E-commerce scammers branch out

  • For more content like this, from the industry leader in global payments coverage, please visit PaymentsSource.com.

When consumers turned to online shopping as pandemic lockdowns took hold, fraudsters tagged along in a big way.

Scammers did their most damage in the fourth quarter of 2020, delivering increases in credential stuffing, account takeover and gift card fraud, all of which are likely to be top attack vectors in 2021, according to fraud prevention provider and researcher Arkose Labs.

There were 2.1 billion attacks in the fourth quarter for an average attack rate of 30%, a slight boost over the 25% Arkose Labs' network reported in the third quarter.

For 2020, Arkose Labs cited 4.9 billion total attacks detected and 14.8 billion transactions moving through its network for a 23% attack rate.

The fraud from Black Friday until the end of the year not only increased, but took hold in industries not typically associated with holiday shopping such as social media, online dating and financial services, Arkose stated in its first quarter 2021 report.

“2021 remains full of unknowns, however what’s certain is the frequency and severity of fraud will never return to pre-pandemic levels,” said Vanita Pandey, vice president of marketing and strategy at Arkose Labs. “With digital channels serving as an invaluable lifeline for much of the world, the Arkose Labs network saw four times as many transactions compared to the year prior."

The increased activity created "an ideal breeding ground for attacks" as fraudsters worked to blend in with trusted users, which rendered typical models of good versus bad user behavior obsolete, Pandey added.

The Arkose Labs fraud abuse report is based on actual user sessions and attack patterns analyzed through the company's fraud and abuse prevention platform from October through December of 2020. The sessions analyzed in real time included payments from financial services, e-commerce, travel, social media, gaming and entertainment.

Electronic gift card fraud was rampant during the holiday season, delivering quick money to fraudsters while also making it difficult to track the criminals. Fraudsters used botnets to brute force attacks on gift card websites by testing thousands of card number and PIN combinations per minute. Bots and sweatshops were also used continually to check card balances and redeem them.

Credential stuffing attacks more than doubled in the fourth quarter compared to the third, and increased by nearly 90% compared to the first quarter of 2020, the report noted.

North America experienced a significant increase in fraud attacks, especially in the U.S., which is experiencing severe unemployment because of COVID-19 lockdowns.

Bots drove the continent's attack rate of 24.2%, with just 3.5% of attacks originating from humans. One in five social media transactions were an attack, and 17.5% of retail transactions were attacks, the report noted.

Asia returned to the forefront of scams, accounting for 50% of all attacks, with top attacking countries including Vietnam, India, Indonesia, Thailand and the Philippines.

Fifty-two percent of all European Union-based attacks originated from Russia, however "non-typical fraud nations" like the Netherlands, Germany, Ukraine and Turkey joined in, the report stated.

“Looking ahead, we can expect to see high levels of credential stuffing continue as fraudsters test stolen credentials to repeatedly launch account takeover attacks," Pandey said.

"As more consumers engage with digital commerce, companies will offer more promotions to remain competitive, which in turn will lead to fraudsters opening even more new accounts at scale in order to take advantage of these promotional efforts," she added.

This article originally appeared in PaymentsSource.
For reprint and licensing requests for this article, click here.
Fraud detection Online payments
MORE FROM AMERICAN BANKER