page 1R S A M O N T H LY F R A U D R E P O R T
F R A U D R E P O R T
E-COMMERCE FRAUD TRENDS 2014:
SECURING THE ONLINE SHOPPING CART
The U.S payment card industry is undergoing a transformation. With the looming upgrade
to the EMV standard, it is expected that the U.S. will experience a significant increase in
card-not-present (CNP) fraud as have most other countries that have embraced it.
According to leading research firm Aite Group, CNP fraud will account for about $2.9
billion in fraud losses to U.S. issuers this year. However, by 2018 when about 98% of
payment cards in the U.S. will be enabled with the EMV capability, that number is
expected to more than double to $6.4 billion in losses1
That’s in the future. But what are we seeing today? RSA has gathered insight from the
billions of e-commerce transactions we secure each year, and here are some of the trends
we are seeing in 20142
TOP MERCHANT CATEGORIES FOR E-COMMERCE TRANSACTIONS
Following are the top ten merchant categories for e-commerce transactions:
General Retail (15%)
Telecom (mobile phones, apps, etc) (5%)
Money transfer (4%)
Restaurants and dining (1%)
1 Aite Group, “Card Not Present Fraud in a Post-EMV Environment: Combating the Fraud Spike,” June 2014.
2 RSA Adaptive Authentication for eCommerce, Jan – June 2014, U.S. only
page 2R S A M O N T H LY F R A U D R E P O R T
AVERAGE VALUE OF FRAUD TRANSACTIONS
While there are over 100 parameters that RSA’s risk-based authentication system looks at
in determining whether an e-commerce transaction is genuine or suspected fraud, one of
the leading indicators is the average value of a transaction. The chart below shows the
average value of legitimate transactions vs. fraudulent transactions, with the fraudulent
transactions most always bearing a significantly higher value than an average legitimate
transaction. For example, an average jewelry purchase online is $307 while an average
fraudulent purchase in the same category is $1,300, more than four times that value.
TOP MERCHANT CATEGORIES AFFECTED BY FRAUD
As consumers, we like to indulge once in a while with a random getaway, new electronic
gadget, or the latest fashion trend as seen by the average value of e-commerce
transactions. But cybercriminals find it even more enjoyable to use stolen payment cards
to indulge themselves with vacations, cash, and computers – and even to pay their
monthly household bills. The following chart represents the top merchants affected by
Average value of transaction
Average value of fraud
1% 1% 1% 1% 1%
page 3R S A M O N T H LY F R A U D R E P O R T
In 2013, one out of every seven payment cards in the U.S. was exposed in a data breach3
With hundreds of millions of payment cards in use and circulation in the U.S., this is
quite noteworthy. Rapid changes are taking place beyond embracing the EMV standard.
In October, 2015, changes will go into effect modifying the liability rules concerning card
purchases for both issuers and merchants. Long overdue in the U.S., EMV adoption is
going to invoke rapid changes in the payment card landscape, and financial institutions
and retailers must be prepared to make the investments in technology to manage fraud
risk in e-commerce.
3 Discover Financial Services’ Pulse ATM Network
page 4R S A M O N T H LY F R A U D R E P O R T
Phishing Attacks per Month
RSA identified 55,813 phishing attacks in
June, marking a 43% increase from May.
Based on this figure, RSA estimates
phishing cost global organizations $476
million in losses in June.
US Bank Types Attacked
U.S. regional banks have consistently been
hit with 30 – 35% of phishing volume over
the last few months, targeted by about one
out of every three attacks.
Top Countries by Attack Volume
While the U.S. saw a 16% decline in
attacks, it still remained the most targeted
country in June with 57% of phishing
volume. Other top targeted countries
include the Netherlands, UK, Malaysia
and South Africa.
Source: RSA Anti-Fraud Command Center
page 5R S A M O N T H LY F R A U D R E P O R T
Top Countries by Attacked Brands
U.S. and U.K brands were the most
affected by phishing in June, targeted
by 40% of attacks. Brands in India, the
Netherlands, and Canada were collectively
targeted by 16% of phishing attacks.
Top Hosting Countries
The number of phishing attacks hosted in
the U.S. remained relatively the same at
43% in June. Germany continues to be the
second top hosting country.
Top Merchant Categories Affected by Fraud
In the first half of 2014, the merchant
category most affected by e-commerce
fraud, with 46% of fraudulent transactions,
was airlines and travel. The second most
affected merchant category, with 16% of
fraudulent transactions, was money
GLOBAL PHISHING LOSSES