Thursday, April 1, 2021
The San Francisco-based firm also revealed that it uncovered a sophisticated new fraud ring leveraging guest checkout options on donation sites to launder stolen payment cards. The ring appears to have been spurred on by rising consumer philanthropy in the face of the pandemic. The Blackbaud Institute, which keeps tabs on giving trends, reported that online giving was up 21 percent last year, compared to 2019.
The new fraud ring, which Sift dubbed Cart Crasher, is crafty. Members set up fake causes seeking donations, along with the necessary recipient accounts. Then they use stolen cards and fake user names and email addresses "by the thousands," and using automated scripts, donate funds to their own fabricated causes. Donations, in increments of $5, are used to test stolen card numbers for their usefulness elsewhere, and the fraudsters pocket the bogus donation amounts.
"Amid the Covid-19 pandemic we saw a decade's worth of ecommerce growth condensed into a single year," said Marc Olesen, president and CEO of Sift. "At the same time, cybercriminals were lying in wait, ready to take advantage of millions of vulnerable targets and enacting new methods to steal form them."
Internet traffic and online spending has surged since the pandemic gripped the world last March, and fraudsters have followed. "Fraudsters seized on climbing transaction volumes and unanticipated consumer behaviors like stockpiling, driving the average value of attempted fraudulent purchases up by 69 percent," Sift researchers stated. In 2019, the average fraudulent order was $1212; in 2020 the average was $2049.
The five verticals that were hardest hit were:
Sift, which operates a data network that helps online merchants large and small detect and stop fraudsters, said fraud rates ballooned across its network, pushing year-over-year fraud rates way up for some industries. For example, loyalty program providers saw fraud rates jump 275 percent over 2019. The report said the surge in fraud attempts was clearly tied to factors around the pandemic such as "too many people cooped up at home, misinformation and fear causing changes in consumer behavior, dormant user accounts, and fraudsters watching in the wings, ready to take advantage."
The company said cybercriminals are being aided by automation—not unlike the websites they prey upon. "Bots, scripts and malicious software make the grunt tasks of cybercrime simple, and allow fraudsters to do more damage in less time," the report stated. "It's specifically useful for accelerating card testing and credential stuffing – an easy route to pilfered profits, given that 65 percent of consumers repurpose user names and passwords across multiple sites and services."
The busiest day of 2020 for fraudsters wasn't anytime close to the mad rush of spending usually related to the year-end holiday season, but rather June 26, Sift reported.
Sift's report also revealed that fraudsters are moving away from desktop devices—following the money and consumers—and shifting to mobile devices. Sixty-two percent of payment fraud attempts in 2020 originated from mobile devices, up from 51 percent in 2019, Sift found.
Sift's findings were derived from its global network of customers, which includes big name companies like DoorDash, Airbnb, McDonalds and Wayfair. In all, transaction involving 34,000 websites and apps that use Sift were analyzed.
The largest fraud attempt identified was for a $5 million watch, Sift reported. Other big-ticket fraud attempts included:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.