A Thing
The Green SheetGreen Sheet

Thursday, April 1, 2021

Fraud attempts spike amid pandemic, Sift confirms

The online fraud-fighting firm Sift reported that its clients saw a 69 percent spike in the average value of fraudulent purchase attempts in 2020 and that the COVID-19 pandemic "played an influential role in the evolution and uptick in online payment frauds."

The San Francisco-based firm also revealed that it uncovered a sophisticated new fraud ring leveraging guest checkout options on donation sites to launder stolen payment cards. The ring appears to have been spurred on by rising consumer philanthropy in the face of the pandemic. The Blackbaud Institute, which keeps tabs on giving trends, reported that online giving was up 21 percent last year, compared to 2019.

The new fraud ring, which Sift dubbed Cart Crasher, is crafty. Members set up fake causes seeking donations, along with the necessary recipient accounts. Then they use stolen cards and fake user names and email addresses "by the thousands," and using automated scripts, donate funds to their own fabricated causes. Donations, in increments of $5, are used to test stolen card numbers for their usefulness elsewhere, and the fraudsters pocket the bogus donation amounts.

"Amid the Covid-19 pandemic we saw a decade's worth of ecommerce growth condensed into a single year," said Marc Olesen, president and CEO of Sift. "At the same time, cybercriminals were lying in wait, ready to take advantage of millions of vulnerable targets and enacting new methods to steal form them."

As more buying goes online, fraudsters follow

Internet traffic and online spending has surged since the pandemic gripped the world last March, and fraudsters have followed. "Fraudsters seized on climbing transaction volumes and unanticipated consumer behaviors like stockpiling, driving the average value of attempted fraudulent purchases up by 69 percent," Sift researchers stated. In 2019, the average fraudulent order was $1212; in 2020 the average was $2049.

The five verticals that were hardest hit were:

  • transportation, which took the brunt of abuse with an 8.4 percent overall attempted fraud rate;
  • crypto exchanges, 4.6 percent ;
  • gaming/gambling, 3.7 percent;
  • online travel sites; and
  • dating apps.

Sift, which operates a data network that helps online merchants large and small detect and stop fraudsters, said fraud rates ballooned across its network, pushing year-over-year fraud rates way up for some industries. For example, loyalty program providers saw fraud rates jump 275 percent over 2019. The report said the surge in fraud attempts was clearly tied to factors around the pandemic such as "too many people cooped up at home, misinformation and fear causing changes in consumer behavior, dormant user accounts, and fraudsters watching in the wings, ready to take advantage."

The company said cybercriminals are being aided by automation—not unlike the websites they prey upon. "Bots, scripts and malicious software make the grunt tasks of cybercrime simple, and allow fraudsters to do more damage in less time," the report stated. "It's specifically useful for accelerating card testing and credential stuffing – an easy route to pilfered profits, given that 65 percent of consumers repurpose user names and passwords across multiple sites and services."

The busiest day of 2020 for fraudsters wasn't anytime close to the mad rush of spending usually related to the year-end holiday season, but rather June 26, Sift reported.

Cyber crooks go mobile

Sift's report also revealed that fraudsters are moving away from desktop devices—following the money and consumers—and shifting to mobile devices. Sixty-two percent of payment fraud attempts in 2020 originated from mobile devices, up from 51 percent in 2019, Sift found.

Sift's findings were derived from its global network of customers, which includes big name companies like DoorDash, Airbnb, McDonalds and Wayfair. In all, transaction involving 34,000 websites and apps that use Sift were analyzed.

The largest fraud attempt identified was for a $5 million watch, Sift reported. Other big-ticket fraud attempts included:

  • $484,000 in cryptocurrency
  • $53,264 for Super Bowl tickets
  • A $50,000 political donation
  • $27,000 for plane tickets to Las Vegas
  • $5,000 in apparel gift cards
And while many of the online fraud attempts last year involved credit cards, digital payment methods like online gift cards and in-app purchases represented some of the "fraudiest" payment methods, Sift said. end of article

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing