April 27, 2017 By Mark Samuels 2 min read

Retail fraud continues to rise, and there is significant growth in online attacks across all sectors. Forter’s “2016 Fraud Attack Index” showed a 69.9 percent rise in attacks against apparel websites and goods. Luxury goods were also targeted, with an average fraud rate of $5.91 at risk out of $100 of sales.

The report, created in collaboration with the Merchant Risk Council, highlighted the continued presence of retail fraud as well as the shifted priorities and techniques of attackers. Retail IT decision-makers should pay attention to attack trends and consider ways to respond.

Understanding the Rise in Retail Fraud

Overall, 2016 saw a moderate increase of 8.9 percent for online fraud attacks from January to December. But there was also a 79 percent year-over-year increase in fraud risk for domestic holiday orders during Q4.

Forter suggested the rise in domestic online attacks and card-not-present (CNP) fraud is significant but unsurprising. U.S. fraudsters have moved online following the October 2015 adoption of Europay, MasterCard and Visa (EMV) cards, a move that made it harder to copy physical cards.

Michael Reitblat, CEO of Forter, suggested that the significant growth in fraud attack rates in the apparel industry might also be related to EMV adoption. Fraudsters who have recently joined the online criminal ranks might be sticking to a sector they understand, he said in a press release.

Detailing Other Report Trends

However, this rising trend doesn’t seem to be entirely universal: The fraud attack rate for international markets dropped by 13 percent compared to 2015. Forter researchers described this fall as a surprise, since international orders were found to be 62.4 percent riskier than domestic ones throughout 2016. They attributed the drop to a growth in genuine international orders rather a fall in fraud.

In the online service payment sector, researchers highlighted a 131 percent rise in account takeover (ATO). Specifically, there was a shift to online payment ATO, drawing away from attempts to break into accounts on retailers’ websites.

The research also provided statistics on the frequency of retail fraud attacks in a range of key verticals, including:

  • Travel and hospitality (33 percent decrease);
  • Luxury (8.4 percent decrease);
  • Electronics (1.8 percent decrease);
  • Digital goods (22.6 percent decrease); and
  • Food and beverages (49.8 percent increase).

Fraud prevention firm Verifi told CSO Online that every $1 stolen costs retailers an additional $3.08 in lost time, services or merchandise. The crime doesn’t just hit retailers financially, but throughout multiple departments in an organization.

Finding Ways to Respond Effectively

Retailers must find the right balance between fraud coverage and strong defense strategies that might be too restrictive and alienate customers. It is crucial for retail organizations to understand attack trends and make the necessary security investments.

These organizations should aim for a customizable technological platform that allows for the fine-tuning of fraud mitigation according to market and attack patterns. Merchants and issuers should also consider ways to share information that can help resolve fraud claims easily in the event that a breach does occur.

More from

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today