Online retailers that have tightened up lax returns policies have been instrumental in driving fraud in this area down 90 percent, according to the sixth annual Fraud Attack Index from Forter, a company specializing in e-commerce fraud prevention tools.
Major retailers including Amazon, L.L. Bean and Nordstrom have finetuned their procedures for returns, which Forter credits for bringing down the attack rate on this front. Because it’s no longer so simple to “game the system,” cyberfraudsters look for easy opportunities elsewhere.
In its survey of the fraud attack landscape, Forter found that bad actors are abandoning some approaches like returns abuse while ratcheting up their efforts in other areas. Policy abuse saw the largest jump, up 170 percent in 2018 from the prior year. This method of attack involves overuse of coupon and discount codes that siphon profits from a company and “result in the contamination of a brand’s customer ecosystem,” Forter noted. Preoccupied with costlier transactional fraud, retailers tend to overlook policy abuse, the company added.
Miscreants also are banding together to wage their attacks rather than going it alone. Incidents perpetuated by fraud rings rose 26 percent from 2017, Forter said. This “strength in numbers” approach enables the ring to home in on each touchpoint on the customer path to purchase and leverage the right specialist to exploit the most vulnerable moment. “They are able to leverage bots in order to scale their attacks so they can both tailor their methods and strike at a higher frequency, wreaking havoc on e-commerce merchants,” added Forter.
Account takeovers climbed 45 percent in 2018, particularly troubling because the way that some actors perpetrate this fraud can escape notice by a merchant’s surveillance systems. In fact, cyberfraudsters taking over a customer’s account often pursue the least risky opportunities, purchasing goods using that person’s stored up loyalty or rewards points, which someone typically doesn’t monitor with the same frequency and scrutiny as they would a credit card or bank statement. Their other popular targets? Gift cards, rebates and store credit saved in the account, Forter said.
Forter uncovered a 47 percent increase in attacks on apparel and accessories e-commerce sites. Attacks on apparel sites remain high, the company said, because large bulk purchases don’t typically attract attention as they would in other industries. It’s not uncommon for legitimate consumers to buy for a team or other large group.
Limited-edition drops of highly coveted product are a growing target for those committing fraud online, who often employ automated bots to repeat the same action over and over again in efforts to thwart real people hoping to get their hands on exclusive items. However, Forter noted, given the highly competitive landscape for small-batch releases, even diehard sneakerheads are willing to leverage bots to ensure they don’t miss out on a hot new shoe.
Forter encouraged online retailers to remain vigilant as the threat landscape evolves.
“Retailers and fraud prevention professionals will have to adopt a more nuanced understanding and holistic view of their customers’ shopping experience to understand how to protect them from end to end,” Forter said.