Santa Claus might be relaxing on Dec. 25, but criminals targeting online merchants with stolen credit and debit cards won’t be taking the day off. That’s evident from Stripe Inc.’s latest report on online fraud trends and behavior.
Released this week, the report, which examines an undisclosed number of transactions made in 2016, the most recent full-year data, from “hundreds of thousands” of Stripe customers in 25 nations, found that fraud rates do not increase notably on busier shopping days, like Black Friday, the day after Thanksgiving. Instead, a surge is noted on days like Christmas when many consumers are not shopping. Stripe did not provide specific numbers or fraud rates.
This “quiet time” also extended to times of day. “Normalizing to local time zones in each country, we see that traffic peaks during workday hours and plummets during nocturnal hours,” the report says. “However, fraud rates follow a stark reversed pattern, peaking late at night and flattening out during the day. This likely reflects the wider geographic dispersion of fraudsters, who may well be operating remotely around the world, conducting their activities during hours when businesses’ regular customers are asleep.”
Stripe also looked at fraudster behavior in comparison to a typical online shopper. It found that in the United States, fraudulent transaction amounts are only slightly higher than regular transaction tickets. In many other markets, fraudulent transactions are much higher than their normal transaction, typically twice as large. In some, the difference is five or 10 times as large.
“There are likely several factors contributing to a smaller divergence in the U.S., including access to account monitoring tools, better awareness around fraud, and broader government and merchant protections,” Michael Manapat, Stripe engineering manager for payments intelligence and experience, says in an email to Digital Transactions News.
Fraudsters also telegraph their nature by where and how often they shop, especially when making repeat purchases on the same stolen card, the report notes. Indeed, repetitive fraud is common, with more than 40% of compromised cards charged for more than one fraudulent transaction.
How it happens is that criminals shop repeatedly at the same merchant. Cards that made four fraudulent transactions, for example, typically were made at the same merchant, Stripe says, while four normal charges typically are spread across an average of two businesses.
Another distinction manifested by criminals is using the stolen card data in quick succession on a merchant site. “Fraudsters make these repeat purchases much more quickly than normal transactions,” Stripe says. “In fact, these consecutive charges happen 10 times more quickly than actual cardholders.”