With International Fraud Awareness Week and the holiday shopping season officially underway, analysts and retailers are diving into customers’ shopping habits. But it’s not just legitimate customers retailers need to be aware of, as fraudsters are just as keen on holiday shopping — and they’re already hitting online stores.
Here are some of the top trends we’re seeing as we enter the peak of the holiday shopping season.
Trend 1: Amateur Fraudsters on the Rise
I’m following this trend with fascination as it develops. A growing number of customers that Forter recognizes as legit shoppers from years of good purchases are suddenly going over to the dark side.
These are not career fraudsters but ordinary consumers turning to fraud as supplementary income, almost like a new (lucrative) hobby. We’ve seen a 35% increase in fraud committed by “non-professional” fraudsters (YoY comparison), which is astonishing. The trend is particularly prominent in North America.
These amateurs are more likely than professional fraudsters to target items closer to a regular person’s wishlist – phones, gaming consoles, luxury goods, etc. – as opposed to the strategic goods targeted by professional fraudsters.
To be clear, just because these activities are conducted by formerly “good” shoppers, this isn’t considered friendly fraud — but rather standard credit card fraud using stolen card data. What gives them away to us as amateurs is their lack of technical sophistication. They’ll often use their own devices, and if they engage in obfuscation, it’ll be something basic like a VPN.
Trend 2: Increase in Coupon Use
Coupon usage is up this year as consumers are more conscious of their budgets than ever. Between 2020 and 2021, coupon use was fairly steady. But this year, we’re already seeing an ~11% increase. It’s a trend most marked in the USA, but the trend is reflected globally.
Fraudsters who follow trends in buyer behaviors as avidly as any retailer, have become aware that coupon use is increasing during the holiday season. They don’t need the coupons themselves, but they’re happy to use coupons to make their persona look more legitimate and convincing (so, merchants— don’t give customers a free pass just because they come with coupons!).
Moreover, good customers aren’t above trying a bit of coupon abuse. They might try reusing or stacking coupons, sometimes setting up multiple accounts to get more than they’re entitled to. Ensure your company has clear policies about this and that your systems are configured to reflect those policies. If your policies will become a pain point this holiday season, now is the time to raise a flag with marketing and operations teams. If it’s too late to change things this year, make sure you bring it up early in the new year so there’s time to set new policies before the next coupon rush.
Trend 3: Popularity of Gift Cards
During the holiday season, good customers turn to gift cards as an attractive option for giving loved ones a thoughtful but flexible present. But this uptick in good transactions means it’s easier for fraudsters to hide in a rush – and they know it.
Gift cards are always popular with fraudsters because they’re anonymous, easy to resell, don’t require a shipping address, and can be used as part of a chain of fraudulent activity. Effectively, it’s free money for fraudsters (I’ve written in-depth about gift cards and how attacks are changing in 2022 here).
Gift card purchases don’t generally start spiking until after Black Friday and Cyber Monday. After that, there’s a preliminary peak of gift card purchasing around mid-December. But the pinnacles come on Christmas Eve when consumers realize they are out of time and a gift card is the best option. Gift card purchases are usually 6x or 7x more frequent on Christmas Eve than on November 1, which is pretty striking and puts a lot of pressure on fraud teams.
The trends show that this pattern repeats annually. But this year especially, fraudsters are getting in on the act much earlier, having already started doubling down on gift card attacks back at the end of October. This might be due to a trend in which fraudsters focus on attacking retailers selling gift cards instead of gift card-specific merchants. If they’ve found vulnerabilities there, it makes sense that they’d be attempting to exploit them during the extra vulnerable holiday season.
Trend 4: Low-Tech Address Manipulation
Fraudsters have increasingly found sophisticated ways to get around Address Verification Systems (AVS) that verify physical addresses. However, keeping track of the simple tricks they exploit is just as important. It doesn’t matter how simple it is if it evades your checks and causes loss.
This season, fraudsters are getting creative about tricking AVS systems in ingenious, low-tech ways. For example:
- Instead of writing 1, they’ll write “one” because AVS famously only checks numbers, not words. So it’s not a mismatch.
- Instead of writing the address in the address field, they’ll put it as part of the name field, so it doesn’t get checked.
- The shipping address can then be “see name,” which is understandable for the courier but doesn’t get flagged by the AVS or other checking systems. (Note: Forter’s Trust Platform does flag these types of circumventions – most other systems do not, so it’s vital to dig into your data and your platform to ensure you’re protected)
- Similarly, they’ll add some nonsense element to the address so the machine can’t see that it’s the same address used multiple times. Still, the human courier has no trouble making the delivery.
This kind of trickery is happening a lot. And during the holidays, fraudsters know it’s often harder for merchants who rely on manual review to catch this sort of thing.
Trend 5: Battling Bots
There’s been a significant uptick in bots in recent months, and it’s a trend that’s starting to impact industries that haven’t typically been primary bot targets. Our data shows that it is generally a large, professional operation utilizing sophisticated technology at extreme volumes.
Bot attacks happen at checkout, of course – but are also happening increasingly at various points in the account journey, including account creation and login. Often, the sites attacked this way will all be in the same vertical, giving an interesting insight into the fraudster’s thought process.
Unfortunately, bots are another trend that fits well into the holiday season. When traffic is heavy, bots might find it easier to fly under the radar. Moreover, Forter’s data shows that apparel and footwear merchants that engage in limited stock drops or short time frame sales are good industries to focus on when looking at bot behaviors as they are particularly vulnerable – facing 5-6x more attacks than merchants who don’t engage in similar drops or sales.
Stay Safe, and Good Luck!
The holidays are a stressful time for many online merchants. The potential of a rapid increase in revenue, combined with the potential for declining good customers, leaves teams overwhelmed when handling large volumes of orders.
It’s hard to keep track of evolving trends when you’re focused on ensuring that all good customers get their great deals and that bad actors don’t get through. I hope this article helps shed some light on how things are evolving this year and gives you some hints about what to check in your data to ensure your company is protected this holiday season.
Happy Holidays from the Forter team!
Forter is the Trust Platform for digital commerce. We make accurate, instant assessments of trustworthiness across every step of the buying journey. Our ability to isolate fraud and protect consumers is why Nordstrom, Sephora, Instacart, Adobe, Priceline, and other leaders across industries have trusted us to process more than $500 billion in transactions. Click here to learn more.