Intuitively, I think most of us presume that fraud spikes if you’re in retail and dealing with e-commerce. Last year, online fraud attempts in the period from Thanksgiving Day to December 31 increased by 22 percent, while the number of overall transactions increased by 19 percent (Source: ACI Worldwide, January 2018). In fact, on peak retail days, businesses operating on Amazon have reportedly seen an increase of 150 percent in fraud attempts.
But, what about other sectors outside of retail?
It’s a curious question and you wouldn’t think that business services would be more susceptible to fraud during this holiday period. So, we decided to do some analysis and look at attempted fraud attempts in our network between Black Friday and Cyber Monday going back to 2014. We also included the day before Black Friday and the day after Cyber Monday and looked at fraud rates across industries and regions, comparing worldwide stats with U.S. and EMEA.
For this exercise, we defined attempted fraud as any attempts where a government-issued ID (e.g., a passport, driver’s license or ID card) was manipulated in some manner. Also, when we discuss “attempted fraud,” we’re typically talking about fraud attempts by individuals trying to create new online accounts (which is obviously a different type of fraud compared to charge backs and payment fraud typical in e-commerce).
Here are some of the interesting findings from the second edition of our Holiday ID Fraud Report.
- Worldwide fraud patterns: We saw a 21.6 percent increased in attempted fraud comparing holiday fraud attempts to the rest of the year. In the U.S., fraud attempts were 22.8 percent higher than the average while attempted fraud was almost a third higher (32.9 percent) compared to the rest of the year.
- Some industries are more susceptible: Some non-retail industries seem to be more susceptible to online fraud during the holiday period including cryptocurrency (1.9 percent during the holiday period versus 1.1 percent for annual average), online services (1.36 percent versus 0.97 percent) and financial services (1.36 percent versus 1.23 percent). It’s interesting to note that in some countries, the overall fraud rates may appear stable over time, but this often masks underlying patterns at the industry level. In the UK, for example, the overall fraud rates have been relatively flat over the last five years. But, online gaming/gambling fraud rates are 49.3 percent higher in 2018 compared to 2014 while fraud levels for financial services organizations actually improved by 74.5 percent over 2014 (and steadily improved year over year). But why?One possible explanation is that the financial services industry is getting more serious about fraud detection than online gaming. It’s curious to note that most of our banking and financial services customers in the UK use a combination of ID and identity verification (which compares the selfie to the picture on the government issued ID) whereas most online gaming customers in the UK still rely on just ID verification. Perhaps, fraudsters are focusing their attention on these more susceptible targets.
- Online gaming is especially ripe for fraud: While the fraud rates of online gaming (mostly an EMEA phenomenon, but growing in other regions) has the highest rates of attempted fraud. At a worldwide level, attempted fraud for online gaming was 3.45 percent, significantly higher than the global average (1.72 percent). What’s also concerning is the trend rates for global online gaming. Back in 2014, the fraud rates for online gaming was just 0.85 percent and its climbed to 0.95 percent (2015) to 1.83 percent (2016) to 2.97 percent (2017) to 3.45 percent (2018). It should be noted that part of this increase could be caused by our ability to better detect only fraud, thanks to AI and machine learning, in 2018 versus 2014.
- Some countries are clearly worse than others: There’s also a clear divide between mature and emerging markets when comes to attempted fraud. In 2018, fraud was significantly lower in the U.S., Canada, UK, Germany and France (ranging from 0.54 percent to 0.74 percent) while more emerging markets, including China and India are witnessing significantly higher fraud levels. This is not completely unexpected as we see these fraud patterns in other types of fraud.
There are a few lessons that I take away from this analysis, including:
- Online fraud is not just impacting e-commerce. Businesses outside of e-commerce need to be mindful of fraud during the holidays as we’re seeing spikes in fraud attempts even for financial services, digital currency and online services. Fraudsters clearly don’t take their eyes off the prize during the holiday, so businesses need to be extra vigilant during the holidays to protect their online communities and ecosystems.
- Online gaming has increased more than 300 percent since 2014. Fraud in online gaming is growing year-over-year and has more than tripled since 2014. This isn’t just a holiday pattern — fraud rates for online gaming are 3-4 times higher than the worldwide average and as emerging markets have started to embrace online gaming, fraud rates outside of EMEA are particularly concerning.
- Not all countries carry the same risk. If you’re a global player and onboard new customers from around the world, it’s important to note that certain countries (including China and India) have higher probabilities of fraud and should be scrutinized more carefully, while more mature markets carry significant less risk for new account activations. Online verification solutions that serve global brands and that have verified material volumes of government-issued IDs are in a much better position to understand these fraud patterns and identify country-specific risk factors than smaller players.
- Importance of marrying “identity checks” with government-issued IDs. Given these fraud patterns, Jumio not only recommends careful review of IDs during the holidays when used to create new online accounts, but businesses should also consider requiring a selfie (with liveness detection) to ensure that the person behind the ID is the person physically present (and that the picture in the selfie matches the picture in the government-issued ID). This extra level of identity verification can help thwart bad actors and fraudsters from creating bogus accounts and doing harm.
While online ID fraud may only impact 1-3 percent of all verification transactions, the fraudster’s ability to create bogus accounts or takeover existing accounts goes beyond just a nuisance — they can become an existential threat to your business and your ecosystem. That’s why fortifying the front gate with enterprise-class identity verification can help block fraudsters from creating new online accounts and wreaking havoc.
As this analysis suggests, online fraud permeates just about every country, sector and season.