The Q1 2020 Digital Trust & Safety Index report released by Sift out this week, revealed that the average value of fraudulent purchase attempts increased 69% in 2020.
Sift also saw several business categories hit by both major increases in attempted fraud rates and increases in the value of those fraudulent purchases, with Lodging Merchants, Omnichannel Retailers, Digital Wallets, and Professional Marketplace companies becoming targets for online theft amid the COVID-19 pandemic.
Sift’s Data Science team also uncovered a sophisticated fraud ring, dubbed Cart Crasher by Sift, that leveraged guest checkout options on donation sites to attempt to launder stolen payment information. The group employed automated scripts to launch thousands of attacks on these sites through guest checkout options, which allow buyers to forgo the account creation process and only require a user’s email address before the user enters their payment information. The group’s innovative tactics demonstrate the ever-evolving nature of the Fraud Economy—a network of active cybercriminals with access to everything they need to exploit online businesses.
Specifically, Cart Crasher’s scheme, which was shut down across Sift’s global network, operated as follows:
Fraudsters set up recipient accounts on donation sites
Fraudsters create and post fake causes with which to receive donations
Fraudsters use stolen credit cards and fake usernames/emails in guest checkout by the thousands (via automated scripts) to donate funds to their own fabricated causes
“Donations” are made in increments of approximately $5, allowing Cart Crasher to test stolen payment accounts to determine if they’re valid for use elsewhere—and paying themselves in the process
Characteristics of Cyber-crooks
The Q1 2021 Digital Trust & Safety Index also found that while credit card transactions make up the majority of e-commerce payments, the “fraudiest” payment methods were digitally native ones: online gift cards, store credit, cryptocurrencies, and in-app purchases. Similarly, the three most popular items sought by fraudsters across Sift’s global network were all digital goods: video game virtual currency, cryptocurrency, and site credits.
Other findings in the report include:
Taking Their Time: While fraudsters mainly focused on digital goods in 2020, the most expensive item they attempted to purchase on Sift’s network was a $5 million watch.
An Increasingly Mobile Enterprise: Bad actors continued to migrate away from desktop and laptop computers, with 62% of attempted payment fraud attacks coming from mobile devices in 2020—up from 51% in 2019.
Targeting Impacted Industries: Volatile event volumes in different industries ushered in new attack strategies. Transportation took the brunt of the abuse in 2020 with an 8.4% overall attempted fraud rate, while crypto exchanges and gaming/gambling followed with fraud rates at 4.6% and 3.7% respectively.
Fighting Back Against the Fraud Economy
“Amid the COVID-19 pandemic, we saw a decade’s worth of e-commerce growth condensed into a single year,” said Marc Olesen, President and CEO of Sift. “At the same time, cybercriminals were lying in wait, ready to take advantage of millions of vulnerable targets and enacting new methods to steal from them. As fraud fighters seek to stay ahead of the Fraud Economy, they must adopt a Digital Trust & Safety strategy, which ensures they can both protect against abuse while reducing friction for legitimate purchases.”
Sift’s Q1 2021 Digital Trust & Safety Index can be found here.