E-commerce fraud to cost $48 billion globally this year as attacks skyrocket, report says
Cyberattacks cost more than ransoms. They also damage brands and customer trust if company leaders aren’t fully committed to protecting customer data and fighting against e-commerce fraud.
Telesign’s latest Trust Index shows why CIOs, CISOs, and their teams must first see e-commerce fraud prevention as a core business challenge and consider how AI-based techniques can help. Customer trust is on the line. Sift’s Q3 2023 Digital Trust & Safety Index amplifies Telesign’s Trust Index findings, identifying a 36% increase in online payment fraud in early 2023 driven partly by an epidemic of Account Takeover (ATO) attacks. Sift’s Index found that ATO attacks jumped 354% year-over-year in Q2 2023 across Sift’s global network after reaching a 169% increase year-over-year in 2022.
Fraud attackers using AI mine trust gaps for cash
The more successful a fraud attack is, the more it damages a brand. Left unchecked, e-commerce fraud will decimate a brand, its goodwill, and its trust, driving customers away to competitors. It’s on CIOs and CISOs to get e-commerce fraud detection and response right. Telesign found that 94% of customers hold businesses accountable and believe they must be responsible for protecting their digital privacy.
Sift found that cybercriminals and fraudsters rely on AI and cutting-edge automation techniques that democratize access, resulting in new fraud-as-a-service offers. One of the most visible and highly subscribed is FraudGPT. Fraud schemes are becoming so pervasive that 24% of those surveyed report having seen offers to participate in account takeover schemes online.
Telesign’s Trust Index found that 44% of data breach victims tell friends and family not to associate with a brand that’s been breached. 43% quit associating with the brand, and 30% of data breach victims share the incident on social media, further amplifying the event.
Sift’s Index found that 73% of consumers believe the brand is accountable for ATO attacks and responsible for protecting account credentials. Only 43% of account takeover victims were notified by the company that their information had been compromised.
Online fraud attacks target a new generation of victims
The 2023 Telesign Trust Index reveals the damage fraudsters do to brands while stealing from their most loyal customers. What makes Telesign’s Index noteworthy are its findings of how fraudsters target younger consumers for digital fraud.
The Index found that the greater a person’s exposure to the Internet, the greater their risk of fraud. 18- to 34-year-olds spent the most time online of all age groups, with 75% spending three or more hours online daily. SEON’s Gen-Z Fraud Report found that individuals younger than 20 were subjected to a staggering 116% increase in fraud incidents between 2019 and 2020, resulting in collective losses of approximately $70.98 million in 2020 or $3,000 per person.
They’re closely followed by 35- to 54-year-olds, with 70% of this group spending three or more hours online daily. Fraud disproportionately affects millennials (age 25-44), who are 4x more likely to be victims than seniors (65+). 56% of millennial victims experienced account hacking. This debunks the stereotype that older people are most vulnerable to fraud.
Avoiding the high cost of losing consumer trust
E-commerce losses attributable to online payment fraud were estimated at $41 billion globally in 2022, growing to $48 billion this year. The cumulative merchant losses to online payment fraud globally between 2023 and 2027 will exceed $343 billion. E-commerce losses to online payment fraud are expected to exceed $48 billion globally this year.
Losing consumer trust by being careless about protecting their data has a cascading effect. Not only do brands lose customers for life, many pay settlements to compensate consumers for damages. One of the most well-known was the $190 million settlement to 98 million customers CapitalOne paid after consumer data was stolen in a breach.
“Organizations that cultivate trust will build unbreakable bonds with customers, attract the most dedicated talent, and create new business models with partners — all while minimizing risk,” writes Enza Iannopollo, Principal Analyst, Forrester, in her blog post, Predictions 2023: Organizations That Maintain Trust Will Thrive.
Certifying trust is a must-have in e-commerce.
