As we look to protect our healthcare systems and vulnerable citizens from the devastating impact of the COVID-19 pandemic, many of us are facing major restrictions on our movements. Complying with global stay-at-home mandates means carrying out more and more of our daily activities online. As a result, the Coronavirus crisis is proving to be not just an unprecedented health, social and economic event – but also a major catalyst for change in the digital commerce sphere.
Our latest Fraud and Abuse Report comes at a telling time, providing insight into changing transaction and attack levels across our global network since the beginning of 2020. With consumer behavior in flux, businesses are facing increased attacks from fraudsters looking to take advantage of the chaotic world we now live in.
Digital Behavior Shift Means Changing Fraud Patterns
Following the digital boom of the holiday period at the end of the year, Q1 is normally a slightly calmer period for fraud. However, there is nothing normal about the current digital landscape. With digital transactions on the rise, organized fraud operations have been quick to mobilize, targeting spikes in digital activity.
In the first quarter of 2020, the Arkose Labs network recorded the highest attack rate ever seen. 26.5% of all transactions were fraud and abuse attempts, which is a 20% increase over the previous quarter. This equated to 445 million attacks, which were detected across our customer base, stopping downstream fraud losses.
There was a noticeable increase in fraudulent activity as the quarter came to a close when lockdowns were in place across major economies.
The speed at which the cybercrime ecosystem adapts to changing socio-economic circumstances, in order to increase its ability to launch and sustain profitable attacks, is highlighted by how the attack mix changed throughout the quarter.
At first, Arkose Labs saw a decline in human-driven attacks, with a dip in attacks being perpetrated by low-cost ‘sweatshop’ resources from traditional fraud hubs within Asia. Early lockdowns and restrictions on movements were clearly throwing established sweatshop operations into disarray.
Localized pockets of sweatshop-driven activity show that economic hardships will lead to new fraud hubs emerging. For example, there was a sharp spike in human-driven fraud originating from Italy and Peru directly after lockdowns were announced.
Just as the corporate world is adjusting to working from home, so is the world of fraud – tapping into an increasingly distributed network of resources to carry out attacks.
While there was some volatility in the levels of human-driven attacks, there was a steady increase in automated attacks as the quarter progressed- ramping up dramatically when lockdowns were in full force. Automated attacks are easier to scale up quickly, allowing fraudsters to quickly take advantage of the changing digital landscape.
Naturally, fraudsters will follow the money, and the industries hit the hardest by increased attacks are those experiencing major spikes in activity, such as ecommerce and gaming. As one of our customers put it, “every day is a holiday” in online gaming right now. With so many people confined to their homes, our gaming customer base saw a 30% increase in activity. 27% of that traffic, however, is a fraud or abuse attempt. Technology platforms also saw a 18% spike in attack levels – as more and more of us have to collaborate and communicate online, this sector is naturally more of a target.
Based on Q1 trends, there will continue to be intense periods of attacks targeting elevated digital transactions, as the COVID-19 crisis continues. With individuals facing severe hardships and mounting unemployment rates, it is of paramount importance that businesses step-up to ensure fast and accurate detection of malicious activity and prevent fraud across the customer lifecycle.
For more detail, download the Arkose Labs Q2 2020 Fraud and Abuse Report.