Evolving trends in fraud and abuse show eCommerce and travel providers are prime targets as attackers leverage online shopping conveniences to monetize stolen credentials and payment details.
In-person transactions shifted to online in 2020, as shopping at physical storefronts came to a halt. Consumers had to rely on digital channels to shop even for the most basic needs. As these habits become the new norm, the future of shopping changed for good.
Attackers Target Retail
This mass transition to online was an attacker’s dream come true. Insights from the Arkose Labs network reveal, during Q4 of 2020 retail was a highly attacked target. . This was the result of increased consumer spending through Black Friday and the holiday season.
Ecommerce fraud continued into the early part of the first quarter in 2021, before easing up a little by spring. As fraud teams try to catch up to the new normal volumes of digital commerce—redefined by the pandemic—attackers are focusing on payment attacks and scraping for information.
eCommerce: What is an Acceptable Level of Friction?
Travel Suffers Attacks During Pandemic
Another area where consumer spending has returned is travel. Travel industry was perhaps the worst affected due to the pandemic with airlines, cruise operators, car rental agencies, and hotels shuttering down almost overnight.
For several months at a stretch, demand slowed down to a trickle. However, as the world begins to open up and more people get vaccinated, travel is making a roaring comeback. Air and hotel bookings have nearly reached the pre-pandemic levels. Fraudsters, too, are scouting for opportunities to steal credit cards, gift cards, and rewards to capture their share of consumers’ dollars.
2021 Took Off From Where 2020 Left
The beginning of 2021 was not much different from how 2020 ended for the e-commerce and travel industries. However, things quickly changed as pandemic-related restrictions lessened and life seemed a bit closer to normal.
Since the beginning of the year, e-commerce and travel attacks increased by 63% as traffic across these platforms soared back to pre-pandemic levels. Following these changes, peak eCommerce and travel periods like Black Friday saw spikes up to 20x the average attack volume.
Payment Methods Are Prime Targets of eCommerce Fraud
With volumes of new users increasing during the pandemic — as well as an increase in the traffic from returning eCommerce customers — attackers are targeting users for their payment methods. Fraudsters can monetize compromised accounts in several ways, including stealing the payment or bank account information stored in the account, money laundering, payments fraud, stealing and redeeming loyalty or rewards points, and much more.
E-commerce fraud, especially payment fraud on gift cards is on the rise. Attackers use automation to brute force attacks on gift card websites. They test thousands of card numbers and PIN combinations every minute. Also, they deploy bots and sweatshops to continually check card balances in order to redeem them as quickly as possible.
Gift card fraud is particularly attractive to attackers due to low authentication barriers when compared with authentication requirements for credit cards. In the case of gift cards, there is no additional verification for points redemption, making it easy for attackers to escape with their loot, undetected. Also, much like cash theft, gift card fraud is difficult to trace.
Read how a major gift and prepaid card provider deterred attack:
Payment Firm Foils Giftcard Fraud With Arkose Labs
ARKOSE LABS Fights eCommerce Fraud
Gift card fraud can disrupt consumers’ shopping experiences and damage retailer brand reputations, making it essential for retailers to secure their physical and digital cards. Detecting and stopping fraud is difficult, as there are no authentications or trails. Therefore, retailers must adopt a fraud-prevention approach that eliminates attacks without disrupting genuine user experiences. Arkose Labs’ bilateral approach targets automated bots and bad actors with adaptive, graduated friction to stop attacks, while making authentication fun and seamless for genuine users.
Arkose Labs helps online retailers accurately identify and thwart attackers using digital intelligence. Authentic users clear user-friendly enforcement challenges unseen, while bots and automated scripts fail instantly. Malicious humans are presented with increasingly complex challenges, wasting their time and resources until they call it quits, providing long-term protection for ecommerce and travel.
*** This is a Security Bloggers Network syndicated blog from Arkose Labs authored by Ashish Jain. Read the original post at: https://www.arkoselabs.com/blog/why-attacks-are-the-new-new-normal-ecommerce-travel/