the IP address appears to be coming from. A fraudster who does care has a challenge in front of them, since you can't get that specific in terms of fake location using more generic proxy services. You can, though, if you're using computers that have been hacked and are being used as proxies without their owners’ knowledge. We’ve seen a lot of that this year, one more sign that fraud sophistication is increasing as more fraudsters move online.

So was your machine affected? There’s a way to check if there’s a problem now, and it’s free of charge:

To use this tool you’ll need to know your IP address (which you can find by Googling “what’s my IP address). But it won’t give you a definite answer for the whole year; bear in mind that IPs are often dynamic and that even if all ports are closed right now, that doesn’t mean they were all year long.

1 of every 56 new mobile phones was a disposable sim used for attack

For legitimate users, there’s always a bit of a thrill when you start using a new mobile phone. But online criminals like to have new devices, or at least new sims (meaning an apparently new device) for a different reason - it makes it hard to track them from sim to sim, and so it’s harder for fraud detection to block them. That means it’s easier for fraudsters to steal.

We saw an uptick in the frequency of this trick in 2016. With mobile commerce growing it’s natural that fraudsters are becoming increasing interested the options it makes available. Moreover many retailers haven't yet started to optimize antifraud for mobile. Online criminals are exploiting that loophole while it’s there to make a profit.

At Forter we designed our mobile fraud detection from a mobile-first perspective for exactly that reason. Fraudsters can use different methods of attack against mobile: merchants have to be prepared. Our system can identify a returning fraudster even if they’ve swapped their sims - and we’ve been surprised, this year, to see how common this is becoming.

Want to explore what a fraud prevention solution that puts accuracy first can do for you?

Get In Touch