Who and How Fast Do Cybergangs Attack with Stolen Credit Cards? New Stats:
Julie Fergerson - formerly of Debix and ClearCommerce and now with Ethoca - recently published “Fraud Attacks Cross Industries,” co-authored with Dr. Daniele Micci-Barreca of Elite Analytics.
The study is based on analysis of 25,188 cases of confirmed fraud involving 95 merchants that represent 61% of the top 500 Internet merchants (as measured by revenue and as defined by Internet Retailer).
Highlights:
- When a fraudster commits fraud at multiple merchants, the victimized merchants do not typically all belong to the same industry or vertical.
- In 86% of the cases studied, the fraudster stopped using the same cards during the first 24 hours.
- In 10% of the cases studied, a single credit card was used to commit fraud at more than one merchants.
What Julie and Danielle observed is the tip of the iceberg. They only looked at one slice of data: merchants enrolled in Ethoca's Fraud Alerts program, and, of those, only credit card numbers - no other data elements.
Merchants not participating in Ethoca’s program probably also experienced attacks from the same fraudsters, which would increase the estimates.
(And, if they matched by additional data elements, like shipping addresses, phone numbers, email addresses, or IP addresses, they'd likely find a lot more cases of a single fraudster hitting multiple merchants.)
It's tough not to get resigned to a certain level of fraud losses. But if merchants collaborate with each other, with banks, and with PSPs, fraud losses and costs drop.
Julie wrote last year that collaboration is the only fraud prevention tool that increases in effectiveness over time – the only one the crooks cannot compromise.
It is common practice in other industries, and we need to look at the lessons learned by banks in fighting fraud.
Thoughts?
