Online Retailers Brace for #COVID19 Fraud Surge

Most UK retailers are expecting a surge in online fraud due to the current COVID-19 pandemic, with many customers having already experienced account takeover (ATO) attacks, according to Riskified.

The fraud-screening firm polled 1000 consumers and over 120 e-commerce professionals to better understand their challenges during the current crisis.

It found that a fifth (20%) of customers have suffered an account takeover attack over the past year. This is often done via phishing or credential stuffing, where reused logins are tried over numerous accounts and sites simultaneously by fraudsters.

Once inside, they could steal personal information and card details stored in the account, use it to fraudulently pay for goods, or sell access to the account on the dark web.

Despite the significant numbers of customers already affected, and the fact that 52% of retailers think fraud will increase during the pandemic, over a quarter (26%) admitted to having no measures in place to tackle ATO.

This is a concern, not just because of the extra fraud losses it could incur but also in terms of the long-term customer relationships. More than half (51%) of respondents said they’d stop shopping with a retailer if they suffered ATO and a similar number claimed they’d delete their account. Over a third (37%) would go to a competitor.

Part of the problem is that detecting ATO is difficult because the attacker effectively looks like a legitimate customer. This might account for the fact that just 4% of consumers that suffered ATO learned their accounts were compromised from the retailer.

Riskified warned that mandating two-factor authentication or long-and-strong passwords for improved account security would cause extra friction that may put shoppers off.

Instead, retailers need systems that can check for things like device and network details, proxy usage and previous logins as well as subsequent purchasing behavior, it said.

UK e-commerce fraud losses on cards are said to have topped £359 million last year, but fraud often rises during recessions.

What’s Hot on Infosecurity Magazine?