Online fraud professionals beware - there are challenges ahead.
It will come as no surprise to experienced ecommerce fraud protection pros to learn that 2016 was a difficult year from the fraud perspective. Online fraudsters had their numbers boosted by the criminals who moved across following EMV adoption in the US, and they started exploring new industries and working out new attack methods.
The latest Fraud Attack Index, a collaborative effort between Forter and the Merchant Risk Council (MRC), presents a summary of 2016 fraud attack data in comparison to 2015, and analyzes the changes and the trends shown.
You’ll have to download the full report to get the full picture, but here are a few of the highlights:
Online Fraud Attacks Have Increased
Overall, 2016 showed a 8.9% increase in fraud attack rate. That’s not the scary spikes we were seeing right before and after EMV - but remember that this increase is on top of the rise in fraud attacks that was seen then.
A lot of new fraudsters came online, and they’re not going anywhere yet.
Domestic Online Fraud Attacks Are Up
It’s been a truism accepted by ecommerce fraud protection professionals for years that domestic orders are far safer than international ones. That’s still true - but domestic is no longer the “safe harbor” that it once was.
In fact 2016 was not a good year when it comes to domestic fraud attacks. At its peak, the domestic fraud attack rate rose to $4.98 at risk per $100 of sales in Q4 2016 - compared to $2.7 in Q4 2015. That’s nearly double!
Some of this is impacted by the US adoption of EMV in October 2015. The fraudsters most affected by not being able to copy and counterfeit physical cards in the US are those located in the US, so it makes sense that they would make the move online.
Some of it is accounted for by a rise in “friendly fraud” where we’re seeing occasional liar buyers become serial liar buyers, sharing tips on social media for how best to defraud.
International Orders Are Still More Risky
Even with the domestic fraud attack growth, international orders are still higher risk - in fact, 62.4% riskier than domestic. That’s despite the fact that the international fraud attack rate went down by 13%, something which is due to increased numbers of genuine international orders rather than less fraud.
A recent DHL study found that merchants can increase their sales 10%-15% through taking international traffic, so it’s no surprise that many ecommerce retailers are interested in the international market for the year ahead.
It’s up to ecommerce fraud protection professionals to advise their companies on the best way to approach international orders without increasing either chargebacks or false positives - by becoming sensitive to the different trends within the relevant markets and adapting accordingly.
The Shift in Account Takeover
Thanks to numerous data breaches and consumers’ continued tendency to use weak passwords and reuse passwords and account details, account takeover has become far easier for fraudsters. Online criminals like this method because it gives their attempts legitimacy and increases the scope for fraud available to them.
Merchants knew this, and in 2016 ecommerce fraud prevention teams worked hard to identify and block cases of account takeover "ATO" against their site accounts. Unfortunately, the fraudsters simply shifted their attention from merchant site accounts to online payments accounts such as PayPal, ApplePay, Amazon Payments and so on - this kind of ATO saw a 131% increase in 2016.
The full report has more data on all of these topics and more - including why Apparel has been hard hit, and why Food and Beverages is seeing a surprise spike. To keep ahead of the fraudsters, ecommerce fraud protection professionals need to keep up with what’s changing in this fast-moving ecosystem.