The latest edition of the Global Fraud Attack Index™ is now out, bringing the index of online fraud attacks up to the end of Q1 of this year. The news is anything but reassuring.
Between Q2 2015 and the end of Q1 2016, online fraud attacks rose 137%. Botnets and ATO (account takeover) attacks have both grown, botnets by a huge amount.
Why Online Fraud Attacks are Increasing
There’s no doubt that EMV has played its part in this increase. Fraudsters actually moved online more efficiently and more quickly than the card networks were able to implement the new standard. (A process which has been somewhat bumpy so far). Aware that card present fraud was about to become more difficult, fraudsters moved to the weaker card not present channel.
That’s not the only factor at work, however. The growth of online commerce itself has made it more attractive to criminals, who move where the money is. Mobile commerce provides new and lucrative vulnerabilities. As Forrester has reported, “mobile offers fraudsters more options than any other channel.” Moreover, many merchants have yet to adapt their fraud prevention to the needs of this growing channel.
Moreover, the massive data breaches of the last three years have led to a wealth of stolen data easily and cheaply available online. This factor is complemented by a highly sophisticated and continually developing online criminal underworld. It’s simple to find the information and tools needed for online fraud, all from the comfort of your home computer.
Who's Feeling the Spike in Fraud Attempts
When you think about the picture made by all of these factors, it’s easy to see why online fraud has increased so much in such a short time. Some of the verticals which are particularly affected are the “usual suspects”, with digital goods remaining a particularly attractive target for fraudsters due to their easy monetization, and luxury goods the same due to their high pay-off.
Some are more unexpected, with food and beverages seeing an increase in attack rate as well. You might think that this is a surprising industry for fraudsters to focus their efforts on, considering that the amounts in question tend to be small.
This is a good illustration of why thinking outside the box is essential in understanding (and thus preventing) fraud. While it’s true that the ROI of food and beverages fraud is unlikely to be high in terms of monetization, there are some clear cases of benefit for the fraudsters involved.
Why Food and Beverages are Likelier Targets Than You Think
Firstly, teenage fraudsters treat online fraud less as a business venture and more as a “cool” way to supplement the lifestyle they’d like to lead. For them, pizza and beers are desirable items. If they don’t have to pay for them, then that suits them even better. Moreover, when they’re ordering for a group (which they often do) there is a relatively high price tag. Nothing enormous (think $200) but not negligible, either - especially considering how common this kind of fraud is becoming.
Second, online food businesses have often not been particularly stringent about fraud prevention and are almost forced to prioritize good, fast customer experience: when someone wants food or drinks, they want it fast. Most companies still rely on manual reviews. Without full automation, businesses need to choose between prioritizing customer experience or loss avoidance.
As delivery.com COO Colin Sims explained the policy he used before the company started using Forter’s Decision as a Service® solution:
“If we were unsure about a transaction, we would let it through and face the music later. At least we didn’t lose a good customer. If you’re losing customers, none of it matters anyway.”
For this reason, such retailers are logical targets for fraudsters who are polishing up their skills, trying out stolen information, or refining new kinds of attacks. And if they get a “free” lunch out of it, so much the better for them. Of course, it’s the merchant who pays the price.
Find Out More