Post on 16-Dec-2016
page 1R S A M O N T H LY F R A U D R E P O R T
F R A U D R E P O R T
E-COMMERCE FRAUD TRENDS 2014: SECURING THE ONLINE SHOPPING CART
July 2014
The U.S payment card industry is undergoing a transformation. With the looming upgrade
to the EMV standard, it is expected that the U.S. will experience a significant increase in
card-not-present (CNP) fraud as have most other countries that have embraced it.
According to leading research firm Aite Group, CNP fraud will account for about $2.9
billion in fraud losses to U.S. issuers this year. However, by 2018 when about 98% of
payment cards in the U.S. will be enabled with the EMV capability, that number is
expected to more than double to $6.4 billion in losses1.
That’s in the future. But what are we seeing today? RSA has gathered insight from the
billions of e-commerce transactions we secure each year, and here are some of the trends
we are seeing in 20142.
TOP MERCHANT CATEGORIES FOR E-COMMERCE TRANSACTIONS
Following are the top ten merchant categories for e-commerce transactions:
Airlines (39%)
General Retail (15%)
Computers/Electronics (12%)
Ticketing (10%)
Telecom (mobile phones, apps, etc) (5%)
Money transfer (4%)
Automotive (3%)
Toys (3%)
Clothing (3%)
Restaurants and dining (1%)
1 Aite Group, “Card Not Present Fraud in a Post-EMV Environment: Combating the Fraud Spike,” June 2014. 2 RSA Adaptive Authentication for eCommerce, Jan – June 2014, U.S. only
page 2R S A M O N T H LY F R A U D R E P O R T
AVERAGE VALUE OF FRAUD TRANSACTIONS
While there are over 100 parameters that RSA’s risk-based authentication system looks at
in determining whether an e-commerce transaction is genuine or suspected fraud, one of
the leading indicators is the average value of a transaction. The chart below shows the
average value of legitimate transactions vs. fraudulent transactions, with the fraudulent
transactions most always bearing a significantly higher value than an average legitimate
transaction. For example, an average jewelry purchase online is $307 while an average
fraudulent purchase in the same category is $1,300, more than four times that value.
0
500
1000
1500
2000
2500
TOP MERCHANT CATEGORIES AFFECTED BY FRAUD
As consumers, we like to indulge once in a while with a random getaway, new electronic
gadget, or the latest fashion trend as seen by the average value of e-commerce
transactions. But cybercriminals find it even more enjoyable to use stolen payment cards
to indulge themselves with vacations, cash, and computers – and even to pay their
monthly household bills. The following chart represents the top merchants affected by
fraud transactions.
Sou
rce:
RSA
Ant
i-Fra
ud C
omm
and
Cent
er
Airlines
Pharmacy
Money transfer
Airlines
Computers/Electronics
Autom
otive
General Retail
Jewelry
ClothingB
ill payments
TravelA
ppliances
Gam
ing
Clothing
Toys
Travel
Jewelry
Insurance
Bill paym
ents
Charity
Utilities
Average value of transaction
Average value of fraud
0
10
20
30
40
5046%
264
1830
659
1480
331
1320
307
1300
931
1180
674
1140
495
1040
897
1000
585
702
104
581
467
552
16%13%
9%
5%
1% 1% 1% 1% 1%
page 3R S A M O N T H LY F R A U D R E P O R T
CONCLUSION
In 2013, one out of every seven payment cards in the U.S. was exposed in a data breach3.
With hundreds of millions of payment cards in use and circulation in the U.S., this is
quite noteworthy. Rapid changes are taking place beyond embracing the EMV standard.
In October, 2015, changes will go into effect modifying the liability rules concerning card
purchases for both issuers and merchants. Long overdue in the U.S., EMV adoption is
going to invoke rapid changes in the payment card landscape, and financial institutions
and retailers must be prepared to make the investments in technology to manage fraud
risk in e-commerce.
3 Discover Financial Services’ Pulse ATM Network
page 4R S A M O N T H LY F R A U D R E P O R T
Phishing Attacks per Month
RSA identified 55,813 phishing attacks in
June, marking a 43% increase from May.
Based on this figure, RSA estimates
phishing cost global organizations $476
million in losses in June.
US Bank Types Attacked
U.S. regional banks have consistently been
hit with 30 – 35% of phishing volume over
the last few months, targeted by about one
out of every three attacks.
Top Countries by Attack Volume
While the U.S. saw a 16% decline in
attacks, it still remained the most targeted
country in June with 57% of phishing
volume. Other top targeted countries
include the Netherlands, UK, Malaysia
and South Africa.
55,813 Attacks
Credit Unions
Regional
National
57%
7%
6%
5%
UK
Malaysia
Netherlands
U.S.
JULY 2014Source: RSA Anti-Fraud Command Center
page 5R S A M O N T H LY F R A U D R E P O R T
Top Countries by Attacked Brands
U.S. and U.K brands were the most
affected by phishing in June, targeted
by 40% of attacks. Brands in India, the
Netherlands, and Canada were collectively
targeted by 16% of phishing attacks.
Top Hosting Countries
The number of phishing attacks hosted in
the U.S. remained relatively the same at
43% in June. Germany continues to be the
second top hosting country.
Top Merchant Categories Affected by Fraud
In the first half of 2014, the merchant
category most affected by e-commerce
fraud, with 46% of fraudulent transactions,
was airlines and travel. The second most
affected merchant category, with 16% of
fraudulent transactions, was money
payment processors.
11%
U.S.
UK
28%
5% 4%7%
43%
GLOBAL PHISHING LOSSESJUNE 2014
46%Airlines
13%Computers/Electronics
16%Money transfer
www.emc.com/rsa
CONTACT USTo learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at www.emc.com/rsa
©2014 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC
Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective
holders. JULY RPT 0714