With the holiday shopping season upon us, elevated attack rates on retail online payment transactions are expected to be at a record-high this year.
Arkose Labs, in their newly released third-quarter fraud report, observed a 30 percent increase in account takeover attacks in the retail industry compared to the previous quarter. Arkose officials said 81 percent of all retail attacks were fraudulent payments transactions, with fraudsters targeting this sector to monetize the identity and payment credentials that have been breached en masse.
“First, fraudsters test credentials, which we are witnessing in profusion across all industries. Next, they take over accounts,” said Vanita Pandey, vice president of strategy at Arkose Labs. “Payment fraud is usually the last step in the attack cycle and the overwhelming volume of fraudulent retail payment transactions in Q3 forecasts a very ominous holiday shopping season. Data shows criminals are weaponizing credentials to target businesses when transaction volumes are elevated and all digital commerce companies must be on high-alert.”
In an interview with Card Not Present, Arkose CEO Kevin Gosschalk said the prioritization of sales makes fraud inevitable this time of year for many merchants.
“The holiday season is a time when retailers don’t want to jeopardize buying,” said Gosschalk. “There are lower walls during peak periods. It’s actually a very lucrative time for fraudsters.”
Gosschalk said the black market for fraud tools has made it “kind of like an arms trade” among criminals.
“These tools have become cheaper and more sophisticated and we are starting to see more types of fraud. The attacks they are undertaking are similar. But the goal of what fraud is trying to accomplish is changing.”