Sift, a fraud prevention company has released its Q1 2020 Digital Trust and Safety Index report, which revealed that the average value of fraudulent purchase attempts increased 69% in 2020. Sift also saw several business categories hit by both major increases in attempted fraud rates and increases in the value of those fraudulent purchases, with lodging, omnichannel retailer, digital wallet, and professional marketplace companies becoming targets for online theft amid the Covid-19 pandemic.
Sift’s Data Science team also uncovered a sophisticated fraud ring, dubbed Cart Crasher by Sift, that leveraged guest checkout options on donation sites to attempt to launder stolen payment cards. The group employed automated scripts to launch thousands of attacks on these sites through guest checkout options, which allow buyers to forgo the account creation process and only requires a user’s email address before the user enters their payment information. The group’s innovative tactics demonstrate the ever-evolving nature of the Fraud Economy – the network of countless active cybercriminals with access to everything they need to exploit online businesses.
Specifically, Cart Crasher’s scheme, which was shut down across Sift’s global network, operated as follows:
- Fraudsters set up recipient accounts on donation sites
- Fraudsters create and post fake causes with which to receive donations –
- Fraudsters use stolen credit cards and fake usernames/emails in guest checkout by the thousands (via automated scripts) to donate funds to their own fabricated causes
- “Donations” are in increments of approximately $5, thus allowing Cart Crasher to test stolen payment accounts to determine if they are valid for use elsewhere as well as paying themselves in the process
Characteristics of Cyber-crooks
The Q1 2020 Digital Trust and Safety Index also found that while credit card transactions make up the majority of e-commerce payments, the “fraudiest” payment methods were digitally native ones: online gift cards, store credit, cryptocurrencies, and in-app purchases. Similarly, the three most popular items sought by fraudsters across Sift’s global network were all digital goods: video game virtual currency, cryptocurrency, and site credits.
Other findings in the report include:
- Cybercriminals Clock In: While fraudsters mainly focused on digital goods in 2020, the most expensive item they attempted to purchase on Sift’s network was a $5 million watch.
- An Increasingly Mobile Enterprise: Bad actors continued to migrate away from desktop and laptop computers, with 62% of attempted payment fraud attacks coming from mobile devices in 2020 – up from 51% in 2019.
- Targeting Impacted Industries: Volatile event volumes in different industries ushered in new attack strategies. Transportation took the brunt of the abuse in 2020 with an 8.4% overall attempted fraud rate, while crypto exchanges and gaming/gambling followed with fraud rates at 4.6% and 3.7% respectively.
Fighting Back Against the Fraud Economy
“Amid the Covid-19 pandemic we saw a decade’s worth of e-commerce growth condensed into a single year,” said Marc Olesen, President and CEO of Sift. “At the same time, cybercriminals were lying in wait, ready to take advantage of millions of vulnerable targets and enacting new methods to steal from them. As fraud fighters seek to stay ahead of the Fraud Economy, they must develop a Digital Trust and Safety strategy, which ensures they can both protect against abuse while reducing friction for legitimate purchases.”