Online Fraud Security Risk During Covid

NuData Security, a Mastercard company, today launched its H1 2020 Fraud Risk Report. The report found that COVID-19 sparked an unparalleled surge in the creativity of scammers, as more shoppers ditched physical shopping carts for digital ones.

The total fraud dollar increased by

for in-store pickup where fraudsters can more easily request chargebacks that seem like legitimate customer activity

Increase in eCommerce and digital goods traffic from 2019

of e-commerce attacks were login attacks

1.18% of login attack attempts had the correct account credentials (a success rate above 1% can lead to thousands of compromised accounts from one single attack)

Robert Capps, VP of marketplace innovation at NuData Security, answered a few questions to highlight how this surge in online fraudulent activity and impact retailers and how they can protect themselves.

Human-like attacks emulate human behavior during a web or mobile app transaction, but originate from a computer program or script. They attempt to evade technical countermeasures that organizations deploy to frustrate or block attackers that use normal, highvolume scripted attacks to perform malicious actions on a website or using mobile applications. Human characteristics that are often emulated are typing rate, the speed between page interactions, the emulation of mouse movement, page scrolling, and browser identifiers. For organizations that lack sophisticated controls for automation, human emulation can create havoc for fraud and security evaluation controls, allowing for high risk interactions to occur uninterrupted.

many plausible looking but fake accounts may be registered using automation, that are later used for ecommerce fraud or to abuse rewards programs.

stolen consumer credential data (usernames and passwords) are used to look for good access at merchant websites, leading to legitimate consumer accounts being taken over by a fraudster, and the accounts used to make purchases or obtain other value from the merchant – such as the use of accrued rewards programs benefits, access to digital content, or other services (rideshare, gig economy, food delivery, etc).

fraud – with automation used to increase the volume of fraudulent transitions without requiring human interactions.

At the beginning of the Pandemic, we observed a trend of fraudsters utilizing the buy online and pickup in-store/atcurbside to evade many retailer controls around shipping products to risky addresses. ID check requirements for store pickups became difficult for merchants to adequately carry out in light of mask wearing consumers and staff being weary of getting too close during in-person and curbside order pickups. This gap in process opened up an opportunity for fraudsters to exploit – and exploit it they did. Many merchants have since adapted to threats for in-person fulfillment methods in the intervening months. As new controls are enabled, fraudsters continue to adapt, forcing merchants to continue to evolve in response to changes to consumer and fraudster behaviors.

The pandemic has opened up a number of opportunities for fraudsters and cyber criminals to blend in to the increased volume of online consumer interactions. COVID has forced many users to transact online for banking and retail transactions, and has greatly increased the adoption of streaming media, gaming, and collaboration services.

Organizations who face human emulating automation need to be aware that they likely have a problem, even if it doesn’t result in immediate losses to their bottom line. There are a number of financial impacts that stem from automated interactions, such as an increase in costs to support the computing infrastructure required to service these high volume and low value transactions, payment processing costs resulting from validating new credit cards added to accounts using automated scripts, and customer support costs associated with responding to and mitigating legitimate customer accounts that have been compromised by attackers, using automation.

A blending of fine grained automation detection, advanced device intelligence, behavioral analytics, and passive biometrics capabilities provide a strong safety net to detect and mitigate the majority of automated interactions an organization might encounter.

https://issuu.com/globalretailmag/ docs/h1_fraud_risk_report_final/ s/11132026

Vice President, Marketplace Innovation

Robert is NuData Security’s Vice President of Marketplace Innovation. He is an industryrecognized technologist, thought leader, and advisor with over twenty-five years of experience in retail, payments, financial services, and cybercrime investigation and prosecution.