NuData Security, a Mastercard company, today launched its H1 2020 Fraud Risk Report. The report found that COVID-19 sparked an unparalleled surge in the creativity of scammers, as more shoppers ditched physical shopping carts for digital ones.

In H1, NuData monitored online changes and summarized the key findings in the report. Some highlights include:

Robert Capps, VP of marketplace innovation at NuData Security, answered a few questions to highlight how this surge in online fraudulent activity and impact retailers and how they can protect themselves.

Q. Could you explain what human-like attacks are and what makes them unique to other types of attacks? What do these attacks mean for retailers specifically?

Human-like attacks emulate human behavior during a web or mobile app transaction, but originate from a computer program or script. They attempt to evade technical countermeasures that organizations deploy to frustrate or block attackers that use normal, highvolume scripted attacks to perform malicious actions on a website or using mobile applications. Human characteristics that are often emulated are typing rate, the speed between page interactions, the emulation of mouse movement, page scrolling, and browser identifiers. For organizations that lack sophisticated controls for automation, human emulation can create havoc for fraud and security evaluation controls, allowing for high risk interactions to occur uninterrupted.

Retailers can be impacted by such attacks in a number of ways, including:

New account registration – many plausible looking but fake accounts may be registered using automation, that are later used for ecommerce fraud or to abuse rewards programs.

Account Takeover Attacks – stolen consumer credential data (usernames and passwords) are used to look for good access at merchant websites, leading to legitimate consumer accounts being taken over by a fraudster, and the accounts used to make purchases or obtain other value from the merchant – such as the use of accrued rewards programs benefits, access to digital content, or other services (rideshare, gig economy, food delivery, etc).

Standard checkout/ ecommerce transaction fraud – with automation used to increase the volume of fraudulent transitions without requiring human interactions.

Q. How do BOPAC/BOPIS operations factor into the approach fraudsters take?

At the beginning of the Pandemic, we observed a trend of fraudsters utilizing the buy online and pickup in-store/atcurbside to evade many retailer controls around shipping products to risky addresses. ID check requirements for store pickups became difficult for merchants to adequately carry out in light of mask wearing consumers and staff being weary of getting too close during in-person and curbside order pickups. This gap in process opened up an opportunity for fraudsters to exploit – and exploit it they did. Many merchants have since adapted to threats for in-person fulfillment methods in the intervening months. As new controls are enabled, fraudsters continue to adapt, forcing merchants to continue to evolve in response to change

Q. How has the pandemic created space for human-seeming fraudsters?

The pandemic has opened up a number of opportunities for fraudsters and cyber criminals to blend in to the increased volume of online consumer interactions. COVID has forced many users to transact online for banking and retail transactions, and has greatly increased the adoption of streaming media, gaming, and collaboration services.

Q. What should brands consider when it comes to security while expanding their e-commerce offerings? I.e. What security tools can help retailers avoid fraudulent attacks like chargeback requests? How can retailers determine the legitimacy of these requests and save revenue in preventative loss?

Organizations who face human emulating automation need to be aware that they likely have a problem, even if it doesn’t result in immediate losses to their bottom line. There are a number of financial impacts that stem from automated interactions, such as an increase in costs to support the computing infrastructure required to service these high volume and low value transactions, payment processing costs resulting from validating new credit cards added to accounts using automated scripts, and customer support costs associated with responding to and mitigating legitimate customer accounts that have been compromised by attackers, using automation.

A blending of fine grained automation detection, advanced device intelligence, behavioral analytics, and passive biometrics capabilities provide a strong safety net to detect and mitigate the majority of automated interactions an organization might encounter.

For a PDF of the report, visit: https://issuu.com/globalretailmag/docs/h1_fraud_risk_report_final/ s/11132026

Robert Capps
Vice President, Marketplace Innovation
Robert is NuData Security’s Vice President of Marketplace Innovation. He is an industryrecognized technologist, thought leader, and advisor with over twenty-five years of experience in retail, payments, financial services, and cybercrime investigation and prosecution.