Cybercrime Report Reveals Surge in eCommerce Fraud Attacks

Posted May 8, 2018

Cybercrime Report Reveals Surge in eCommerce Fraud Attacks

A record number of holiday-season cyberattacks against online retailers may have been just warm-up act to a host of new eCommerce fraud attempts.

According to the Q1 2018 Cybercrime Report from ThreatMetrix, eCommerce fraud rates have remained alarmingly high well into the new year, with a total of 150 million attacks seen during the first quarter of 2018.

That’s an 88-percent increase over the same period last year. And it reflects a woefully modest drop from the 190 million cyberattacks seen during the height of 2017’s blockbuster holiday shopping season.

The Q1 report, which tracks actual cyberattacks within the ThreatMetrix Digital Identity Network, is widely seen as a reliable barometer of global cybercrime trends.

And if its findings are any indication, retailers may be threading a very fine needle this year between optimizing the customer experience in an increasingly competitive environment—and opening themselves up to attack from market-savvy fraudsters.

Backdrop: Boomtime

This fresh data on cybercrime comes amid burgeoning growth throughout the eCommerce sector. Online sales jumped 15 percent in Q1, and could top $526 billion this year in the U.S. alone, propelled in part by a 9-percent swell in overall traffic volume.

Interesting tidbit: All this growth in digital traffic came through the mobile channel. In fact, Q1 is the first quarter in which purchases made via computer came to less than 50 percent of all transactions, according to ChainStoreAge.

That tracks with our own data, which shows roughly 51 percent of all login traffic flowing from mobile devices. Likewise, 60 percent of all account creations are now completed on a mobile device, reflecting the increased role this channel plays across the entire customer journey.

Time is Money

Here and in other digital channels, heightened competition is forcing merchants to up their game.

As of Q1, 71.9 percent of online retailers have undergone mobile optimization, while the number of online retailers offering mobile apps increased 31.6 percent year-over-year. And regardless of channel, it took up to 50 seconds less time to complete a purchase with retailers who were ranked among the top 30 merchants in’s the Checkout Conversion Index than it did with merchants in the bottom 30 percent.

Indeed, up to $236 billion in total online retail sales will switch hands due to this kind of friction by year’s end.

With competition for orders heating up between Amazon and well, everyone else, accelerating order acceptance rates has become an imperative for every merchant. But those same efforts can make it easier than ever for cyber-thieves to rip off these businesses and their customers.

Drive-by Looting

According to ThreatMetrix data, eCommerce cyberattack rates for account logins and new account creations have steadily grown to become among the worst in any industry.

During the first quarter, cybercriminals accounted for up to 13.5 percent of all retail login attempts, and a whopping 32.8 percent of all new account creations. In fact, eCommerce transactions are now more than 10-times riskier than those in financial services—a clear sign of just how vulnerable fraudsters view this sector.

Driving these trends: More than 820 million bot attacks from around the globe—with a majority coming from the U.S., China and Brazil. These attacks ranged from simple account validation to sophisticated attempts to impersonate legitimate customers using stolen identity information from a steady stream of data breaches.

In 2018, losses from these and other forms of eCommerce fraud could top $19 billion in the U.S. alone, according to DigitalCommerce360.

In short: Online merchants have their work cut out for them.

Where Risk Meets Reward

So, what’s this tightrope between frictionless transactions and effective fraud control?

Well, get too aggressive with anti-fraud systems, and the resulting step-ups and false declines can quickly drive your customers to rivals. Javelin Strategy and Research estimates that 30 percent of all declined purchases are actually legitimate, costing U.S.-based merchants as much as $118 billion this year.

For those keeping score, that’s more than five times the losses from fraud itself. Factor in the diminished customer loyalty and reduced lifetime value created by this kind of unnecessary friction, and the opportunity costs begin to spiral.

On the other hand, get too lax and fraudsters run off with a sizable chunk of your revenue.

According to Javelin, eCommerce companies should instead prioritize fraud-fighting solutions that, among other things, inspect a consumer’s device, behavior and geolocation—and rely less on static information, such as usernames, passwords and the security code on the back of a credit card.

To the extent this describes a balance between modern, digital identity-based user verification and faster, friendlier digital experiences for customers, Javelin could be onto something.

Or at least, we hope so. With a projected $2.3 trillion in worldwide sales at stake, eCommerce companies can look forward to plenty of challenges to go with some enormous opportunities in the months ahead.

To learn more about the state of eCommerce fraud, download a free copy of the Q1 2018 Cybercrime Report from ThreatMetrix.

Alisdair Faulkner

Alisdair Faulkner

Chief Identity Officer, Business Services, LexisNexis Risk Solutions

close btn