Report: Sift Finds Fraudsters are Targeting Fintech, Digital Goods & Services-and Recruiting Consumers
SAN FRANCISCO, March 16, 2023 (GLOBE NEWSWIRE) -- Sift, the leader in Digital Trust & Safety, today released its Q1 2023 Digital Trust & Safety Index, which found that nearly one in five (16%) consumers admit to committing, or know of someone who has taken part in, payment fraud. Likewise, 17% of consumers have encountered online offers to commit payment fraud, a symptom of fraud’s accessibility and democratization among everyday internet users. Consumer data was collected via a survey of over 1,000 U.S. adults.
Additionally, the report includes fraud data findings from Sift’s global network of over 34,000 sites and apps. These combined insights have revealed the latest techniques fraudsters are adapting to turn stolen data and proven attack methods into profitable—and marketable—products and services amid shaky economic conditions.
Payment Fraud Rises in Fintech, Digital Goods & Services
According to Juniper Research, payment fraud cost online businesses $41B globally in 2022. Those losses are expected to jump to 17% in 2023, hitting $48B by the end of this year. With attacks on the rise, it’s no longer a matter of if a business will face a payment fraud attack, but when and at what scale. Even industries facing significant headwinds remain in fraudsters’ sights, as Sift’s network, which analyzes more than one trillion events annually, shows that payment fraud attacks in fintech jumped 13% between 2021 and 2022. Within fintech, buy now, pay later (BNPL) merchants faced a massive 211% increase, and crypto exchanges saw a 45% surge. Meanwhile, digital goods & service providers were hit by a 27% uptick in payment fraud.
Avoiding Detection with “Card Hopping”
Payment fraud attacks have persisted through the veritable arms race between cybercriminals and businesses, with fraudsters continuing to evolve their methods to avoid detection. Now, as businesses are equipped with better tools and technology to fight attacks, Sift researchers are observing a trend of payment fraudsters increasingly turning to “card hopping” techniques to avoid detection.
Card hopping–paying for goods and services with a variety of stolen credit cards–can provide the air of legitimacy for cybercriminals looking to make purchases without detection by a business’s fraud prevention measures. Whereas using a single credit card to make several high-value purchases on a company’s website could raise suspicion of fraud, card hopping spreads the purchase out over several cards so they appear unrelated, and therefore get approved by the merchant.
The Democratization of Fraud and Fraud-as-a-Service
Part of online fraud’s recent explosion into the mainstream is attributable to its availability, marketability, and accessibility to anyone with an internet connection. The ease with which someone can both sell and purchase stolen credit card or account information has led to the democratization of fraud. It has also opened up new revenue streams for seasoned cybercriminals that go beyond pointed attacks. As veteran thieves recruit customers through deep and open web channels like Telegram forums and TikTok, fraudsters can now scale their networks and activities, in a fraud-as-a-service model that profits from the expansion of fraud and reaps the rewards from successful attacks.
In one example of how this criminal business operation works, a fraudster steals credit card credentials via hacking, malware, or a phishing attack. Next, that individual creates or joins a group on a deep web forum and begins to cultivate a following. The fraudster advertises the credit cards to other fraudulent buyers at a deep discount. An opportunistic buyer agrees to purchase multiple credit cards at 50% off. Finally, the buyer makes purchases with the stolen credit cards and the cybercriminal earns a profit.
“The rapid democratization of fraud presents even more opportunities for motivated criminals to expand their reach by productizing their offerings and selling their services to commit fraud against businesses,” said Jane Lee, Trust and Safety Architect at Sift. “As online fraud continues seeping into everyday internet culture, trust and safety operations have become the single point of failure or success for businesses. Now is the time for companies to ensure they are leveraging the right technology and implementing a Digital Trust & Safety strategy to successfully stop payment fraud, while fueling growth with every transaction.”
To read Sift’s Q1 Digital Trust & Safety Index, please visit here.
Photos accompanying this announcement are available at https://www.globenewswire.com/NewsRoom/AttachmentNg/1d558891-10c6-422a-ab17-d16986dbdcfb