Fraud Attack Index Shows Nearly 80% Increase for Domestic Holiday Attacks

Press Release

March 01, 2017

Analysis of fraud ecosystem shows a 131% spike in account takeover for online payments accounts

Seattle, WA - Forter, the first fraud prevention technology to offer a real-time Decision as a Service™ solution for online merchants, published today in conjunction with the Merchant Risk Council (MRC) their findings from the 2017 Fraud Attack Index. Reflecting an analysis of the period from January 2016 to December 2016 and comparing it to the corresponding period in 2015, the 2017 Fraud Attack Index comprehensively detailed the rate at which online fraud attacks increased throughout traditional retail verticals and provided an in-depth look at the reasons behind the changes over 2016. A key finding of Forter's analysis was the 79% increase in risk of fraud for domestic holiday orders when comparing Q4 2015 to Q4 2016.

Following the October 2015 adoption of EMV (microchip cards) in the United States, Forter's fraud research team was not surprised to have observed a rise in the amount of domestic online fraud attacks. Since domestic US fraudsters were most adversely affected by not being able to copy physical cards as easily, it makes sense that these criminals have shifted online, boosting domestic CNP (card not present) fraud.

Interestingly, in contrast to this domestic fraud attack growth, the international fraud attack rate decreased by 13% as compared to 2015 -- a surprise since international orders are well known to carry higher risk. Forter's researchers attribute this decrease to a growth in genuine international orders rather than a decrease in fraud, however, and this may parallel the increasing value many merchants are seeing in the international market. The value of international orders explains the willingness to take a risk which is still not negligible -- despite the 13% decrease, international orders were found to be 62.4% riskier than domestic ones in 2016.

An additional trend was noted in the world of Account Takeover (aka ATO). Fraudsters have shifted from "Merchant ATO" (i.e. breaking into accounts on the merchant's website, in order to pass as returning customers) to "online payment ATO" (i.e. breaking into accounts of online payment services, such as PayPal, Apple Pay, Amazon Payments, etc.). For this reason, "Merchant ATO", which had shot up during 2015, decreased during 2016. However, this was a shift rather than a true decrease: The 2017 Fraud Attack Index shows a 131% uptick in the attempts of Account Takeover against online payments accounts.

"The most notable growth in fraud attack rate is within the apparel industry. Comparing the rate in Q4 2016 to that of Q4 2015 shows a significant increase of 69%," said Michael Reitblat, CEO of Forter. "This may be related to the new fraudsters who've joined the online criminal community following EMV adoption in the US and are perhaps sticking to a vertical they understand. It may also reflect the increased comfort of genuine shoppers with the idea of buying fashion items online and returning as necessary."

Additionally, examining the breakdown between industries, Forter's data team compiled these statistics on the frequency of fraud attacks within the following key retail verticals:
  • Apparel - 69.9% increase
  • Luxury - 8.4% decrease
  • Digital Goods - 22.6% decrease
  • Electronics - 1.8% decrease
  • Travel & Hospitality - 33% decrease
  • Food and Beverages - 49.8% increase
2016 saw a steady rise in online fraud attack rates, which increased 8.9% overall over the course of the year. The frightening "tsunami" of fraud attempts that many merchants experienced at the end of 2015 was not repeated, but the moderate rate of increase was sustained -- and since this increase added to the spike of 2015, it is safe to say that the risk of fraud is still a serious concern for online retailers today.

Forter will be at MRC London 2017, April 24-26, discussing the results of the 2017 Fraud Attack Index. The MRC European Conference is the most dynamic European event for fraud, risk, cybersecurity and payments professionals. With an attendance of over 500 leading eCommerce experts from 20 countries, the European Conference is consistently voted better than any other industry event. Attend MRC London to hear from keynote and Rogue Trader responsible for the biggest financial scandal, Nick Leeson.