Experian E-commerce Attack Rates

Experian "2017 E-commerce Fraud report"Russian hackers and trolls may have received all the media coverage in 2017 but it was Chinese and Venezuelan hackers who carried out the most e-commerce fraud in 2017 according to a new report by Experian.

In its 2017 E-commerce Fraud report, Experian says online shopping fraud attacks rose 30% in 2017 vs. 2016, and transactions originating from foreign Internet Protocol (IP) addresses were seven times riskier than average.

Javelin Research reports more than 16.7 million US consumers were affected by identity theft in 2017 and online shopping fraud is one of the outcomes.

In the first three months of 2018, according to the Identity Theft Research Center, there have already been 273 new data breaches with 5,498,547 records exposed.

Overview of e-commerce fraud

online securityExperian says online shopping fraud rose dramatically to key categories – 37% in shipping fraud and 34% in billing fraud.

China and Venezuela were sources of most of the shopping fraud:

“China was the riskiest country based on IP address in 2017. The majority of bad traffic originating out of China hit Oregon and Delaware, followed by California. Beaverton, Oregon’s 97079 ZIP code had the highest shipping attack rates in the US last year, and it’s shipping, and billing attack rates were the highest from an IP address in China.

Venezuela would have been the riskiest IP country except they have 60% lower volume of online transactions compared to China. Venezuela is nearly 30 times riskier than the population average would otherwise suggest. The 33198 Miami ZIP code, which was in the top 10 for both billing and shipping fraud in 2017, suffered its highest shipping attack rates (46.2%) from a Venezuelan IP address.”

Riskiest states & cities for shopping fraud

Experian identified billing fraudAccording to Experian, 50% of fraud occurred in Delaware, New York and California. “Delaware and Oregon were the riskiest states for both billing and shipping fraud for the second year in a row. Both states saw a significant increase in shipping attack rates in 2017, with Delaware increasing over 300% and Oregon just under 300%.”

E-commerce fraud is not just a big city or coastal problem. Montana, South Dakota, Colorado, and Utah each saw their attack rates double from 2016.

Delaware, Oregon, Washington D.C., Florida and Georgia are the top five riskiest states for billing fraud.

The five riskiest states for e-commerce shipping fraud were Delaware, Oregon, Florida, New York, and California where nearly half of all shipping fraud attacks occurred.

The five riskiest cities for billing fraud were South El Monte, CA, New Philadelphia, PA, East Walpole, MA, Carnegie, OK and Fort Benning, GA.

The five riskiest cities for shipping fraud were South El Monte, CA, Minden, NV, Hillsboro, OR, Westminster, CA, and Port Reading, NJ.

Safest states & cities for online shopping fraud

cybersecurityNebraska qualified as the safest state for billing and shipping fraud followed by South Dakota, Rhode Island, Connecticut, and Kansas.

The five safest states for billing fraud were Delaware, Oregon, Washington D.C., Florida, and Georgia., Wyoming, South Dakota, Connecticut, and Wisconsin were the five safest states for shipping fraud.

The five safest ZIP codes for billing fraud were in Hebbronville, TX, Chicago, IL, Springfield Gardens, NY, Vernon, FL, and Nashville, TN.

Hartwell, GA, Los Angeles, CA, Lockbourne, OH, Miami, FL and Oregon City, OR were the five safest cities for shipping fraud.

“Synthetic” fraud growing

synthetic ID fraud is growingSynthetic ID theft is when a fake identity is created using either a Social Security number, name, address, and date of birth—then merged with real and fake consumer data to create a fresh identity to open a new credit card account in someone’s name.

Experian says synthetic fraud is growing:

“The volume of data breaches each year combined with the easier access to the dark web has made stolen personal information residing in those marketplaces more accessible for criminals,” said Mike Gross, Experian director of fraud product strategy. “The availability of compromised data—both payment and identity—allows fraudsters to gain access to legitimate online accounts and create synthetic identities.”

Gross says synthetic ID fraud is “very hard to uncover because no one is calling to report unusual account activity because they are unaware of the new account and card issuers see these transactions as being legitimate.”

Shift from POS to e-commerce fraud

While new EMV (Europay, MasterCard, and Visa) chip cards have reduced point-of-sale) POS) fraud, hackers have simply turned to online shopping where card-not-present crime is rising.

Credit card fraud was the most common form of identity theft (133,015 reports) in 2017, according to the FTC.  According to Experian, credit cards were used in 92% of fraudulent transactions last year, while 7% happened through direct billing, third-party transfers, or prepaid gift cards.”

7 ways to spot a fake website

fake websiteExperian offers seven tips to identify a fake website and potential source of online fraud:

  • Look at the domain name to see if it is the site that you wanted to go to or different domain name.
  • Check the contact page to find the name of the owner and use a lookup service on the URL to find additional information about the site.
  • Google the site and owner to check what the search results say. You can also visit Google’s Transparency Report to find out the safety rating.
  • Find reviews of the site or owner of the business from other users to read what they said.
  • Is HTTPS supported? Make sure the website is HTTPS supported and secure if you decide to make a purchase.
  • Are there typos and grammar mistakes on the site? If so, that could be a sign that the site is not on the up and up.
  • Are the prices really low? If so, compare those prices to others sites. If it is still much lower that could be a bad sign that it is a scam.

How Can You Prevent Online Fraud?

Experian says you can reduce or prevent online fraud by not using the same username/password combinations across sites, monitoring your financial statements monthly for irregular activity, and regularly checking your credit report. There are four other things to help reduce your risk:

  1. Limit your data exposure to only what is essential to complete your task or transaction.
  2. Don’t overshare your data, especially on social media channels.
  3. Only use trusted sites, especially those with https (Hyper Text Transfer Protocol Secure) URLs.
  4. Check your login credentials and frequently change your password and security questions to make it more difficult for hackers to access your data and accounts.

Free report access

Experian’s 2017 E-commerce Fraud report is available for free. It’s valuable reading if you’re interested in the scope of e-commerce fraud and quick tips to protect your data and online identity.