Researcher's spotted a 131 percent spike in account takeover attacks for online payment accounts with the Apparel and Food and Beverages industries seeing the highest spikes in fraud at 69.9 percent at 49.8 percent, respectively, between Q4 2015 to Q4 2016.
The 2017 Fraud Attack Index found that spike occurred following the October 2015 EMV chip adoption deadline in the US and that there was a 79 percent increase in the risk of fraud for domestic holiday orders, according to the study conducted by Forter and the Merchant Risk Council (MRC).
The study found fraudsters had shifted from Merchant account takeover(MTO), where a their breaks into accounts on the merchant's website to pass as a returning customer to online payment account takeover (OTA), where they break into online payment services like PayPal, Apple Pay, and Amazon Payments.
The uptick in attacks targeting the apparel industry may be attributed to fraudsters stinking to their comfort zone.
"This may be related to the new fraudsters who've joined the online criminal community following EMV adoption in the US and are perhaps sticking to a vertical they understand,” Forter CEO Michael Reitblat told SC Media. “It may also reflect the increased comfort of genuine shoppers with the idea of buying fashion items online and returning as necessary."
The Food and Beverage industry attacks were attributed to attackers making obscure purchases just to see if there was money on the card.
“We've seen cases of fraudsters ordered a hundred bottles of water to Times Square, for example - they didn't want that water there, they just wanted to see if they could place the order,” Reitblat said. “If it went through, they'd use it elsewhere, for more valuable purchases.”
He added that fraudsters are also targeting the Luxury industry because attackers are familiar with it and it yields a high return on investment.
“NAF and ATO attacks against merchants frequently involve complex reshipping, reselling, and loyalty/rewards fraud schemes,” NuData Security Vice President of Business Development Robert Capps told SC Media. “These fraudsters target online retailers and purchase shippable goods using the compromised accounts, after which the products are resold through online auction sites and retail marketplaces.”
Researchers noted an nearly 80 percent increase in domestic Holiday Attacks and Capps added that during the same time that his firm spotted a 400 percent increase in sophisticated automation and scripting targeting large retail merchants that would have resulted in new account fraud (NAF) and account takeover (ATO) attacks had they not been caught.