Fraud Shifts to Travel, Gaming Sites as Economies Reopen
The prevalence of digital fraud attempts on businesses and consumers continues to rise as malicious actors are shifting their focus in 2021 from financial services to travel and leisure and other industries.
These were among the findings of TransUnion’s quarterly digital fraud analysis, which found the rate of suspected digital fraud attempts rose 16.5% globally when comparing Q2 2021 to Q2 2020.
Gaming and travel and leisure were the two most impacted industries globally for the suspected digital fraud attempt rate, rising 393% and 156% in the last year, respectively. In the U.S., this rate rose 262% for gaming and 137% for travel and leisure.
As online fraud attempts against businesses continue to escalate, one in three consumers stated that they have been targeted by a digital fraud scheme related to COVID-19 during the second quarter of 2021.
More Opportunities for Fraud
“The bottom line regarding this shift is opportunity,” said Melissa Gaddis, senior director of customer success, global fraud solutions at TransUnion. “As the economy opens up and people feel they have more disposable income, the number of digital transactions in industries such as gaming and travel and leisure are exploding as compared to the same quarter last year. This gives fraudsters more opportunities to target those transactions.”
She noted that the company’s Consumer Pulse studies confirm phishing still ranks as the top scam consumers are facing.
“As these scams are successful, fraudsters gained stolen identities and credentials and are now monetizing them across industries,” she explained.
She noted that since TransUnion has been tracking fraud trends related to the pandemic for almost 18 months now, the data being seen isn’t a surprise; rather, it’s showing a natural progression given this “social experiment” we all participated in during these months.
“We predict we will start seeing the fraud trends for some industries level out while those who are really just starting to recover traffic, such as gaming and travel and leisure to lessen and then level out,” she said.
Gaddis added that, in the face of this shifting threat, consumers need to set up their accounts and security under the assumption that their credentials are already out there.
“They shouldn’t have the same username and password for their banks and their social media accounts,” she warned. “Phishing credentials that can be used to access every online account someone has is a goldmine, but can be stopped by having different credentials for different sites.”
Changing Consumer Expectations
Also, even in a society that thrives on instant gratification and with a business world striving to make it easier to transact online, consumers should learn to be okay with some friction to protect their high-value accounts.
“Enable step-up authentication for your bank; don’t save your username and password so all you have to do is click ‘Log In’ to access your account and hold the organizations where you conduct business to a high standard and expect them to enable fraud and authentication controls to protect your data,” she said.
The travel and leisure and gaming industry players should also be shoring up defenses for their users, Gaddis said, noting these industries are strong in digital transactions as so much of their business had already gravitated online even prior to the pandemic.
“Many companies just need to ensure their strong diligence remains in place as they look to rebuild their market share and customer base,” she said. “It’s equally as important to stop fraud as it is to streamline good customer interactions on their websites and in their games.”
She said this is an opportunity for brands to really understand their traffic, so they can stop the egregious activity while lowering friction for consumers to interact. A lot of this can be done by using device risk and device-based authentication solutions behind the scenes, Gaddis added.
“Overall, though, businesses need to be aware of what ‘normal’ looks like for their customer base so they can spot the anomalies and target those,” she said. “There are so many ways for fraudsters to monetize the data once credentials or personal information is obtained.”
Actors can sell the data or use it as a gateway for even larger payouts if they can access bank accounts, obtain false identification and/or open credit cards with stolen identities, to name a few.
“As much awareness as there is in the news about phishing and being aware of what you are doing on the internet, the schemes we are seeing now are becoming more sophisticated than the Nigerian prince scams everyone has heard of,” Gaddis said. “Today, fraudsters are taking advantage of disasters such as the pandemic and preying on people’s need for services.”
This extends to people waiting to hear about a job or waiting to receive an unemployment check, especially when unemployment claims processing was backed up, leaving people more susceptible to clicking on emails that reference these services or job offers.
“They look legitimate and were expected,” Gaddis said.
