Ecommerce fraud losses increased by 7 percent in 2017, according to a sweeping Signifyd study across retail verticals that shows fraudsters remain relentlessly determined to adjust to the barriers retailers erect.
And while 7 percent is a significant number, the Signifyd data tells a much richer story of what retail verticals have been hardest hit by fraudsters and fraud rings. In fact, Signifyd’s “Ecommerce Fraud Index” offers a rare look at eight financial quarters of fraud data in eight retail industries, spanning apparel; consumer electronics; cosmetics and perfumes; furniture, appliance and home improvement; jewelry and watches; department stores; health, leisure and hobbies and alcohol, tobacco and cannabis.
In a year that was known for data breaches — including the Equifax breach, which exposed the personal information of 148 million Americans — there are signs that fraudsters have been feasting on a new trove of identity and account information. In looking at the key categories of fraud — stolen financials, account takeover and friendly fraud, Signifyd found that account takeover fraud saw the largest increase, with losses growing 80 percent during the period studied.
“Fraudsters obtain login credentials with social engineering, by hacking databases or by simply buying them on the Dark Web,” the fraud index says. “As the data shows for every industry we’ve analyzed, the massive amounts of personal data that have been hacked over the past few years have finally come back to haunt ecommerce merchants through rising account takeover fraud losses.”
The reality is that account takeover fraud is a growing part of the fraud landscape. Account takeover losses increased to .45 percent in 2017, up from .25 percent in 2016. The increased use of the method by fraudsters is cause for attention, if not alarm. And certain retail sectors are seeing increases in account takeover that go well beyond the overall average.
Account takeover fraud losses for online department stores increased by 285 percent during the period studied, reaching a rate of .23 percent and representing 10 percent of the sector’s total fraud losses. Cosmetics and perfumes were not far behind, increasing by 271 percent, for a rate of .96 percent, which represented 19 percent of the vertical’s total fraud losses. Jewelry and watch merchants had a slightly less eye-popping figure, but still a three-digit one, as account takeover fraud increased 194 percent, reaching 1.24 percent in 2017.
Signifyd relied on transaction data from more than 5,000 merchants* and on ecommerce sales data to determine the fraud rates by industry. The rate is based on attempted fraud — both successful and stymied efforts. The period studies 2016 and 2017. The report, which analyzes 2016 and 2017, provides retailers with a way to benchmark their own fraud practices while raising red flags concerning particular kinds of fraud and fraud in particular industries.
The report noted a relatively wide variance of fraud rates and changes in fraud rates, depending on the particular vertical. The beauty industry, for instance, saw the largest increase in total fraud rates, with an increase of 102 percent during the two-year period. Department stores saw a 48 percent increase and jewelry and luxury watch merchants experienced a 30 percent increase.
And while those numbers are telling, there are several ways to define and analyze the state of fraud in any given industry. Consider, for instance, that the big boost in cosmetics and perfume’s fraud rate, raised its total rate to 5.1 percent. And while that is troublesome, jewelry and luxury watches’ much smaller increase, left the vertical with a total fraud rate of 13.56 percent. Consumer electronics, meanwhile, saw account takeover fraud increase by 101 percent, contributing to a 10 percent increase in total fraud.
Interestingly enough, consumer electronics saw a 21 percent increase in total fraud year-over-year during the holiday season — possibly a reflection of the difficulty in handling the huge spike in orders and the odd order characteristics that sometimes come with gift purchases.
The index also drew several conclusions based on the data and discussions with merchants. Among them:
- Merchants are rejecting legitimate orders based on geographical biases. Over time, fraud teams can develop a sense that certain neighborhoods, zip codes, cities or whole regions “don’t feel right” when it comes to shipping orders, the index says, contributing to the costly problem of false positives.
- Larger merchants are honing their fraud protection schemes faster than smaller merchants. Larger players often attract more experienced fraud professionals and they have the resources to layer different types of fraud protection systems on top of each other, including machine learning and liability shifting solutions.
- Popular products can be particularly vulnerable to fraud attacks. Flash sales and limited-edition releases of products bring attention to goods that will undoubtedly be of high value on secondary markets, a plus for fraudsters. Flash sales in themselves also lead to a situation where an incredibly high volume of orders arrive in an incredibly short period of time, making it more difficult for fraud teams to sort the good from the bad.
The “Ecommerce Fraud Index” leaves no doubt that avoiding online fraud is not getting any easier.
“Fraudsters have evolved from individual criminals to international syndicates operating with advanced technologies and disciplined organization,” the report says in its introduction.
And the report makes clear that as devastating as the financial loss from a fraud attack can be, such attacks often do damage beyond the financial, leaving merchants, particularly fledgling merchants, disheartened and discouraged. The “Ecommerce Fraud Index” is a first step in turning that disappointment around. It’s a way to define the problem and begin a discussion about what more to do about it.
Contact Mike Cassidy at firstname.lastname@example.org; follow him on Twitter at @mikecassidy.
* Signifyd now has data from over 10,000 merchants.