Fraud and Abuse Continues in the New Normal of eCommerce and Travel


7 min Read
ecommerce travel fraud

Evolving trends in fraud and abuse show eCommerce and travel providers are prime targets as attackers leverage online shopping conveniences to monetize stolen credentials and payment details.  

In-person transactions shifted to online in 2020, as shopping at physical storefronts came to a halt. Consumers had to rely on digital channels to shop even for the most basic needs. As these habits become the new norm, the future of shopping stands changed for good.

This mass transition to online was a fraudster’s dream come true. Insights from the Arkose Labs network reveal that during Q4 of 2020 retail was highly attacked. This was because consumers resumed spending through Black Friday and the holiday shopping season. Ecommerce fraud continued into the early part of the first quarter in 2021, before easing up a little by spring. As fraud teams try to catch up to the new normal volumes of digital commerce—redefined by the pandemic—fraudsters are focusing on payment attacks and scraping for information.

Another area where consumer spending has returned is travel. Travel industry was perhaps the worst affected due to the pandemic with airlines, cruise operators, car rental agencies, and hotels shuttering down almost overnight. For several months at a stretch, demand slowed down to a trickle. However, as the world begins to open up and more people get vaccinated, travel is making a roaring comeback. Air and hotel bookings have nearly reached the pre-pandemic levels. Fraudsters, too, are scouting for opportunities to steal credit cards, gift cards, and rewards to capture their share of consumers’ dollars.

2021 took off from where 2020 left

The beginning of 2021 was not much different from how 2020 ended for the eCommerce and travel industries – with high rates of fraud attacks. Ecommerce and travel industries saw a 41% attack rate at the very beginning of Q1 2020, with more than 9 million attacks per week.

However, towards the end of the quarter, attacks tapered off, reaching 8%. Overall, eCommerce and travel saw a 34% attack rate during Q1 2021. There was also a higher ratio of human-based attacks compared with Q4 of 2020.

Payment methods are prime target of eCommerce fraud

With volumes of new users increasing during the pandemic — as well as an increase in the traffic from returning eCommerce customers — fraudsters are targeting users for their payment methods. Fraudsters can monetize compromised accounts in several ways, including stealing the payment or bank account information stored in the account, money laundering, payments fraud, stealing and redeeming loyalty or rewards points, and much more.

Ecommerce fraud, especially payment fraud on gift cards is on the rise. Attackers use automation to brute force attacks on gift card websites. They test thousands of card numbers and PIN combinations every minute. Also, they deploy bots and sweatshops to continually check card balances in order to redeem them as quickly as possible.

Gift card fraud is particularly attractive to fraudsters due to low authentication barriers when compared with authentication requirements for credit cards. In the case of gift cards, there is no additional verification for points redemption, making it easy for fraudsters to escape with their loot, undetected. Also, much like cash theft, gift card fraud is difficult to trace.

Fraudsters loom long before the checkout

In order to serve their customers better through interaction across numerous digital touchpoints and meet their evolving needs, retailers are expanding their footprint. This proliferation in digital touchpoints has made it easier for fraudsters to blend in and gain from commerce providers long before the transactions occur. Merchants with limited-edition or limited-supply products are also a prime target for price scraping or denial of inventory, as fraudsters work to steal revenue from merchants on gray market sites.

Fraudsters have come a long way from using stolen credit card details to make fraudulent purchases. They have become more strategic in their approach and are launching complex, targeted attacks using sophisticated tools. Credential stuffing, account takeovers, and fake account creation are now the common tactics employed to monetize bonuses, utilize rewards, or act as money mules.

Regular users are supplementing fraud

Q1 2021 brought with it an unprecedented rise in human-based attacks targeting online retail. There was a drastic increase in human labor being deployed for attacks. As a result, the Q1 2021 human attack rate targeting eCommerce jumped to 33.6%, compared to around 19% during Q4 of 2020. Interestingly, a third of all attacks targeting eCommerce platforms originated from North America.

In addition to the seasoned attackers, financial hardships due to lockdowns last spring caused regular users to turn to fraud as a way to earn cash or avoid paying for goods. They dabbled in fraud occasionally or full-time out of their desperation to make ends meet. However, a year later, digital commerce continues to see a rise in friendly fraud.

Those ‘first-timers’ continue to engage in fraudulent activities as it continues to bring them monetary rewards. This only underscores the fact that there’s not just one profile of a fraudster, which further compounds the challenge for digital businesses. As more and more fraudsters look like average users, detecting the subtleties in behaviors between a person with good intent and not-so-good intent is more critical than ever.

Consumers (and fraud) return to travel

Travel has been a high target industry for bot attacks with a focus on information scraping and inventory hoarding. With over 90% attacks focused on scraping, fraudsters scrape sensitive business data—such as inventory availability or pricing details—to sell them to competitors. They use bots to overwhelm business networks, leading to denial of inventory attacks that disrupt business operations and cause losses.

Fraudsters are also ramping up account takeover attacks on travel user accounts in order to steal and resell (or cash in) unused reward points. They may use these for personal use, but more often they resell on a third-party platform.

Prepare for complex, always-on attacks

Now that fraudsters are trying to exploit the new digital users and heightened eCommerce activity, the scales of eCommerce fraud has begun tilting towards payment transactions. And with travel back in business, fraudsters are targeting this industry with account takeover attacks and inventory hoarding.

In the post-pandemic world, rising incidents of eCommerce fraud and abuse of travel companies, must serve as a wakeup call for eCommerce platforms and travel sites. They must prepare for constant and refined attacks. They also need to keep abreast of the evolving threat landscape, so they can prepare to fend off ever-increasing attacks.

Securing customer accounts against a technically skilled adversary, without disrupting conversions, is critical. Therefore, to fight eCommerce fraud and abuse in travel, businesses need fraud solutions that can live-up to the demands of today’s always-on digital world and help strike a balance between fraud defense and optimum user experience.

Opt for long-term protection against eCommerce and travel fraud

Arkose Lab’s approach goes beyond traditional fraud mitigation to provide eCommerce and travel companies long-term deterrence that sabotages the true underlying motive of the fraud industry – financial gain. 

Using real-time risk assessment and a challenge-response mechanism, the Arkose Labs platform accurately identifies suspicious actors and engages them in a long-drawn battle that wastes time, effort and resources of the attackers to bankrupt their business model of fraud.

To learn how Arkose Lab’s zero tolerance to fraud approach helps fight eCommerce fraud and abuse in travel,  book a demo now.

Meet the Author

Share Now

Share on twitter
Share on facebook
Share on linkedin

Related Blogs