Study: Black Friday becomes dark time for cyberfraud
Cybercriminals, as well as legitimate shoppers, flocked to digital retailers this Black Friday week.
The LexisNexis Digital Identity Network recorded a 48% increase in total global transactions between Wednesday, Nov. 27 through Tuesday, Dec. 3, 2019 (Black Friday week). With that surge in retail traffic came corresponding growth in related criminal activity. Here are some key analytical findings from LexisNexis:
- Growth in bots targeting mobile app registrations –During the Black Friday week, fraudsters targeted new accounts created using mobile devices. These new mobile accounts and mobile app registrations provided fraudsters the opportunity to mimic new customers and initiate transactions through an established and seemingly genuine account. One U.S. payment processor recorded a sustained 2,000% increase in its bot traffic over this period.
- Fraudulent cart sizes globally nearly triple the size of legitimate ones –The average shopping cart transaction value rejected as high risk or fraudulent over the 2019 Black Friday week was 179% higher than legitimate transactions – $329 compared to $118. According to LexisNexis analysis, this indicates that fraudsters load carts at higher dollar amounts than the average buyer.
- Payments surge as fraudsters use mobile browsers to cash out – LexisNexis recorded globally three times as many payments as normal during Black Friday week. However, consumers increasingly showed a preference for making payments via mobile, with 64% of all payments during Black Friday week coming from mobile devices. For one global payment processor, the mobile browser attack rate on payments doubled over the Black Friday shopping week compared to average rates.
- Desktop remains firmly in the crosshairs – Despite growth in mobile attacks, fraudsters still target desktop transactions more often. The desktop attack rate in the first half of 2019 was 3.4% compared to 1.4% for mobile, with LexisNexis advising that lower mobile attack volumes are likely due to mobile being inherently more secure than desktop. During the 2019 Black Friday week, desktop attack volumes remained high and in proportion to transaction volumes. Fraud attack rates for several large online retailers doubled during this period in correlation to increased transactional volume.
- Black Friday becomes a global target - This year, LexisNexis recorded attacks originating from Russia, Belarus, China, Vietnam, and South Korea, as well as the U.S.
“Cybercriminals are opportunity seekers and travel paths of least resistance, shifting their focus based on consumer patterns,” said Kim Sutherland, VP of fraud and identity market planning at LexisNexis Risk Solutions. “As consumers ramp up their purchase volumes and increasingly utilize mobile devices to transact, data shows that fraudsters will likely continue to progressively target mobile and with higher dollar fraud.”
LexisNexis Digital Identity Network is a crowdsourced intelligence network comprised of data from approximately 38 billion global transactions each year including logins, payments, and new account creations.