Sift has published its Q1 2021 Digital Trust & Safety Index, which shows a complex, interconnected multi-billion dollar Fraud Economy of known vectors and emerging threats. According to the report’s results, the value of fraudulent purchase attempts increased by 69%. How does this look, compared with the results from previous reports?
Indeed, Sift found that the average fraudulent order increased by 69% – from USD 1,212 in 2019 to USD 2,049 in 2020. Specifically, we continue to see criminals going for ‘home runs’ by attempting individual purchases of high value items such as USD 5 million in high end watches and nearly USD 500K in cryptocurrency.
Could you please describe the new fraud techniques that Sift discovered throughout 2020?
Sift identified a money-laundering fraud ring targeting donation sites. Using stolen credit cards, fabricated accounts, and automated scripts, the fraudsters repeatedly attempted to funnel small amounts of money using guest checkout, ‘donating’ tens of thousands of dollars to their own fake causes.
This particular fraud ring showed a high level of sophistication in their tactics – not just in using scripts but in targeting guest checkout, which by its nature requires fewer form fields for the user, and thus an attractive way for fraudsters to try to ‘slip through the cracks’.
How have these emerging threats been developed? Is this the result of a more vulnerable environment?
There are several factors at play here. First, there is a thriving and growing fraud economy out there where criminals will meet up on forums like Telegram and the dark web to exchange information, user credentials, and techniques that can be used to exploit businesses. Second, technology has reached a point where these criminals can spin up multiple automated attacks to quickly attack a business and move on to the next victim within minutes at scale like a virtual version of the ‘smash and grab’ technique used by criminals who break into cars.
What commerce verticals and payment types were targeted and impacted by fraudsters in 2020 and why?
Attempted fraud ballooned across Sift’s data network, driving year-over-year fraud rates wildly high in some industries. Loyalty merchants, who help businesses engage their customers, saw fraud rates jump by 275% as compared to 2019.
Four types of businesses were hit particularly hard by the burgeoning Fraud Economy: lodging merchants (+71% increase in YOY fraud rate), omnichannel retailers (+50% increase in YOY fraud rate), digital wallets (+33% increase in YOY fraud rate), and professional marketplace (+67% increase in YOY fraud rate). Each of these types of businesses saw fraud rates and fraudulent order values rise considerably between 2019 and 2020 – a problem compounded by the pandemic-era market fluctuations. I credit these higher value attacks and ballooning fraud rates to the challenges faced by ecommerce businesses under COVID-19 restrictions: too many people cooped up at home, wildly changing consumer behaviour, dormant user accounts, and fraudsters watching from the wings, ready to take advantage.
Were virtual currencies and cryptocurrencies fraudulently exploited more than in the past? If so, should the industry keep a closer eye on non-fiat currencies use in 2021 more than ever before?
Cryptocurrency (just behind video game currency) was the second most popular item purchased with stolen user information in 2020. Legitimate gaming and crypto traffic surged during the pandemic – but despite that fraud rates still rose. I believe this was the by-product of fraudsters banking on risk teams being too overwhelmed by surging traffic to catch them all.
Looking into 2021 and beyond, how can we change the reality presented in the report?
Cybercriminals have demonstrated that they can and will apply sophisticated strategies and adopt cutting-edge technology to execute the most profitable attacks possible against online merchants. In order to turn the tide as an industry, it is going to take more sophisticated technology acting in real time to shift us from a reactive position to a more proactive one. This will also require fraud fighters to form coalitions and networks across companies in order to keep bad actors at bay.
About Kevin Lee
Kevin Lee is a Trust and Safety Architect at Sift who helps customers implement strategies that cross-functionally align risk and revenue programmes. Prior to Sift, he has spent the last 14+ years leading various risk, chargeback, spam/scams, and trust and safety organisations at Facebook, Square, and Google.
About Sift
Sift is the leader in Digital Trust & Safety, empowering digital disruptors to Fortune 500 companies to unlock new revenue without risk. Sift dynamically prevents fraud and abuse through industry-leading technology and expertise, an unrivalled global data network of 35 billion events per month, and a commitment to long-term customer partnerships.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now