WITH NUDATA SECURIT Y
Online Fraud Risk during COVID-19 NuData Security, a Mastercard company, today launched its H1 2020 Fraud Risk Report. The report found that COVID-19 sparked an unparalleled surge in the creativity of scammers, as more shoppers ditched physical shopping carts for digital ones. In H1, NuData monitored online changes and summarized the key findings in the report. Some highlights include: The total fraud dollar increased by
127%
for in-store pickup where fraudsters can more easily request chargebacks that seem like legitimate customer activity
67%
Increase in eCommerce and digital goods traffic from 2019
64%
of e-commerce attacks were login attacks
1.18%
of login attack attempts had the correct account credentials (a success rate above 1% can lead to thousands of compromised accounts from one single attack) Robert Capps, VP of marketplace innovation at NuData Security, answered a few questions to highlight how this surge in online fraudulent activity and impact retailers and how they can protect themselves.
72
GLOBAL RETAIL BRANDS / OCTOBER 2020
Q. Could you explain what human-like attacks are and what makes them unique to other types of attacks? What do these attacks mean for retailers specifically? Human-like attacks emulate human behavior during a web or mobile app transaction, but originate from a computer program or script. They attempt to evade technical countermeasures that organizations deploy to frustrate or block attackers that use normal, highvolume scripted attacks to perform malicious actions on a website or using mobile applications. Human characteristics that are often emulated are typing rate, the speed between page interactions, the emulation of mouse movement, page scrolling, and browser identifiers. For organizations that lack sophisticated controls for automation, human emulation can create havoc for fraud and security evaluation controls, allowing for high risk interactions to occur uninterrupted.
Retailers can be impacted by such attacks in a number of ways, including: New account registration – many plausible looking but fake accounts may be registered using automation, that are later used for ecommerce fraud or to abuse rewards programs. Account Takeover Attacks – stolen consumer credential data (usernames and passwords) are used to look for good access at merchant websites, leading to legitimate consumer accounts being taken over by a fraudster, and the accounts used to make purchases or obtain other value from the merchant – such as the use of accrued rewards programs benefits, access to digital content, or other services (rideshare, gig economy, food delivery, etc). Standard checkout/ ecommerce transaction fraud – with automation used to increase the volume of fraudulent transitions without requiring human interactions.
