April 27, 2017 By Mark Samuels 2 min read

Retail fraud continues to rise, and there is significant growth in online attacks across all sectors. Forter’s “2016 Fraud Attack Index” showed a 69.9 percent rise in attacks against apparel websites and goods. Luxury goods were also targeted, with an average fraud rate of $5.91 at risk out of $100 of sales.

The report, created in collaboration with the Merchant Risk Council, highlighted the continued presence of retail fraud as well as the shifted priorities and techniques of attackers. Retail IT decision-makers should pay attention to attack trends and consider ways to respond.

Understanding the Rise in Retail Fraud

Overall, 2016 saw a moderate increase of 8.9 percent for online fraud attacks from January to December. But there was also a 79 percent year-over-year increase in fraud risk for domestic holiday orders during Q4.

Forter suggested the rise in domestic online attacks and card-not-present (CNP) fraud is significant but unsurprising. U.S. fraudsters have moved online following the October 2015 adoption of Europay, MasterCard and Visa (EMV) cards, a move that made it harder to copy physical cards.

Michael Reitblat, CEO of Forter, suggested that the significant growth in fraud attack rates in the apparel industry might also be related to EMV adoption. Fraudsters who have recently joined the online criminal ranks might be sticking to a sector they understand, he said in a press release.

Detailing Other Report Trends

However, this rising trend doesn’t seem to be entirely universal: The fraud attack rate for international markets dropped by 13 percent compared to 2015. Forter researchers described this fall as a surprise, since international orders were found to be 62.4 percent riskier than domestic ones throughout 2016. They attributed the drop to a growth in genuine international orders rather a fall in fraud.

In the online service payment sector, researchers highlighted a 131 percent rise in account takeover (ATO). Specifically, there was a shift to online payment ATO, drawing away from attempts to break into accounts on retailers’ websites.

The research also provided statistics on the frequency of retail fraud attacks in a range of key verticals, including:

  • Travel and hospitality (33 percent decrease);
  • Luxury (8.4 percent decrease);
  • Electronics (1.8 percent decrease);
  • Digital goods (22.6 percent decrease); and
  • Food and beverages (49.8 percent increase).

Fraud prevention firm Verifi told CSO Online that every $1 stolen costs retailers an additional $3.08 in lost time, services or merchandise. The crime doesn’t just hit retailers financially, but throughout multiple departments in an organization.

Finding Ways to Respond Effectively

Retailers must find the right balance between fraud coverage and strong defense strategies that might be too restrictive and alienate customers. It is crucial for retail organizations to understand attack trends and make the necessary security investments.

These organizations should aim for a customizable technological platform that allows for the fine-tuning of fraud mitigation according to market and attack patterns. Merchants and issuers should also consider ways to share information that can help resolve fraud claims easily in the event that a breach does occur.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today