Report: Retailers unprepared to handle serious online fraud threats on their own
As of September 2017, data breaches were 375% higher than 2016 — and this was only based on incidents detected in the “2017 Fraud Index,” from Radial.
Combine this with the majority of retailers being EMV compliant, “and it's Christmas every day for cyber criminals. Any retailer that is trying to manage this massive and extremely complex problem alone is risking the viability of their business,” according to the study.
The following five trends can help retailers decide if managing fraud on their own is a wise decision:
• Card-Not-Present (CNP) fraud continues to rise with some market segments — but the blame does not lie solely with EMV. In 2017, fraud attacks in cosmetics soared 400% versus 2016. Apparel wasn't far behind, with more than four times the increase in attacks. This was followed by a two-time increase in the electronics, home and entertainment segments.
• Data breaches are igniting fraud attacks, with 2017 reporting the highest number of breaches since tracking began. One of 2017's worst data breaches that impacted 145.5 million U.S. consumers, started in mid-May — but wasn't discovered until the end of July. Data showed a significant uptick in fraud attacks across four market segments during this same time period, and then a corresponding decrease in attacks and a shift to other market segments when the attack was made public in September.
• Digital gift cards steadily increase in risk year-over-year (YoY). On average, there was a four-time increase in fraud attacks from Thanksgiving to Christmas, compared to 2015. Digital gift cards remain a popular target for fraudsters as they take advantage of the surge in order volumes during the holiday season to mask their criminal intent. Overall, the average YoY attack rate counts for 2016 and 2017 combined were four-times higher than 2015, and average dollar volume attack rates nearly doubled.
• Shipping and fulfillment methods carry different risk, but all areas saw an increase in attacks in 2017. Fraud attacks were 2.5 times higher for ground shipments for the first three quarters of 2017, compared to 2016. Despite this increase, ground shipment fraud carries the least financial risk. For every $211 of good orders shipped via ground there is $1 of fraud attacks. Meanwhile, same day (e.g., digital gift cards) poses the highest financial risk, as every $10 of goods ordered spurs $1 in fraud attacks. Overnight shipping remains a favorite with fraudsters —and the riskiest shipping method for retailers. For every $13, there is $1 of fraud attacks.
• Credit card bank identification number (BIN) country and IP country are red flags for fraud. However, certain geographies represent higher risk internationally across market segments. Cross-border selling can be lucrative, but understanding the risks – including geographic trends and susceptible verticals – is essential to success. Nearly 20% of e-commerce fraud in Italy's entertainment market segment was attributed to credit cards issued from that country's BIN, while nearly 30% in Dominica originated from an IP address in that country. Even more startling is the amount of e-commerce fraud for cosmetics in Venezuela – nearly 75% originates from a Venezuelan IP address.
"The Fraud Index clearly demonstrates the complexity of managing fraud in today's e-commerce landscape," stated KC Fox, VP of payments, tax and fraud at Radial. "Most retailers don't have the budget or resources, let alone the expertise to stay ahead of today's cyber fraud, which should make partnering with a third-party expert a priority in 2018."
Combine this with the majority of retailers being EMV compliant, “and it's Christmas every day for cyber criminals. Any retailer that is trying to manage this massive and extremely complex problem alone is risking the viability of their business,” according to the study.
The following five trends can help retailers decide if managing fraud on their own is a wise decision:
• Card-Not-Present (CNP) fraud continues to rise with some market segments — but the blame does not lie solely with EMV. In 2017, fraud attacks in cosmetics soared 400% versus 2016. Apparel wasn't far behind, with more than four times the increase in attacks. This was followed by a two-time increase in the electronics, home and entertainment segments.
• Data breaches are igniting fraud attacks, with 2017 reporting the highest number of breaches since tracking began. One of 2017's worst data breaches that impacted 145.5 million U.S. consumers, started in mid-May — but wasn't discovered until the end of July. Data showed a significant uptick in fraud attacks across four market segments during this same time period, and then a corresponding decrease in attacks and a shift to other market segments when the attack was made public in September.
• Digital gift cards steadily increase in risk year-over-year (YoY). On average, there was a four-time increase in fraud attacks from Thanksgiving to Christmas, compared to 2015. Digital gift cards remain a popular target for fraudsters as they take advantage of the surge in order volumes during the holiday season to mask their criminal intent. Overall, the average YoY attack rate counts for 2016 and 2017 combined were four-times higher than 2015, and average dollar volume attack rates nearly doubled.
• Shipping and fulfillment methods carry different risk, but all areas saw an increase in attacks in 2017. Fraud attacks were 2.5 times higher for ground shipments for the first three quarters of 2017, compared to 2016. Despite this increase, ground shipment fraud carries the least financial risk. For every $211 of good orders shipped via ground there is $1 of fraud attacks. Meanwhile, same day (e.g., digital gift cards) poses the highest financial risk, as every $10 of goods ordered spurs $1 in fraud attacks. Overnight shipping remains a favorite with fraudsters —and the riskiest shipping method for retailers. For every $13, there is $1 of fraud attacks.
• Credit card bank identification number (BIN) country and IP country are red flags for fraud. However, certain geographies represent higher risk internationally across market segments. Cross-border selling can be lucrative, but understanding the risks – including geographic trends and susceptible verticals – is essential to success. Nearly 20% of e-commerce fraud in Italy's entertainment market segment was attributed to credit cards issued from that country's BIN, while nearly 30% in Dominica originated from an IP address in that country. Even more startling is the amount of e-commerce fraud for cosmetics in Venezuela – nearly 75% originates from a Venezuelan IP address.
"The Fraud Index clearly demonstrates the complexity of managing fraud in today's e-commerce landscape," stated KC Fox, VP of payments, tax and fraud at Radial. "Most retailers don't have the budget or resources, let alone the expertise to stay ahead of today's cyber fraud, which should make partnering with a third-party expert a priority in 2018."