global online fraud growth 2020

By Jeff Domansky, May 13, 2021

Cybercrime is incredibly profitable for fraudsters. Experts estimate more than $1 trillion was lost globally to cybercrime in 2020, and payment abuse is a big part of the fraud picture.

According to Sift’s Q1 2021 Trust & Safety Index report, ransomware attacks rose by over 40%, and email-delivered malware attacks jumped by an estimated 600% compared to 2019. They paint a concerning picture of the state of payment fraud from their analysis of more than 34,000 websites.

State of payment fraud: Fraudulent order value +69%

global "Fraud Economy"

Sift’s Q1 report shows how the pandemic played an influential role in how payment fraud changed and scaled in 2020 in what it calls the “Fraud Economy.” The average fraudulent order value increased by 69% alone.

“As internet traffic surged last year by between 50%-70%, the amount of money spent by online shoppers nearly doubled. Fraudsters seized on climbing transaction volumes and unanticipated consumer behaviors like stockpiling, driving the average value of attempted fraudulent purchases up by 69% year-over-year,” the report says.

Which industries suffered the highest fraud rates?

Fraudsters quickly exploited new levels of uncertainty and unexpected shifts in demand in tandem with the pandemic.

Five industries saw substantial growth in fraud in 2020. Overall, attempted fraud in transportation reached 8.4%. Cryptocurrency exchanges were also hard-hit as consumers and investors looked to digital currencies for relief and protection as fraud rates hit 4.6%.

As more consumers stayed home, worked from home, and played games or gambled online, the fraud rate grew to 3.7% in this sector.

industry payment fraud rates

Looking deeper into vertical business niches showed an even deeper impact on some industries compared to 2019. For example, fraudsters exploited e-commerce by targeting loyalty programs which saw a 275% increase in fraud attempts in 2020. Lodging saw fraud rates jump 71.4% followed by marketplaces (+66.7%), neo-banks (+60%), omnichannel retail (+50%), transportation (+42.4%), digital wallets (+33.3%), online travel (+29.6%), and ticketing (+16.7%).

What’s apparent is how nimbly fraudsters exploited new users and the higher volume of users of e-commerce, new online banking, and fintech to target unwary consumers.

Average fraudulent order value rocketed

Fraudulent order values generally rose as traffic grew in niches. Cybercriminals hit gaming and gambling merchants hardest as average fraud order value grew 116.7% followed by e-commerce marketplaces (+61.3%), lodging (+49.4%), cryptocurrency exchanges (+46.6%), Q’s are/food delivery (+34.3%), remittances (+23.9%), e-commerce marketplaces such as Etsy (+20%), digital wallets (+9.9%), omnichannel retail (9.1%), and digital-first retail (+2.3%).

It’s easy to imagine fraudsters jumping at the opportunity to target consumers buying online for the first time, ordering food delivery, sending money and paying bills online, and using digital wallets for the first time—fertile ground for fraud.

Old dogs, new fraud tricks

New tools and technologies, including automation and artificial intelligence, provided huge benefits as businesses moved online to respond to pandemic pressures. They also helped cybercriminals move at lightning speed.

bots and fraudsters

“Bots, scripts, and malicious software make the grunt tasks of cybercrime simple and allow fraudsters to do more damage in less time. It’s specifically useful for accelerating card testing and credential stuffing—an easy route to pilfered profits, given that 65% of consumers repurpose usernames and passwords across multiple sites and services,” the Sift report noted.

Even charities suffered from increasing fraud. Sift researchers identified a money-laundering fraud ring called Cart Crasher targeting donation sites as online giving grew 20.7% in 2020. Using stolen credit cards, fake accounts, and automated scripts, fraudsters set up fake charity websites to request donations.

When donors provided donations at phony checkouts, fraudsters stole payments in small amounts. Even more concerning was the theft of personal financial information. With the speed of automation, cybercriminals often disappeared before the fraud was identified.

Mobile fraud a moving target

As mobile shopping grew, so did mobile fraud, showing fraudsters at their most creative. In the US, mobile shopping reached $284 billion in 2020, 45% of total e-commerce.

mobile fraudsters

Over half of payment fraud was attempted by mobile devices, and mobile fraud jumped 11% over 2019. Desktop devices were only used in one-third of payment abuse incidents, dropping 10% from 2019.

In January 2021, security researchers at Cleafy identified a new Android banking Trojan called TeaBot targeting more than 60 EU banks.

“User credentials and SMSs are often the two factors needed to gain access to user accounts in sensitive mobile applications such as banking apps. The fact that they can be relatively easily intercepted should immediately cause enterprises to add further checks on the apps and their runtime environment before accepting API transaction requests.  Specifically, authentication that the API requests come from a genuine app instance is needed and verification that the app is not running on an emulator or within a faked or compromised runtime. Only then can exploits that rely on scripts utilizing phished credentials and SMSs be prevented,” said David Stewart, CEO at mobile security solutions provider Approov.

TeaBot is just another in the long list of new mobile security threats.

“Sift’s Trust and Safety Architects recently uncovered an emerging fraud scheme taking place on the instant messaging app Telegram, where professional fraudsters are teaming up with opportunistic online criminals via chat forums to defraud delivery apps—in full view of the public,” the report said.

I guess the message is beware of your next mobile payment for that pepperoni pizza delivery.

Biggest fraud payment types in 2020

Fraudsters’ favorite purchases with stolen funds included videogame currency, cryptocurrency, website credits, food and alcohol, event or tour tickets, and gift cards. Many consumers were new to these digital payment types, and the sheer growth in overall volume provided ample opportunities for fraud.

biggest fraud purchases

In Sift’s review of 34,000 sites it protects, the highest value of attempted fraudulent purchases included expensive watches, cryptocurrency, event tickets, political donations, flights and hotels, and gift cards.

According to Sift, the “fraudiest payment types” were gift cards, store credits, cryptocurrencies, in-app purchases, and credit cards. Hardly surprising, given the ease with which cybercriminals can exploit these virtual payments.

Solutions – they’re out there

Fraud solutions are available, evident in the $18.24 billion spent on fraud security in 2020 and expected to grow to $40.8 billion by 2026.

As e-commerce continues to scale globally, we can expect further growth in the theft of online credentials, credit cards, and user-generated content. But fraud prevention teams and risk managers need a broader understanding of the vectors beyond those of stolen payment information alone.

Sift Fraud Economy report

The Sift report puts the Fraud Economy in perfect perspective: “Without an advanced, end-to-end solution that successfully identifies and stops all types of abuse, trust, and safety, analysts will forever be left to face an enemy they don’t fully understand or know how to fight.”

Sift’s Q1 2021 Trust & Safety Index adds valuable insight to the growing problem of the Fraud Economy and potential solutions. You can download the report free here.

Data and fraud graphics provided courtesy of Sift

Recent PaymentsNEXT coverage of cybercrime:

Critical pandemic lessons in mobile payment fraud prevention
Stunning Rise of CNP Fraud and How Merchants Can Fight Back
US identity theft jumps as e-commerce grow
s