Telesign is taking a unique approach to helping its customers reduce and potentially eliminate the high cost of losing customer trust by providing a Trust Certified Badge that reassures consumers that the online business they’re buying from is legitimate. E-commerce sales need to prove that they are protecting customers’ digital identities, safeguarding their digital ecosystems from fraud, proactively preventing and detecting digital crime on their systems, and responding to fraud threats when they arise.
Kristi Melani, Telesign CMO and Head of GTM Strategy says, “In today’s digital economy, trust is a valuable currency for online business transactions. Telesign believes in creating a digital world built on Continuous Trust. The time is now to prioritize trust, and our Trust Certified Badge is an important step forward in deepening consumers’ confidence in the digital platforms they engage with. The Trust Certified Badge indicates to consumers that they are entering a space that protects their personal information and puts their safety first.”
How AI can help grow customer trust
Online fraud attacks take many forms, from promotion abuse and fake accounts to account takeovers (ATO). These many forms of e-commerce fraud are an ideal use case for AI and machine learning (ML).
Every provider takes a unique approach to the challenge. Telesign uses ML-based algorithms to perform real-time phone number risk-scoring that identifies anomalous, potentially malicious activity in real time and immediately delivers a reason code that can help reduce the incidence of attacks in the future. Leading vendors using AI and ML to protect against e-commerce fraud include Ekata, Kount, Sift, Signifyd, Riskified, and others.
E-commerce businesses need to consider how they can use AI and ML-based apps, tools, and techniques to protect themselves and their customers against fraud.
The following are a few attack strategies fraudsters use, with a brief overview of how AI can help shut them down.
Account Takeover (ATO) Attacks. AI and ML are helping to shut these kinds of attacks down by analyzing behavioral patterns in real time and tracking transaction data to find any anomalies. These lethal attacks leave consumers tens of thousands of dollars in unauthorized charges. 18% of those surveyed have experienced account takeover attacks, with 62% of those taking place in the past year. Worse, 34% of victims were defrauded 2+ times, typically while using sites or apps for digital subscriptions, online shopping, and financial services.
Business Email Compromise (BEC) is part of a broader attack strategy. VentureBeat has learned that several CEOs in the enterprise software industry have had deepfakes made of their voices and, combined with an orchestrated BEC attack campaign, can lead to tens of thousands of dollars being stolen within minutes by attackers. AI and ML-based fraud detection and response systems combined with human threat hunters are part of a managed Detection and Response (MDR) system that has successfully contained breaches that start with BEC.
Fake accounts and synthetic identities. Fraudsters buy all available identity and personally identifiable information (PII), including social security numbers, birth dates, addresses, employment histories, and other information to create fake or synthetic identities. They then apply for new accounts that many existing fraud detection models perceive as legitimate, granting credit to the attackers. On pace to defraud financial and commerce systems by nearly $5 billion by 2024, synthetic identity fraud is among the most difficult to identify and stop. Integrating user authentication, identity proofing, and adaptive authentication workflows to get the most value from machine learning insights is a start, and all fraud detection systems battling this problem also rely on risk scoring calculated in real time.
Promotions Abuse. From attempting to duplicate coupons and digital sales codes to fraudulently filing promotions claims, this area is where AI and ML-based platforms continue to help e-commerce businesses avoid substantial losses. Telesign’s approach to triangulating phone number behavior, detecting multiple accounts from phone number attributes, and flagging potential promotion abuse using a telephone number is noteworthy.
Expect to see new AI-based attacks during the holidays.
Telesign’s Trust Index and Sift’s latest Index reflect how online fraud is becoming more lethal as attackers adapt AI to fine-tune their tradecraft. For any organization with an e-commerce channel, it’s on the CIO and CISOs to get e-commerce fraud detection and response right. Customer trust hangs in the balance, and so does the holiday season, by far the most lucrative of the year. Fraud attacks will spike going into the holidays, and now is the time for any e-commerce business to close the gap where fraud has happened in their businesses.
This article was written by Louis Columbus from VentureBeat and was legally licensed through the DiveMarketplace by Industry Dive. Please direct all licensing questions to legal@industrydive.com.