Multichannel Merchant
  • Ecommerce
  • Marketing
  • Operations & Fulfillment
Subscribe / Advertise
HOME
  • Ecommerce
    • Marketplaces
    • Mobile
    • Payment
    • Security
    • Shopping Cart
    • Usability
    • 2020 Ecommerce Operations Summit
  • Marketing
    • Advertising
    • Catalog
    • Content Marketing
    • Email
    • Search
    • Social
    • Video
  • Operations & Fulfillment
    • Contact Center
    • Customer Experience
    • Delivery
    • Distribution Center
    • Fulfillment
    • Order Management
    • Returns
    • Shipping
    • Workforce
    • 2020 Ecommerce Operations Summit
  • Resource Center
    • Media Kit
    • 2020 Ecommerce Operations Summit
    • Podcasts
    • Webinars
    • Research
    • Submit A Release
    • Videos
    • Jobs


Follow Us

Facebook
LinkedIn
Twitter
YouTube
  • Subscribe
  • Advertise with Us
  • Subscribe
  • Advertise with Us

Where Consumers Shifted During COVID-19, Ecommerce Fraud Followed

Ido Safruti
June 22, 2020

COVID-19 has quickly reshaped web traffic and application usage patterns. For example, traffic to food delivery has skyrocketed. The rapid shift in consumer behavior has morphed attack patterns, expanded the threat environment and added attack pressures against many site operators unaccustomed to so much attention from ecommerce fraud operators. They are largely mounting account takeover (ATO) attacks.

Logically, attackers are following the money. Greater traffic and transactions in new industries means more opportunities for fraud such as:

  • Theft of credit card and financial information
  • Placing unauthorized orders for goods or services using hijacked accounts
  • Draining new pools of loyalty points to resell on the dark web

Ecommerce fraud attackers are taking advantage of rapid shifts. Security teams operating under shelter in place are less efficient. Those teams are shouldering new responsibilities for securing remote workers. Online merchants are pushing application changes more quickly; this results in more bugs and vulnerabilities going live.

The unprecedented level of attacks on these new targets share the following characteristics:

  • Attack traffic levels are much higher than legitimate traffic levels
  • Malicious traffic is coming in huge spikes concentrated over 24-48-hour periods
  • Attacks are using more sophisticated bots that can navigate business logic and solve CAPTCHAs and utilize highly distributed botnets
  • Attacks are not only focused on sites but also on APIs

Home Furnishings, Food Delivery, Online Fashion: Big Targets

Benchmarking against historical data, two of the largest percentage increases in ecommerce fraud attempts have targeted home goods, food delivery and online fashion.

Home Furnishings

We observed large spikes in ATO attempts, running 3X to 4X higher than previously measured average daily attack rates. In addition, we saw sophisticated attackers widening their radius, going after smaller home furnishings companies rather than confining attempts to large top 50 retailers. This increase in attacks is likely here to stay as more shopping moves online.

Food Delivery

Traffic to food delivery sites increased by 41% during March after COVID-19 lockdowns started according to PerimeterX data, compared to two months prior. Shoppers are also behaving more decisively; conversion rates for food delivery are up by 80%.

This makes security and anti-fraud efforts more challenging because teams at these companies are dealing with new users and new behavior patterns without historical precedent. The number of ATO attempts we saw on food delivery apps during this time is 2.7X higher than it was prior to lockdowns, hitting all-time highs during the spring of 2020.

Online Fashion

The lockdowns rapidly shifted purchasing patterns for these high-touch products from stores to ecommerce. Since early February, online fashion, including clothing, streetwear, sportswear and cosmetics, has seen a significant rise in web traffic. Some weeks the ratio of increase in malicious vs. legitimate traffic has been 7:1. On average, legitimate traffic increases are running around 25% while malicious traffic increases are closer to +180%.

Weekly ATO attempts are 100% to 500% higher than historical averages, depending on the size of the spike. As in the home furnishings category, we saw sophisticated attackers going after a wider array of fashion sites including smaller retailers that previously only had to deal with crude and easy-to-filter attacks. Fashion is particularly prone to loyalty card attacks, as most major fashion retailers have popular loyalty programs. Aside from ATOs, in fashion we saw increases in scraping attacks as competitors and resellers grabbed pricing and inventory information from major brands at higher volumes.

The New Normal Means New Demands for Security

Clearly COVID-19 lockdowns have caused huge and potentially permanent changes in online consumer behavior. Understandably, hackers and fraudsters quickly followed, broadly expanding the types and number of consumer-facing sites they target with sophisticated attacks.

The opportunistic rise in ecommerce fraud means security and web operations teams need to adapt to a new normal of higher attack volumes. They need to increase security efficiency by adopting new tools which leverage machine learning to identify and block malicious attempts at scale and in real time. The new normal will ultimately mean higher levels of security but in the near term it will be a steep learning curve.

Ido Safruti is co-founder and CTO of PerimeterX

RELATED TAGS: ecommerce, Fraud, Security

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Webinars

The Pandemic Retail Reset and its Tax Implications

How Robotic Assisted Fulfillment Increased Productivity for a Top 3PL

A Roadmap to Multichannel Success: The View from Two Brands

Essential Strategies to Protect Profit Margins on Amazon

3 Ways to Thrive in a Changing Landscape

Latest Research

Retailers Viewing Returns Through the Lens of Strategy

The Last Mile Through the Lens of Today’s Challenges

Ensuring Sales Tax Compliance in a Shifting Retail Landscape

The Customer ID Imperative in a Post-3P Cookie World

Ecommerce Shipping Outlook: Q4 and the Scramble for Capacity

Blogs

Breaking Down the True Cost of Coupon Fraud

8 Things DTC Brands Should Look for in a 3PL Partner

A 6-Step Process for Improved Inventory Management

Post Disruption, Ecommerce Marketplaces Are Here to Stay

Why Customer Data Maintenance Matters for Marketers

About us

  • About us
  • Press Releases
  • Privacy Policy
  • Diversity Inclusion & Equity

Advertise

  • Media Kit

Events

  • Ecommerce Operations Summit

Related Sites

  • Chief Marketer
  • Event Marketer
  • LeadsCon
  • LeadsCouncil
  • PR News

Directories / Jobs

  • MCM Source Directory
  • Top 3PLs
  • Jobs

Sign up for MCM

Get the Ecommerce, Marketing & Operations info you need when you need it.
  • About us
  • Advertise
  • Jobs

Follow Us

© 2021 Access Intelligence, LLC - All Rights Reserved.