E-commerce Fraud Jumps 20% as Scammers Open New Accounts

Written by

Fraud attacks on e-commerce companies rose 20% in the second quarter of the year to reach 36 million, according to new data from security company ThreatMetrix.

The fraud screening firm’s latest ThreatMetrix Cybercrime Report, monitoring one billion transactions globally each month for its customers, showed that its Digital Identity Network had blocked a total of 75 million high risk transactions during the period, across all sectors.

Online commerce was particularly badly hit, with 36 million fraud attempts stopped. ThreatMetrix estimated the losses to online traders could have reached as high as $3 billion if the transactions were allowed to go through.

Account creation fraud was the highest risk, as nearly 7% of transactions monitored were blocked by the firm. This is despite account creation transactions accounting for just 1% of the total volume monitored.

Account log-ins were most popular (80%) source of fraud, but considerably less risky, with just 3% blocked. The same percentage of payments were stopped as fraudulent, the report claimed.

Also interesting to note is the fact that the top two countries by attack origin were the US and the UK, followed by Germany, India and the Dominican Republic.

This continues a trend observed the previous report, whereby a large percentage of attacks were aimed at targets within the same country as the fraudster.

Typically, online scammers try to hide their location and identity via proxies, and device and location spoofing, or else they “piggy back” a legitimate user’s session with malware or man-in-the-middle attacks, the report claimed.

In fact, device spoofing remains the top attack vector spotted by ThreatMetrix.

The vendor’s EMEA solutions director, Stephen Moody, told Infosecurity that fraud trends are largely driven by the “vast quantities” of identity data made available to cybercriminals following data breaches.

“Following these breaches the first thing fraudsters do is test and use the credit card information. Often these tests are targeted at online media companies and will be combined with the creation of new accounts,” he explained.

“Once the credit card data is no longer useful the identity data has a wider use. Successive data breaches across many organizations means fraudsters can now build very complete identity information on their victims. The data is rich enough for them to apply for and successfully open a bank account in the victim’s name. This is why we are seeing such a surge in account application fraud.”  

What’s hot on Infosecurity Magazine?