Account Takeover and the Changing Face of Fraud

Among the many things required for an ecommerce leader to be successful, is the ability to keep tabs on the rapid changes in the industry — consumer habits, merchandising practices, cultural trends, global economics, technological innovations.

And fraud.

We can all stipulate that as long as there is money to be made by getting something for free and selling it for a profit, online fraud will be with us. But the nature of fraud is changing, constantly.

Signifyd Director of Merchant Advocacy Sourabh Kothari took a gathering at the annual IRCE conference through the current state of fraud and the “mega-threats” that emerged in Signifyd’s 2018 Ecommerce Fraud Index. Kothari kicked off his presentation, “The eCommerce Fraud Index and How You Compare to Peers In Your Industry,”with a sobering bit of context.

IRCE 2018 Magento Straight Talk: The Ecommerce Fraud Index and How You Compare to Peers in Your Industry from Mike Cassidy

Online commerce is growing rapidly, reason for celebration among those who do business online. But there is a downside to the growth. As online sales rise, so too do the opportunities for fraud. The twist, however, is that ecommerce sales show growth before the corresponding growth in the fraud attacks that eat into retailers’ margins.

So the good news, a 16 percent increase in online commerce in 2017, is also the bad news. A wave of fraud is still on its way, Kothari explained.

“When there is a ton of new ecommerce activity, believe it or not, fraudsters take some time to catch up,” Kothari said. Like any organized enterprise, the fraud rings need time to adjust to the new reality.

“Poor fraudsters, right?” Kothari joked. “Just trying to keep up.”

But fraudsters adjust not just to volume, but also to methods that retailers turn to to thwart them. When one vulnerability is secured to the point that it is too much trouble, or too expensive, to exploit, fraudsters move on to the next weakness. That, in part, explains the most prominent mega-trend that the Ecommerce Fraud index uncovered.

The index, which covered eight retail verticals over eight financial quarters, found that account takeover fraud increased 80 percent between 2016 and 2017. Kothari explained that fraudsters are able to engage in account takeover fraud when they obtain a consumer’s log on information, through nefarious means, such as phishing or buying the information on the Dark Web.

The log on credentials open up vast possibilities for a fraudster, Kothari explained, because unfortunately many consumers use the same usernames and passwords for multiple sites across the web. (We’re looking at you, password123.)

Account takeover fraud is in some ways more pernicious than the more common “stolen financials” form of fraud.

First, consider stolen financials fraud: A fraudster orders goods, using someone else’s credit card number. The legitimate cardholder eventually sees the unauthorized charge on his or her credit card statement, contacts the bank and initiates the chargeback process. That leaves the merchant to fight the chargeback, but it also leaves the merchant informed that something is up.

With account takeover, fraudsters take control of the unsuspecting consumer’s account to do a little shopping for goods they know they can resell.”

Then they have the goods shipped to a new address. Or they reroute the order to a new address as soon as it’s approved and the merchant is none the wiser.

“The problem for the merchant is, there wasn’t a new account created,” Kothari said. Add to that, that a skilled fraudster would take steps to ensure that no new IP address appears.

“Everything could look perfectly legit,” Kothari continued. “This is extremely lucrative for fraudsters. This is working much better than stolen financials.”

This spike in account takeover was happening at a time when online fraud in general was also growing. The fraud index found fraud losses increased by 7 percent, to 4.09 percent, during the two-year period. For purposes of the study, fraud losses are defined as the sum of the number of orders declined due to suspicion of fraud and the number of fraud chargebacks received from approved orders. The figure is presented as a percentage of all orders received.

It’s clear from the trends in the Ecommerce Fraud Index that online fraud isn’t going anywhere anytime soon. It’s just that the nature of the fraud is likely to change constantly, as the cat-and-mouse game plays on between those set on committing fraud and those set on protecting merchants from it.

Photo by iStock

Contact Mike Cassidy at mike.cassidy@signifyd.com; follow him on Twitter at @mikecassidy.

 

 

Mike Cassidy

Mike is lead storyteller at Signifyd. A former journalist and a retail geek, he covers ecommerce and the way technology is transforming digital commerce. Contact him at mike.cassidy@signifyd.com; follow him on Twitter at @mikecassidy.

Related Posts
-

Subscribe To The Newsletter

Popular Posts
-