Friday, August 14, 2020
Debbie Guerra, executive vice president at ACI Worldwide, observed that criminals are exploiting the card-not-present (CNP) space, especially buy online/pick up in store (BOPIS) and click-and-collect payment methods. "Fraudsters are targeting higher value items like electronics and luxury brand names, especially within newer channels such as curbside pick-up and in-parking lot pick-up," she said. "We continue to see a huge increase above industry averages in eCommerce sales year over year."
Will LaSala, security evangelist at OneSpan, has also seen a sharp increase in phishing attacks and new account takeovers during the COVID-19 crisis. "We can attribute up to $77 million caused by COVID-related attacks," he said. "Account takeover rose to the top during COVID and phishing attacks are up by 667 percent, making a huge impact across the board."
Guerra further noted that ecommerce activity was up by 19 percent during July 2020 compared to the previous year. ACI's findings were based on hundreds of millions of ecommerce transactions from the company's global merchant base. Notably, the data revealed a sharp uptick in the outdoor items category, which rose from 9 percent in 2019 to 12 percent in 2020.
Following are additional data points from the ACI study:
"We continue to see a huge increase above industry averages in ecommerce sales year over year," Guerra added. "As more brick-and-mortar stores reopen with COVID restrictions, we are seeing card-present transactions slightly increase; however, we expect the ecommerce trend to continue post-COVID as consumers experience the convenience and speed of digital payments."
LaSala mentioned that he has seen similar trends in the banking sector, where account takeover attacks have increased by 72 percent, much of it related to federal relief programs such as the Payroll Protection Plan, stimulus checks and unemployment benefits. Also, the Dark Web has made a huge cache of personally identifiable information available to fraudsters and array of tools designed to help them initiate new attacks.
"People mistakenly think of fraudsters as guys in hoodies who perpetrate crimes from their basements," LaSala said. "In reality, cybercrime is a well-organized global enterprise." For example, there are specialists within the multilayered threat landscape whose sole focus is writing attacks and designing email templates, he stated, while others purchase and use these products to launch attacks.
The criminals who design attacks are inventive and agile, LaSala noted. "They leverage the products by making a few simple tweaks and using them again," he said. "Through the years, we've seen reused and redeployed variants. That's why we recommend a holistic, multilayered approach that uses application shielding, dynamic passwords and artificial intelligence to protect mobile and cloud environments."
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.