The Q1 Fraud Report, published by RSA, found that card-not-present (CNP) fraud transactions increased 17 percent in the first quarter of 2019, with more than half of those transactions (56 percent) originating from the mobile channel.
On average, the value of a CNP fraud transaction in the U.S. was $403—nearly twice as much as a legitimate transaction ($213).
“Sixty percent of fraud transaction value originated from a new device but from a trusted account—indicating account takeover activity continues to be a preferred and successful attack vector for cybercriminals,” the report said.
The report reflected the array of fraud patterns that have increased since the end of 2018. Even though less than 1 percent of logins were attempted from a combination of a new account and new device, “this scenario accounted for 32 percent of total fraud volume observed in Q1,” according to the report.
The research indicated a similar pattern with the same percentage of legitimate payment transactions attempted from an existing account and a new device, which constituted 48 percent of total fraud value, reflecting a slight increase from 43 percent in Q4. “This is indicative of an increase in account takeover where fraudsters are attempting to use compromised financial information to initiate payments from victims’ accounts,” the report said.
Additionally, the report noted that increased security measures are driving fraudsters to different attack vectors. “If in the past a fraudster committed e-commerce fraud by using a compromised credit card and the “guest checkout” option, today many use account takeover of existing customer accounts in order to reduce the risk of being flagged for fraud,” the report said.