Upward and onward seems like a hopeful phrase, doesn’t it? Unless it’s fraud you are talking about.
At the end of 2014, the average U.S. household held five mobile devices, while, at the start of 2016, that number has increased to about 13. Tech is a wonderful thing, when used for the forces of good and for quality of life. But alongside that iPad your 10-year-old daughter needed, the rate of online fraud attacks on retailers has doubled, up 137 percent year over year in the first quarter of this year.
In a webinar delving into the whys and the whats behind that meaningful acceleration, Michael Reitblat, CEO of Forter, spoke with PYMNTS’ Karen Webster in a deep dive into the PYMNTS/Forter Global Fraud Attack Index. The data is sobering.
First, the biggest headline stats. There were 34 fraud attacks for every 1,000 transactions in the first quarter of 2016, compared to a level of 15 attacks almost a year ago in the second quarter of 2015. In addition, according to the index, the attack rates are growing across sequential quarters, up 27 percent between the first quarter of 2016 and the fourth quarter of last year, said Reitblat.
“Fraudsters never take a holiday,” noted Webster.
How about a dollar amount to put things in perspective? Fraud attempts show that $7.30 of every $100 of sales are at risk. Drilling down a bit, $10.80 of every $100 in digital sales remains at risk. Simply put, said Reitblat, “we see more fraud attempts happening, and we see them for larger dollar amounts.” And, speaking specifically about digital transactions, Reitblat noted that these are “easier to monetize from a fraudster’s perspective.” These retailers are already operating on relatively thin margins, said Webster.
The massive spike in the cost of fraud has its roots in several factors — among them, noted Reitblat, last year’s shift in the U.S. to EMV.
Fraudsters have shifted attention to the path of least resistance in their efforts to make money. “You have to understand,” he told Webster, “that these fraudsters are professionals … This is how they make their living … and they are flexible … We started to see the migration with more people joining the fraudster community, if you want to call it that, from mid-year last year,” all the while educating themselves about EMV and how to work around that protective wall.
One obvious point of opportunity has been that a significant amount of vendors still accept transactions involving card swiping. And as always, technology is flexible, and with the continued evolution of automation, so too has fraud become automated in a fashion, with increasing adoption of botnets and the targeting of consumers’ passwords to help fraud attempts.
The increase in the attack rate “will grow through the next year as well,” said Reitblat. As to where they are happening, Europe is a standout, with a “more sophisticated fraudster” with a higher relative level of education and tough economic climate — all which help lift fraud attempts “as they are not afraid of the FBI knocking on their door.”
There were barely significant domestic fraud attempts across online channels before a year ago in the U.S., noted Reitblat. Yet, with EMV, they have gone online, said the Forter executive, even as law enforcement has not kept pace. It becomes harder to track and combat the relatively small (in stolen value), but voluminous rates of transaction fraud attempts have hit online retailers. By type of goods, not surprisingly, digital stands out as a whopping 76 percent of transactions (again, lower on a dollar perspective), with clothing and footwear trailing at 13 percent.
With a nod toward the methods of the fraud attacks, Reitblat noted that fraudsters use several methods concurrently, with account takeovers, botnets and location manipulation among the most often employed conduits. But now, botnets are a whopping 79 percent in the latest quarter alone, having grown at a velocity of triple-digit percentages through the past year.
Diving deep into account takeovers, the lure of the availability of information that is on web has brought that method to the forefront of fraud beyond the U.S. and Europe. More information is available on an account-by-account basis (and can lead to stolen data tied to those accounts), said Reitblat, with faster payments as a selling point.
Upon being asked by Webster if merchants were aware of the trends and even the extent of fraud and attempted fraud under the microscope of their own business practices, Reitblat said that his firm has talked to retailers who felt fraud combat was under control as recently as a year ago “but now realize that fraud losses are up.”
Best practices may not be working anymore for those merchants, contended Reitblat, and matching IP and shipping address distances may not work (with more international transactions).
“Merchants have to find a way to share information with each other” when it comes to fraud, said Reitblat, who added that, on a case-by-case basis, fraud may not hit an individual retailer for a lot of money, but cumulatively, the impact is great.
Fortunately, he added, with the emergence of Software-as-a-Service, “you can leverage someone else’s massive investment in technology and the cloud [to combat fraud], and you as the retailer can focus on what you need to do.”