“I’m not surprised it’s happening.”
That’s the reaction from Michael Reitblat, the CEO of next-gen fraud prevention company, Forter, when presented with the latest stats on global online fraud attacks.
Reitblat said that the escalation of fraud attacks, now up 215 percent year over year, were anticipated almost a year in advance on their side. Or, as he phrased it in a recent digital discussion with a packed online audience of interested participants and Karen Webster on the topic: “It never hits you all at once.”
Reitblat and his team anticipated what’s now our reality by monitoring the places on the dark web where fraudsters communicate with each other and perfect their plans. There, sometimes posing as bad guys themselves, they become part of conversations about how to defraud merchants online. Reitblat’s team, which includes top cybersecurity talent from the Israeli military, then develops keen insight on what he calls “cybercrime as a service.” Bad guys, Reitblat says, are getting access to a very large number of servers, mobile devices … and in a very rapid, automated rate to commit fraud.”
But what did surprise Reitblat and Forter’s fraud fighting team was the alarming rate at which fraud was occurring across multiple channels and sectors.
“Thousands of devices – bots – are now attacking thousands of merchants at a certain time and successfully committing fraud. Since these bots are offered as a service to [the fraudsters], it’s now becoming way easier for them to commit online fraud than before because of EMV migration,” Reitblat added.
Bots now account for 83 percent of all global fraud attacks.
While Forter anticipated that fraud would shift online — and online fraud rates would jump post the U.S. EMV migration, given the experiences in other markets that had already adopted EMV, the availability of turnkey fraud solutions make it easier to commit fraud, and therefore is attracting more and more to the fraudster underground world operating on the dark web.
“If you’re a fraudster today you basically don’t have to do anything. It’s like marketing automation from that perspective,” Reitblat said. “If I’m a fraudster and I want to get into this business, it’s never been easier.”
The Fraudsters Are Getting Smarter – And Bolder
Fraudsters are also finding new, creative ways to automate the reselling of their goods in one place by setting up their own eCommerce sites using basic platforms, which is making cracking the fraud equation even more complicated.
“Fraudsters are moving online, fraudsters are automating. Fraudsters are boosting their bottom line at the expense of yours.”
Perhaps the most interesting observation about fraudsters is fraudsters aren’t hiding in the shadows. In fact, they are doing quite the opposite.
“A lot of time we see them talking about what they are going to do. [Fraudsters] are fighting for their bragging rights. Fraudsters want to commit something for the first time and tell everyone.”
Staying Ahead Of The Fraud Curve
This particular subject is the impetus behind the Global Fraud Attack Index, a collaboration between PYMNTS and Forter to measure the rate of fraud attempts on U.S. online merchants and how that changes over time – and the subject of the digital discussion between Reitblat and Webster.
This Index, which is released quarterly, examines the types, sources and geography of fraud attacks. Moreover, it quantifies the potential cost to merchants, left unchecked, of these attempts based on attack amounts and how these amounts are trending over time, which is now approaching $5 for every $100 of sales now.
“We study tactics every quarter to see tricks and tools fraudsters are using and how that’s changing over time and what that could cost merchants if, in fact, they are successful,” Reitblat said.
The key findings of this latest Index report show:
- Fraud attacks in the U.S. are up 11 percent since the liability shift in October 2015.
- Digital goods retailers have been hit hardest — the industry has seen a more than 300-percent increase in fraud attacks since the liability shift.
- More and more fraudsters are utilizing botnets. 83 percent of fraud attacks now deploy the networks of infected computers.
- The dollars at risk per $100 of sales has also increased 150 percent: Up from $1.89 in Q1 2015 to $4.79 in Q1 in 2016.
- Total fraud across all categories (digital goods, luxury goods, clothing, electronics, food and beverage) has increased 215 percent. There were 27 attacks per 1,000 transactions in Q4 2015.
- Attack rates more than tripled between Q1 2015 and Q4 2015.
- Attack rates more than quadrupled for digital goods between Q1 and Q4.
The Other Liability Shift That Favors Merchants
As Reitblat told Webster and the audience, “We can only be surprised once,” a nod to Forter’s business model which has Forter authorizing the transaction for the merchant. If there’s a problem, the merchant bears no fraud risk.
Reitblat said that approach lets merchants do what they do well – run their business and sell stuff – and Forter do what it does well: outsmart the bad guys at their own game and beat fraud. That means that part of Forter’s learning is taking some risks that merchants might not be comfortable taking in authorizing transactions or, worse, being too conservative and denying transactions for good customers.
Forter’s model also means that when merchants ask Reitblat for advice, he often responds with more of a “don’t worry, be happy” mantra. He doesn’t mean that merchants should stop being vigilant or be ill-prepared to fight fraud with the tools available to them, which from Forter’s approach means to shift that burden away from the merchant entirely to Forter.
“Online fraud has been evolving for 25 years, just as fraud has been evolving forever. Things constantly change; it’s our job to constantly change with them,” Reitblat said.
Making merchants an offer that he hopes they can’t refuse.
The Global Fraud Attack IndexTM measures the rate of fraud attempts on U.S. online merchants and how that changes over time, and takes a closer look at the types, sources and geography of fraud attacks. To read the most recent Index, click here.