Bots on Mobile Devices Fuel Holiday Shopping Cyberattacks

LexisNexis® Risk Solutions released an analysis looking at transactions and cyberattacks that occurred between Wednesday, November 27, 2019 through Tuesday, December 3, 2019 (Black Friday week). The data was acquired from the LexisNexis® Digital Identity Network®, a crowdsourced intelligence network comprised of data from approximately 38 billion global transactions each year including logins, payments and new account creations. The Black Friday week data analysis offers the industry a first look at trends shaping this important season for retail and e-commerce.

The deals and offers available over the holiday shopping week continue to draw more consumers every year, with the Digital Identity Network recording a 48% increase globally in transactions compared to last year.

Marketing Technology News: Digital Transformation: Move Fast, Get Technology Out of Your Way

Key Findings include:

  • The Growth in Bots Targeting Mobile App Registrations – In 2019 bots evolved to target new account creations, with the Black Friday week continuing this global trend. New accounts offer fraudsters the opportunity to test, validate and build online identities for financial gain. During the Black Friday week, fraudsters went one step further, targeting new accounts created using mobile devices. These new mobile accounts, or mobile app registrations, provide fraudsters the opportunity to mimic new customers and initiate transactions through an established and seemingly genuine account. One U.S. payment processor actually recorded a sustained 2,000% increase in its bot traffic over this period.
  • Fraudulent Cart Sizes Globally Nearly Triple the Size of Legitimate Ones – While record revenues generated over the Black Friday weekend dominate headlines every year, Black Friday week is also a major money maker for fraudsters, who use the increase in online traffic as camouflage for fraudulent transactions to increase their revenue per transaction. The average shopping cart transaction value rejected as high risk or fraudulent over the 2019 Black Friday week was 179% higher than legitimate transactions – $329 versus $118 – which indicates that fraudsters load carts at higher dollar amounts than the average buyer.
  • Payments Surge as Fraudsters Use Mobile Browsers to Cash Out – We usually see a surge in payments Black Friday week as consumers shop for the best deals. This 2019 shopping week was no different: The Digital Identity Network recorded globally three times as many payments when compared to a normal shopping day. However, consumers increasingly showed a preference for making payments via mobile with 64% of all payments during Black Friday week coming from mobile devices. For one global payment processor, the mobile browser attack rate on payments doubled over the Black Friday shopping week compared to average rates.
  • Mobile Growing as a Target but Desktop Remains Firmly in the Crosshairs – According to the 2019 LexisNexis Cybercrime Report, the mobile channel is a growing target for fraudsters, increasing 12% in the last year alone. However, desktop transactions remain in the crosshairs for fraudsters, who target it more often: The desktop attack rate in the first half of 2019 was 3.4% versus 1.4% for mobile, with lower mobile attack volumes likely due to mobile being inherently more secure than desktop. During the 2019 Black Friday week, desktop attack volumes remained high and in proportion to transaction volumes. Fraud attack rates for several large online retailers doubled during this period in correlation to increased transactional volume.
  • Black Friday Becoming a Global Target
    As Black Friday increasingly becomes an international shopping event, fraudsters from across the world are taking advantage of the availability of breached identity data to launch attacks and profit from increased transactional traffic. This year, the Digital Identity Network recorded attacks originating from Russia, Belarus, China, Vietnam, and South Korea, as well as the U.S.

Marketing Technology News: We’re Trapped in a Social Filter Bubble

“Cybercriminals are opportunity seekers and travel paths of least resistance, shifting their focus based on consumer patterns,” said Kim Sutherland, vice president of Fraud and Identity Market Planning at LexisNexis Risk Solutions. “As consumers ramp up their purchase volumes and increasingly utilize mobile devices to transact, data shows that fraudsters will likely continue to progressively target mobile and with higher dollar fraud.”

Sutherland continued, “The LexisNexis Fraud Multiplier for 2019 showed that for every dollar lost to fraud retailers and e-commerce merchants incur an additional $3.13 on average in associated costs including lost revenue, chargeback fees, merchandise redistribution and other fees. However, employing a multilayered, risk-aware fraud prevention program remains the greatest defense against fraud losses.”

Marketing Technology News: Rewinding 2019: Top 200 News in MarTech that Sets the Bar for 2020-2024