Fraud bots load eshopping carts at 3x the amount of the average buyer—they really do love holiday shopping (for victims) more!

The deals and offers available over the holiday shopping months of December continue to draw more consumers every year, with the Digital Identity Network recording a 48% increase globally in transactions compared to last year. 

Retrospectively, an analysis of transactions and cyberattacks that occurred between Wednesday, November 27, 2019 through Tuesday, December 3, 2019 (Black Friday week) has revealed some mood-dampening trends.

On 16 Dec, LexisNexis Risk Solutions released a report on trends shaping this important season for retail and e-commerce. Key findings include:

More Bots targeting mobile app registrations

In 2019 bots evolved to target new account creations, with the Black Friday week continuing this global trend. New accounts offer fraudsters the opportunity to test, validate and build online identities for financial gain. During the Black Friday week, fraudsters went one step further, targeting new accounts created using mobile devices. These new mobile accounts, or mobile app registrations, provide fraudsters the opportunity to mimic new customers and initiate transactions through an established and seemingly genuine account. One US payment processor actually recorded a sustained 2,000% increase in its bot traffic over this period.

Fraudulent cart sizes nearly triple that of legitimate users

While record revenues generated over the Black Friday weekend dominate headlines every year, Black Friday week is also a major money maker for fraudsters, who use the increase in online traffic as camouflage for fraudulent transactions to increase their revenue per transaction. The average shopping cart transaction value rejected as high risk or fraudulent over the 2019 Black Friday week was 179% higher than legitimate transactions (US$329 versus $118) —which indicates that fraudsters load carts at higher dollar amounts than the average buyer.

Payments surge as fraudsters use mobile browsers to cash out

We usually see a surge in payments during Black Friday week as consumers shop for the best deals. This 2019 shopping week was no different: The Digital Identity Network recorded globally three times as many payments when compared to a normal shopping day. However, consumers increasingly showed a preference for making payments via mobile with 64% of all payments during Black Friday week coming from mobile devices. For one global payment processor, the mobile browser attack rate on payments doubled over the Black Friday shopping week compared to average rates. 

Mobile growing as a target but desktop remains firmly in the crosshairs

According to the 2019 LexisNexis Cybercrime Report, the mobile channel is a growing target for fraudsters, increasing 12% in the last year alone. However, desktop transactions remain in the crosshairs for fraudsters, who target it more often: The desktop attack rate in the first half of 2019 was 3.4% versus 1.4% for mobile, with lower mobile attack volumes likely due to mobile being inherently more secure than desktop. During the 2019 Black Friday week, desktop attack volumes remained high and in proportion to transaction volumes. Fraud attack rates for several large online retailers doubled during this period in correlation to increased transactional volume.

Black Friday becoming a global target

As Black Friday increasingly becomes an international shopping event, fraudsters from across the world are taking advantage of the availability of breached identity data to launch attacks and profit from increased transactional traffic. This year, the Digital Identity Network recorded attacks originating from Russia, Belarus, China, Vietnam, and South Korea, as well as the U.S.

Said Kim Sutherland, vice president of Fraud and Identity Market Planning, LexisNexis Risk Solutions: “Cybercriminals are opportunity seekers and travel the paths of least resistance, shifting their focus based on consumer patterns. Data shows that fraudsters will likely continue to progressively target mobile and with higher dollar fraud.” 

Sutherland continued: “For every dollar lost to fraud retailers and e-commerce, merchants incur an additional US$3.13 on average in associated costs including lost revenue, chargeback fees, merchandise redistribution and other fees. However, employing a multilayered, risk-aware fraud prevention program remains the greatest defense against fraud losses.”