Ecommerce fraud has been a thing pretty much since the first customer placed the first order with a keyboard and a mouse.
And, of course, it’s evolved — the strategy, the tactics and the attacks. But the change now feels different — in scale, in speed and in the threat it poses to the retail industry.
How is retail fraud changing?
Signifyd’s State of Fraud and Abuse 2024 report digs into how fraud is changing. How it’s becoming industrialized on a global scale and how criminal rings are increasingly looking beyond the checkout stage of the buying journey. First-party fraud and abuse is on the rise. Return and refund fraud is providing a growing revenue stream for fraud rings and a way for traditional customers to get free stuff.
In the report, Signifyd Senior Manager, Risk Intelligence Xavi Sheikrojan talks about how organized fraud rings are adopting the business structures and processes established by the Fortune 500 companies they sometimes attack.
Organized retail crime rings operate like corporations to commit online fraud
Signifyd’s State of Fraud and Abuse 2024 report traces the rise of industrialized fraud being committed by global criminal organizations that behave in many ways like the large enterprises they prey on. Senior Manager, Risk Intelligence Xavi Sheikrojan works on the front lines of fraud and abuse. He provides insight into the way fraud operations have changed in recent years.
Retail fraud rings are evolving
The report also features Mastercard’s Chris Reid, who lays out the supply chain of evil that provides the stolen and synthetic identities needed for criminal organizations to make off with millions and Allyiz’s Catherine Tong, who laments the role of human trafficking in building the workforce needed to commit online crimes, including fraud.
As the sophisticated rings look for new revenue streams and new ways to outsmart fraud protection deployed by merchants, the types and targets of fraud are multiplying, the report says.
One glaring example, widely recognized by merchants according to a recent MRC survey, is first-party fraud and abuse. First-party fraud is a flavor of online crime and cheating that focuses on vulnerable points before and after checkout. Common first-party scams include falsely claiming an order never arrived or arrived in poor condition, breaking the rules on promotions and discounts, and engaging in unauthorized reselling of popular items.
Signifyd’s State of Fraud and Abuse report details what you can expect going into 2025:
Among the report’s key findings:
- Attempts at placing fraudulent orders increased 19 percent in the first half of 2024 compared to the previous year, according to Signifyd data.
- Thirteen percent of orders now include signs of address manipulation, a fraud ring tactic that attempts to outsmart machine learning models’ ability to recognize addresses with a history of fraud.
- Cases of attempted re-shipper fraud are up 50 percent in 2024, a sign that crime rings increasingly rely on go-betweens to mask their role in online orders while moving stolen goods out of the United States.
- Professional fraud rings have significantly expanded into nonpayment fraud, often labeled first-party fraud and abuse, helping drive a 4 percent increase year-over-year in consumer abuse. These efforts include “fraud-as-a-service” operations through which fraud rings commit return and refund fraud on behalf of consumers for a cut of the profits.
- The report leaves no doubt that the fraud rings operating today aren’t your parents’ fraud rings. These criminal rings act in many ways like the enterprises they torment — planning their paths forward, brainstorming new tactics and targets, testing new strategies, and calculating the return on investment of the various ways they pilfer products from legitimate merchants and convert them to cash.
Both merchants and consumers are the victims of retail fraud
Global fraud rings have been growing in size and prominence for a while now. But merchants say it’s the acceleration of that growth and the intensifying attention criminals are paying to online commerce that has them worried.
And, of course, consumers are victims here, too. It is their credit card credentials that are stolen and used nefariously, after all. Yes, shoppers are generally compensated for the cost of online fraud committed with their credentials. But that only goes so far in alleviating the stress and inconvenience that the theft creates.
A.I. and machine learning help retail fraud rings grow
This is all going on while AI tools and knowledge are evolving. Both sides in the ecommerce fraud battle are using artificial intelligence to achieve their diametrically opposed goals.
Criminal organizations have long used bots to rapidly attempt unauthorized logins and to clear digital shelves of scarce and desirable products. Now they’ve broadened their automated tool set. Fraudsters increasingly are employing deep fakes to run social engineering schemes that yield the personally identifiable information needed to commit fraud and create synthetic accounts.
For their part, risk professionals are increasingly turning to AI to protect the entire buying process, from account creation to account login to return requests. Machine learning models determine the legitimacy of an account modification, an online order or a refund request by recognizing patterns found in past transactions with known good or bad consequences.
The AI vs. AI competition is picking up speed, the State of Fraud and Abuse says. It points to the growing role of Southeast Asian fraud compounds staffed with workers coerced and kidnapped into running illegal schemes.
One Vietnam-based ring, the report says, made off with nearly $1 billion in goods in a matter of months. As staggering as the figure is, it’s barely a rounding error in an illicit industry that Juniper Research estimated cost ecommerce companies $48 billion last year.
Photo by Getty Images
Looking to stay ahead of the evolving menace of ecommerce fraud? Let’s talk.