Digital fraud, while nothing new for merchants and payment processors, continues to gain momentum and is predicted to surge even higher during the upcoming a holiday season, a report from Arkose Labs says.
Overall, fraud attacks have increased 15% compared to the previous quarter. In addition, Arkose is predicting 8 million attacks will occur daily during the 2021 holiday shopping season, which has already begun.
Three primary types of attacks criminals will launch are bot attacks, fake-account registration, and credential stuffing.
Bot attacks, which use automated Web requests to manipulate, defraud, or disrupt a Web site or application, have increased steadily during 2021, with automation making up 88% of all attacks in the third quarter, the report says. Arkose expects this figure to continue to hold steady and even increase before the end of the year. In 2020, more than 2 million bot attacks occurred between October and December, Arkose says.
Fake-account creation using stolen or synthetically created identities have also been on the rise. During the third quarter of 2021, fake-account registrations increased nearly fourfold from the first quarter of the year and contributed to about two-thirds of all fraud attacks for the quarter. Fake-account creation has become the leading type of fraud attack, the report says. Arkose Labs detected 560 million malicious attempts on registration flows during the third quarter. “Fake accounts open the doors to downstream fraud that directly impacts the bottom line of e-commerce firms” the report says.
Credential stuffing, which accounted for 17% of all fraud attacks during third quarter, continues to grow as criminals aim to capitalize on the growth in digital accounts. During the past year, Arkose stopped 3 billion credential-stuffing attacks, nearly double the number in the previous 12 months. In 2020, digital businesses saw 90% higher volume of such attacks during the final quarter of the year, over the holiday shopping period, the report says.
Credential stuffing is a type of cyberattack in which criminals use stolen account credentials, such as user names, email addresses, and corresponding passwords, to gain access to user accounts through large-scale automated login requests.
Retail and travel saw a 63% increase in fraud attacks during the third quarter, with 66% of digital traffic to United States-based travel sites flagged as fraud or bot attacks, and finance saw 32% more attacks than during the first half of 2021.
Fraudsters keep trying until they succeed, which is why deterrence is so important for companies to get right,” Vanita Pandey, chief marketing officer for Arkose Labs, tells Digital Transactions News. “Fraudsters are motivated by money and they are going to keep attacking as long as they are making money. This requires a fundamental shift in the approach companies take—they have to look beyond the short term, stopping one transaction. Effectively, companies can create long-term deterrence by making it less profitable and lowering the ROI of the fraudsters.”