January 10, 2019
Customers, Competitors & Cybercriminals: Three Trends Impacting Merchant Strategies
Posted September 18, 2018
A new report finds online and mobile merchants were hit with 91 million cyberattacks during the second quarter, amplifying competing tensions that will shape ecommerce dynamics throughout the rest of the year.
According to the new Q2 Cybercrime Report from ThreatMetrix, this level of attacks actually represents a modest reduction in total fraud attempts—a welcome respite from otherwise intractably upward trends. But don’t be fooled.
The second quarter is traditionally a fairly quiet quarter for both the industry and its criminal antagonists. And while slightly lower, attack volumes are consistent with those seen during the same period last year. Losses from ecommerce fraud could top $20 billion in the US alone this year.
The report, which tracks actual attacks within the ThreatMetrix Digital Identity Network between April 1 and June 30, is seen as a reliable barometer of global cybercrime trends. And it points to three emerging trends that could derail the careful balance merchants have been working to strike between growing customer demands, increasingly fierce competition and rapidly evolving cybercrime threats.
#1: Account Creations Increasingly Mobile—and Fraudulent
Consumer mobile adoption rates continue to surprise. Mobile now accounts for 58% of all digital transactions as the mobile channel rapidly becomes the preferred way to shop and make purchases online.
In fact, mobile is quickly becoming the key enabler at almost every stage in the customer journey, but particularly when customers are opening up new accounts. Almost two thirds of all account creations now come from a mobile device. And the bad guys have noticed.
The fast is, ecommerce continues to be a prime target for monetizing stolen identity credentials, including the 1.4 billion personal files compromised through data breaches in just the first three months of the year. That has manifested in the extremely high percentage of fraudulent account creation attacks, which are up 130% compared to the same quarter last year.
This represents heightened risks from fraudulent accounts that can then be used to make payments with stolen credit cards. It’s going to hurt. According to global data from Javelin Research & Strategy, merchants could lose more than $19 billion from chargebacks this year.
#2 Global Bot Attacks Rising—and Targeting Merchants
The industry saw 1.3 billion bot attacks in the second quarter, originating from a number of geographies spanning both growth and emerging economies—including Vietnam, Indonesia, Russia, the US, Japan, Brazil and more. Across all industries that number was 1.6 billion, showing that the vast majority of bot attacks (81%) target the ecommerce space.
At peak attack periods, bot traffic accounted for up to 90% of an organizations’ transaction volume, as bots attempt to leverage stolen identity credentials to infiltrate legitimate customer accounts and access sensitive personal data and credit card info.
But there’s a troubling shift underway. Over the last few months, the Network has been detecting numerous instances of a distributed botnet coming from multiple global locations and attempting to use stolen credentials to log into trusted eCommerce customer accounts.
Whenever an attack is successful, the fraudster behind the login takes manual control of the bot, changing account credentials and placing fraudulent orders. The legitimate customer is often unaware of the situation until they see unknown charges appearing on their credit card statements.
#3 Cross-Border Ecommerce Now Critical to Retailers—and Cyberthieves
According to ThreatMetrix data, 54% of all ecommerce transactions are now cross-border. That’s higher than other industries. 57% of online shoppers have made a cross-border purchase in the last year, driving larger ecommerce brands to expand their global footprints.
The downside: cross-border traffic is 15% more likely to include device spoofing and 22% more likely to involve identity spoofing than domestic traffic. Indeed, cross-border transactions are 69% more likely to be rejected than those made domestically.
As a result, far too many merchants set overly strict business rules, often rejecting all transactions from specific countries deemed to be too high-risk—reducing their growth potential while ceding territory to competitors who are more adept at managing fraud.
Friction: The Unforgivable Sin
With nimble, tech-centric competitors on the rise and market domination from a few key players, driving order acceptance rates is imperative. But doing that while stopping fraud can be tricky.
In one recent survey, 25 percent of consumers reported that every single retail website and app they use requires two-factor authentication—despite the fact that 50% of consumers will bail on a transaction after even 10 seconds of added friction. It’s estimated that $1.6 trillion will change hands this year as consumers defect from one brand to another due to poor digital customer experiences.
To avoid that fate, some of the world’s biggest merchants have been transitioning to digital identity-based user verification and assessment technologies that help them instantly recognize returning customers, spot fraudsters, and provide a friction-free experience at every step in the customer’s digital journey.
From Here to Security
According to Harvard Business Review, this kind of digital cohesiveness can help merchants reduce customers frustration and boost their lifetime value, while lowering the chances they’ll defect to competitors.
But Forrester predicts 30 percent of businesses will fail to keep up with evolving customer expectations for the digital experience, resulting in a net loss of a point of growth.
As we move later into the year, there’s a big holiday shopping season fast approaching. Which means striking the right balance between customer experience, competitive dynamics and cybersecurity may grow tougher—and more important—than ever.
Download the Q2 2018 Cybercrime Report from ThreatMetrix to learn about global cybercrime trends and how a digital identity-based approach to fraud prevention can help online merchants thrive.