GRC Tuesdays: Fraud Consumes US Online Commerce with an Appetite for Apparel
In our continuing saga on the wide world of large scale fraud schemes, enter the invisible army of online commerce operators with the motivation and ability to steal consumer credit accounts and to create new accounts. One of their current objectives is to commit fraud by buying clothes and shoes and accessories to resell or to receive illegal chargebacks.
In fact, the apparel industry suffered a whopping 70% year-on-year increase in US-based fraud attacks in 2016. This is according to new research that examines online fraud activity from the e-commerce fraud prevention provider Forter together with the Merchant Risk Council. Let’s take a closer look at the results of the research, and examine what businesses can do to protect themselves from the growing threats.
Forter’s 2016 Fraud Attack Index
Israel-based Forter looked at data on over 136 million transactions to compile its 2016 Fraud Attack Index, revealing a 79% increase in fraud incidents for US domestic retail orders when comparing Q4 2015 to Q4 2016. Interestingly, online fraud attempts on international orders in Q4 2016 decreased by 13% when compared to incidents recorded in the same period in 2015. Nevertheless, fraud activity in online retail orders from outside the US were 62% higher than in domestic orders during the fourth quarter of 2016.
Impact of EMV Adoption
According to fraud research analysts at Forter, after the October 2015 adoption of EMV (microchip) credit cards in the United States, a rise in the number of domestic fraud attacks on online commerce sites was anticipated. As hoped, US-based operators were negatively affected by not being able to easily copy the necessary data from physical cards. However, domestic fraudsters then shifted to increase their online pursuits, dramatically boosting domestic CNP (card not present) fraud activity last year.
Increase in Online Payment Hacking
The 2016 Forter report noted an alarming upward trend in the Account Takeover (ATO) domain. Fraud operators have also shifted focus from “Merchant ATO” (breaking into accounts managed on the seller’s website in order to masquerade as returning customers) to “online payment ATO” (hacking into customer accounts managed by online payment services including PayPal, Apple Pay, Google Pay and Amazon Payments).
Thus Merchant ATO activity, which was on the rise in 2015, actually decreased last year. However, this represented a shift in account targeting by type rather than indicating an overall decrease in activity. The 2016 Fraud Attack Index reveals a 131% increase in all ATO attempts against US online payment accounts.
Apparel Sees Largest Increase in Online Payment Fraud
Evaluating the online payment fraud differences between retail categories, Forter analysts also published the year-on-year percentage increases or decreases in fraud attacks for specific product verticals:
- Apparel – 69% increase
- Food and Beverages – 49.8% increase
- Electronics – 1.8% decrease
- Luxury goods – 8.4% decrease
- Digital goods – 22.6% decrease
- Travel & Hospitality – 33% decrease
With an increase of nearly 50% over 2015, Forter’s data reveals that the Food and Beverage trade has also seen a dramatic increase in online fraudulent payments in the past year. As the five-quarter graphical analysis shows, the apparel industry remains under the threat of online fraud more than any other US retail sector. Some of the contributing factors include widening deceptive buying practices and the large and growing market for stolen credit card information.
Forter’s report also warns online merchants and consumers that botnets are becoming increasingly popular with fraud players due to their ability to increase both the scale and reach of online attacks.
SAP Solutions to Help Combat Online Fraud
Fortunately for SAP e-commerce customers who offer food, clothing, and other items popular with fraudsters these days, SAP provides a number of solution options to help detect fraudulent activity and to prevent losses due to payment fraud. Chief among these solutions are SAP Fraud Management and SAP UI Masking.
SAP HANA born-and-bred, SAP Fraud Management:
- Helps customers reduce fraud-related financial losses by screening multiple payment scenarios while providing increased security for transactions in key business processes.
- Captures and analyzes high volumes of transaction data from multiple sources and provides real-time detection to help quickly identify and halt fraud activity.
- Stops payment processing in real time on transactions that are associated with revealed fraud patterns.
- Ships with over seventy pre-built rules for fraud detection, including rules for the identification of customers located in high fraud risk countries; full customer address screening against politically exposed persons (PEP) lists; country bank accounts and associated customer addresses located in different countries; and a host of irregularities in purchase orders and buying patterns.
- Enables our customers to prevent open access to identifying customer data and improve protection against sensitive information misuse.
Covers or “masks” sensitive data capture fields (based on configurations for customer-specific information) before the field values are handed over to a user interface.
- Writes a trace for access to each masked field.
- Includes solution versions for Web Dynpro for ABAP, SAP ECC/GUI, SAP CRM Web Client UI, SAPUI5 and SAP Fiori.
Evidence reveals that SAP e-commerce customers are constantly exposed to an increasing array of both sophisticated and traditional fraud attacks. The better news is that SAP’s expanding GRC & Security solutions portfolio is leading the way in fraud pattern detection, analysis, and prevention options for multiple fraudulent transaction scenarios involving their SAP systems.