America’s migration to EMV has crippled some types of card fraud, but the risk of online fraud is on the rise — especially during the holidays — according to new data from the Merchant Risk Council and fraud-technology company Forter.
The indexed findings showed a 79% spike in fraud risk for domestic holiday orders in the fourth quarter of 2016 versus the fourth quarter of 2015, and an 8.9% increase in online fraud attacks for 2016 as a whole.
“Following the October 2015 adoption of EMV (microchip cards) in the United States, Forter’s fraud research team was not surprised to have observed a rise in the amount of domestic online fraud attacks,” the study said. “Since domestic U.S. fraudsters were most adversely affected by not being able to copy physical cards as easily, it makes sense that these criminals have shifted online, boosting domestic CNP (card not present) fraud.”
Though domestic fraud attacks rose, the international fraud attack rate fell by 13% from 2015, Forter added.
The attack rate is the dollar value of fraudulent orders (both declined orders, where the fraud was caught in real-time, and undetected fraud transactions that were later reported) as a proportion of total sales for the quarter.
“Forter’s researchers attribute this decrease to a growth in genuine international orders rather than a decrease in fraud, however, and this may parallel the increasing value many merchants are seeing in the international market. The value of international orders explains the willingness to take a risk which is still not negligible – despite the 13% decrease, international orders were found to be 62.4% riskier than domestic ones in 2016,” it said.
Fraudsters also appear to be shifting their tactics, moving from merchant account takeovers to online payment account takeovers. Merchant account takeovers involve breaking into accounts on the merchant’s website in order to look like returning customers, but online payment account takeovers aim straight for services such as PayPal or Apple Pay. Forter reported a 131% uptick in attempts to takeover online payment accounts.
The report also noted a 69.9% increase in the fraud attack rate for apparel retailers. As of the end of 2016, they represented $17.60 of every $100 of sales in the sector; early data for the first quarter of 2017 show that rising to $19 per $100 of sales.
“This may be related to the new fraudsters who’ve joined the online criminal community following EMV adoption in the U.S. and are perhaps sticking to a vertical they understand. It may also reflect the increased comfort of genuine shoppers with the idea of buying fashion items online and returning as necessary,” Forter CEO Michael Reitblat explained.
Food and beverage retailers also saw a 49.8% rise in the frequency of fraud attacks, but some retail sectors did see decreases. The travel and hospitality sector was down 33%, according to the report, and digital goods saw a 22.6% decrease. Attacks in the luxury sector and electronics sector also fell 8.4% and 1.8%, respectively.
Fraudsters still love luxury goods, though — the average fraud rate is $5.91 at risk out of $100 of sales, which is 41% higher than electronics, according to Forter.
“The general increase in fraud attack rate reflects the appealing nature of the online channel to the criminal community. The growth of e-commerce and mobile commerce, the abundance of stolen data, the opportunities for obfuscation, the tools available to them, the unlikelihood of reprisals for fraud attempts and more all combine to make online attacks attractive to criminals,” the report said.
