Forter Fraud Attack Index

By Douglas Hall, Publisher, PaymentsNEXT

E-commerce fraud prevention leader Forter released its ninth Fraud Attack Index, providing in-depth insight into the impact of COVID-19 on online buyer behavior and e-commerce fraud trends.

Key among its findings were a five times growth in new online account openings accompanied by an increase in false declines, and a rise in omnichannel fraud including a 55% jump in buy online pickup in-store (BOPIS) fraud.

Fraud research highlights

The newest edition of the Forter Fraud Attack Index is the company’s most extensive research ever and revealed other key fraud trends:

Forter Fraud Attack Index 9th edition
  • New customer accounts made up 30% of transactions, five times more than pre-pandemic, noting merchants using legacy fraud prevention systems could see high false decline rates and potential fraud without dependable data on new customers.
  • Growth in transactions driven by the consumer shift from brick-and-mortar stores to online purchasing is masking a rise in the number of fraud attacks, providing retailers with a false sense of security.
  • Omnichannel fraud is growing: Buy Online, Pick-up In-Store (BOPIS) fraud rose 55%.
  • With transactions falling by 97% compared with H1 2019, fraud attack rates in the travel industry more than doubled, with hotel fraud attacks rising 139% and airline fraud attacks increasing 144%.
  • Account Takeover (ATO) and Policy Abuse such as returns, promotion, and reseller abuse are expected to surge during the holiday season.

“A rapid rise in new customer accounts, coupled with having to pivot quickly from brick-and-mortar to online sales channels, put unprecedented stress on merchants as they tried to perfect the e-commerce experience. It is clear from what we’ve seen that some retailers were more agile and prepared for this than others, quickly introducing new services such as curbside pickup and Buy Online, Pick-up In-Store, in a bid to retain new customers,” said Forter CEO and cofounder Michael Reitblat.

“To fully realize this new revenue potential, merchants need more accurate fraud prevention that can distinguish between these valuable new customers and fraudsters. Merchants can have a false decline rate between 5-7 times higher for new customers – typical of legacy systems that do not have sufficient data on new account holders,” Reitblat added.

Fraud growing in baby formula, booze & gift cards

Forter’s fraud data showed dramatic increases in transaction volumes in most sectors, but particularly those traditionally served by brick-and-mortar stores. Volumes rose 172% in home, furnishings, and garden; 93% in food delivery and beverage; and 119% in groceries.

Forter Fraud Index biggest fraud

Among the biggest fraud increases were flights (+144%), hotels (+139%), money services and cryptocurrency (+65%), buy online pickup in-store (+55%), and identity manipulation (+23%).

Other high fraud product categories included digital gift cards (five times more fraud attacks than normal), digital downloads such as apps and music (three times more fraud), console games (twice normal fraud attacks), and branded apparel (1.5 times the normal rate of fraud).

When it comes to groceries, baby formula is seven times more likely to be fraudulent compared to other non-risky grocery categories such as vegetables (eight times less likely) diet soda (five times less likely), and organic groceries (four times less likely).

There’s a message there! Apparently, fraudsters don’t like to eat healthily.

Forter identifies most popular alcohol fraud products

Another of the biggest category of fraudulent products is no surprise – it’s alcohol. Among the most popular booze fraud attacks are tequila (27 times the normal rate of fraud), champagne (16 times), and cognac (six times), while wine is two times less likely a fraud target.

An FBI profiler could have a lot of fun with this analysis. It seems all those fraudsters out there have a taste for baby formula, tequila, gift cards, and Nike runners. Data breaches exposing more than 4.1 billion records to fraudsters in the first six months of 2019 also haven’t helped when it comes to fraud prevention.

Fraudsters are seeing big opportunities in contactless delivery too, part of a rise in related service chargebacks. Service chargebacks from things like contactless delivery are also expected to grow. Failed parcel deliveries in the UK in 2018 alone totaled an estimated $2 billion (£1.6 billion).

Holiday season fraud surge anticipated

As retailers get ready for a hoped-for busy holiday shopping season, Forter’s research indicates that account takeover (ATO) attacks and returns and delivery fraud will surge as fraudsters seek to exploit the expected growth in online transactions.

Among the indicators of growth in holiday shopping fraud:

gift cards popular with fraudsters
  • ATO fraud will increase dramatically as fraudsters take advantage of social engineering scams and stolen data collected earlier during the pandemic; as well, an influx of new, less experienced online shoppers is likely to use weaker passwords and fewer security steps, leading to increased vulnerability to ATO fraud.
  • returns and delivery fraud will continue to increase even after the 55% increase in the first half of the year, particularly as merchants trying to offer frictionless payments and maximize sales during the busy season.
  • returns, promotion, and reseller abuse are likely to spike as merchants offer aggressive promotions and user-friendly omnichannel options.

As a result, the holiday season for many retailers and online sellers will likely be blessed with a slight increase in sales but also tempered considerably by the anticipated rise in fraud.

Fraud solutions

E-commerce fraud attacks may have decreased as a percentage of all transactions but in real terms, the number of fraud attacks has risen and represents significant losses for retailers at a critical time.

Vikrant Gandhi, Senior Industry Director at Frost & Sullivan noted: “Fraud and policy abuse issues have magnified in recent months in the global e-commerce industry. Our research indicates a rise in sophisticated fraud attempts, including promotions abuse by using synthetic identities and friendly fraud in 2020. The challenge for merchants is to deliver frictionless customer experiences without letting fraud prevention come in their way of doing so.”

Ghandi recommends merchants work closely with identity-based, integrated fraud prevention platforms that use behavioral analytics, machine learning, and big data analysis to stay ahead of fraudsters and policy abusers.

Forter Fraud Index tracks online fraud

There is more than simple reputational risk at play. Saryu Nayyar, CEO of global cybersecurity firm Gurucul points to a new KPMG poll that says nine out of 10 Canadian consumers are “leery” of sharing personal data with a company that’s been breached, and more than 80% will take their business elsewhere.

“The recent study by KPMG of Canadian users highlights a couple of important points.  First, users are becoming more aware of their risks on-line, and have largely lost faith in on-line businesses to safeguard their data.  As a result, they are becoming more careful about what they reveal and to whom,” Nayyar says.

 “It also points out that organizations will have a hard time regaining user trust once it’s lost, which means they need to be doing more to prevent these breaches in the first place.  Organizations need to carefully review their security stacks to stop intruders from getting in, and use contextual tools, such as behavioral analytics, to identify an attacker quickly when they do get it,” she adds.

Stealthbits Technologies General Manager Adam Laub also agrees companies need to be more proactive to protect consumers as well as their own business. “Just as consumers have come to the realization that the security and privacy of their data is more important than they may have initially thought, they must also understand that the protection of their data is an increasingly difficult task for most organizations.

“The movement of data across hybrid infrastructures, the lack of funding, manpower, talent, and technological sophistication, and the competitive landscape that exists in industry today are just a few significant factors in the data protection equation that organizations must wrestle with and that attackers only benefit from. It’s not hard to see the situation between consumers and businesses getting worse as consumer expectations and the difficulty in meeting those expectations increase simultaneously,” Laub says.

Forter processes over $200 billion in online commerce transactions and protects more than 800 million consumers globally from credit card fraud, account takeover, identity theft, and other online fraud. The company is backed by $100 million in capital from top-tier VCs including Sequoia, Scale, and Salesforce. You can view the Forter Fraud Attack Index report here.

Author: Douglas Hall is publisher of PaymentsNEXT and a leader in the global payments industry.