Account Takeover / Credential Stuffing / New Account Origination

Why Attacks Are the New Normal for eCommerce and Travel

March 1, 20234 min Read

ecommerce travel fraud

Evolving trends in fraud and abuse show eCommerce and travel providers are prime targets as attackers leverage online shopping conveniences to monetize stolen credentials and payment details.  

In-person transactions shifted to online in 2020, as shopping at physical storefronts came to a halt. Consumers had to rely on digital channels to shop even for the most basic needs. As these habits become the new norm, the future of shopping changed for good.

Attackers Target Retail 

This mass transition to online was an attacker’s  dream come true. Insights from the Arkose Labs network reveal, during Q4 of 2020 retail was a highly attacked target. . This was the result of increased consumer spending  through Black Friday and the holiday season. 

Ecommerce fraud continued into the early part of the first quarter in 2021, before easing up a little by spring. As fraud teams try to catch up to the new normal volumes of digital commerce—redefined by the pandemic—attackers are focusing on payment attacks and scraping for information.

eCommerce: What is an Acceptable Level of Friction?
eCommerce: What is an Acceptable Level of Friction?

Travel Suffers Attacks During Pandemic

Another area where consumer spending has returned is travel. Travel industry was perhaps the worst affected due to the pandemic with airlines, cruise operators, car rental agencies, and hotels shuttering down almost overnight. 

For several months at a stretch, demand slowed down to a trickle. However, as the world begins to open up and more people get vaccinated, travel is making a roaring comeback. Air and hotel bookings have nearly reached the pre-pandemic levels. Fraudsters, too, are scouting for opportunities to steal credit cards, gift cards, and rewards to capture their share of consumers’ dollars.

2021 Took Off From Where 2020 Left 

The beginning of 2021 was not much different from how 2020 ended for the e-commerce and travel industries. However, things quickly changed as pandemic-related restrictions lessened and life seemed a bit closer to normal. 

Since the beginning of the year, e-commerce and travel attacks increased by 63% as traffic across these platforms soared back to pre-pandemic levels. Following these changes, peak eCommerce and travel periods like Black Friday saw spikes up to 20x the average attack volume.

Payment Methods Are Prime Targets of eCommerce Fraud 

With volumes of new users increasing during the pandemic — as well as an increase in the traffic from returning eCommerce customers — attackers  are targeting users for their payment methods. Fraudsters can monetize compromised accounts in several ways, including stealing the payment or bank account information stored in the account, money laundering, payments fraud, stealing and redeeming loyalty or rewards points, and much more.

E-commerce fraud, especially payment fraud on gift cards is on the rise. Attackers use automation to brute force attacks on gift card websites. They test thousands of card numbers and PIN combinations every minute. Also, they deploy bots and sweatshops to continually check card balances in order to redeem them as quickly as possible.

Gift card fraud is particularly attractive to attackers  due to low authentication barriers when compared with authentication requirements for credit cards. In the case of gift cards, there is no additional verification for points redemption, making it easy for attackers  to escape with their loot, undetected. Also, much like cash theft, gift card fraud is difficult to trace.

Read how a major gift and prepaid card provider deterred attack: 

Payment Firm Foils Gift card Fraud With Arkose Labs
Payment Firm Foils Gift card Fraud With Arkose Labs

ARKOSE LABS Fights eCommerce Fraud

Gift card fraud can disrupt consumers' shopping experiences and damage retailer brand reputations, making it essential for retailers to secure their physical and digital cards. Detecting and stopping fraud is difficult, as there are no authentications or trails. Therefore, retailers must adopt a fraud-prevention approach that eliminates attacks without disrupting genuine user experiences. Arkose Labs' bilateral approach targets automated bots and bad actors with adaptive, graduated friction to stop attacks, while making authentication fun and seamless for genuine users.

Arkose Labs helps online retailers accurately identify and thwart attackers using digital intelligence. Authentic users clear user-friendly enforcement challenges unseen, while bots and automated scripts fail instantly. Malicious humans are presented with increasingly complex challenges, wasting their time and resources until they call it quits, providing long-term protection for ecommerce and travel. 

Contact us to learn more!