Light Dark
April 27, 2017 By Mark Samuels 2 min read

Retail fraud continues to rise, and there is significant growth in online attacks across all sectors. Forter’s “2016 Fraud Attack Index” showed a 69.9 percent rise in attacks against apparel websites and goods. Luxury goods were also targeted, with an average fraud rate of $5.91 at risk out of $100 of sales.

The report, created in collaboration with the Merchant Risk Council, highlighted the continued presence of retail fraud as well as the shifted priorities and techniques of attackers. Retail IT decision-makers should pay attention to attack trends and consider ways to respond.

Understanding the Rise in Retail Fraud

Overall, 2016 saw a moderate increase of 8.9 percent for online fraud attacks from January to December. But there was also a 79 percent year-over-year increase in fraud risk for domestic holiday orders during Q4.

Forter suggested the rise in domestic online attacks and card-not-present (CNP) fraud is significant but unsurprising. U.S. fraudsters have moved online following the October 2015 adoption of Europay, MasterCard and Visa (EMV) cards, a move that made it harder to copy physical cards.

Michael Reitblat, CEO of Forter, suggested that the significant growth in fraud attack rates in the apparel industry might also be related to EMV adoption. Fraudsters who have recently joined the online criminal ranks might be sticking to a sector they understand, he said in a press release.

Detailing Other Report Trends

However, this rising trend doesn’t seem to be entirely universal: The fraud attack rate for international markets dropped by 13 percent compared to 2015. Forter researchers described this fall as a surprise, since international orders were found to be 62.4 percent riskier than domestic ones throughout 2016. They attributed the drop to a growth in genuine international orders rather a fall in fraud.

In the online service payment sector, researchers highlighted a 131 percent rise in account takeover (ATO). Specifically, there was a shift to online payment ATO, drawing away from attempts to break into accounts on retailers’ websites.

The research also provided statistics on the frequency of retail fraud attacks in a range of key verticals, including:

  • Travel and hospitality (33 percent decrease);
  • Luxury (8.4 percent decrease);
  • Electronics (1.8 percent decrease);
  • Digital goods (22.6 percent decrease); and
  • Food and beverages (49.8 percent increase).

Fraud prevention firm Verifi told CSO Online that every $1 stolen costs retailers an additional $3.08 in lost time, services or merchandise. The crime doesn’t just hit retailers financially, but throughout multiple departments in an organization.

Finding Ways to Respond Effectively

Retailers must find the right balance between fraud coverage and strong defense strategies that might be too restrictive and alienate customers. It is crucial for retail organizations to understand attack trends and make the necessary security investments.

These organizations should aim for a customizable technological platform that allows for the fine-tuning of fraud mitigation according to market and attack patterns. Merchants and issuers should also consider ways to share information that can help resolve fraud claims easily in the event that a breach does occur.

 |  |  |  |  |  | 
Mark Samuels
Tech Journalist

More from

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature