More sophisticated ecommerce attacks follow improved bot detection, NuData report says
Basic bot attacks on e-commerce sites are being foiled in greater numbers by security tools like passive behavioral biometrics, which is very good news. But it also means that, in response, advanced fraud techniques are the rise.
That is a primary finding in a first-half look at cybersecurity by NuData Security, a passive-biometrics and -analytics firm in Canada. A report published by the vendor says that behavioral tools (NuData’s market) are “helping” firms detect and thwart online threats.
The tools are designed to find patterns in attacks that can help companies avoid future attacks. NuData, which is owned by Mastercard, writes that it is not uncommon for criminals to re-use IP address or devices involved in previous attacks, for example. This is important in detecting sophisticated attacks, which emulate human behavior and therefore are more difficult to detect with passive behavioral biometrics.
The online environment has only gotten more complex and, in some instances, more dangerous since COVID-19 forced hundreds of millions of consumers into their homes and online.
As North America locked down April through June, chargeback fraud more than doubled in frequency compared to rates NuData recorded in January through March.
The average dollar value off chargebacks, which are charges returned to consumers after they successfully dispute a purchase as fraudulent, rose 124 percent for in-store pickups during the first weeks of lockdowns in North America, compared to January through March.
Chargebacks for shipped goods grew as well, but by a comparatively small 36 percent.
High-risk traffic at account creation rose for some sellers during the first half compared to the same period a year ago, according to the company. NuData flagged half of all account creation attempts from March to June as high risk.
This increase is attributed to fraudsters using newly created accounts to victimize retailers and consumers. Some also have profiteered, hoarding restricted goods only to sell them later at a large markup as supplies dwindle, NuData writes.
Most crimes across industries still occurred at login, with account takeovers, but there were exceptions.
That was especially true in the financial and digital industries, where, according to the report, 99 percent of attacks occurred at login. In the travel sector, 44 percent of attacks hit during checkout and a third of the attacks were launched through account validation pages.