RSA Online Fraud Report - July 2014


Published on


Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

RSA Online Fraud Report - July 2014

  1. 1. page 1R S A M O N T H LY F R A U D R E P O R T F R A U D R E P O R T E-COMMERCE FRAUD TRENDS 2014: SECURING THE ONLINE SHOPPING CART July 2014 The U.S payment card industry is undergoing a transformation. With the looming upgrade to the EMV standard, it is expected that the U.S. will experience a significant increase in card-not-present (CNP) fraud as have most other countries that have embraced it. According to leading research firm Aite Group, CNP fraud will account for about $2.9 billion in fraud losses to U.S. issuers this year. However, by 2018 when about 98% of payment cards in the U.S. will be enabled with the EMV capability, that number is expected to more than double to $6.4 billion in losses1 . That’s in the future. But what are we seeing today? RSA has gathered insight from the billions of e-commerce transactions we secure each year, and here are some of the trends we are seeing in 20142 . TOP MERCHANT CATEGORIES FOR E-COMMERCE TRANSACTIONS Following are the top ten merchant categories for e-commerce transactions: Airlines (39%) General Retail (15%) Computers/Electronics (12%) Ticketing (10%) Telecom (mobile phones, apps, etc) (5%) Money transfer (4%) Automotive (3%) Toys (3%) Clothing (3%) Restaurants and dining (1%) 1 Aite Group, “Card Not Present Fraud in a Post-EMV Environment: Combating the Fraud Spike,” June 2014. 2 RSA Adaptive Authentication for eCommerce, Jan – June 2014, U.S. only
  2. 2. page 2R S A M O N T H LY F R A U D R E P O R T AVERAGE VALUE OF FRAUD TRANSACTIONS While there are over 100 parameters that RSA’s risk-based authentication system looks at in determining whether an e-commerce transaction is genuine or suspected fraud, one of the leading indicators is the average value of a transaction. The chart below shows the average value of legitimate transactions vs. fraudulent transactions, with the fraudulent transactions most always bearing a significantly higher value than an average legitimate transaction. For example, an average jewelry purchase online is $307 while an average fraudulent purchase in the same category is $1,300, more than four times that value. 0 500 1000 1500 2000 2500 TOP MERCHANT CATEGORIES AFFECTED BY FRAUD As consumers, we like to indulge once in a while with a random getaway, new electronic gadget, or the latest fashion trend as seen by the average value of e-commerce transactions. But cybercriminals find it even more enjoyable to use stolen payment cards to indulge themselves with vacations, cash, and computers – and even to pay their monthly household bills. The following chart represents the top merchants affected by fraud transactions. Source:RSAAnti-FraudCommandCenter AirlinesPharmacy MoneytransferAirlines Computers/Electronics Automotive GeneralRetail Jewelry Clothing Billpayments Travel Appliances Gaming Clothing Toys Travel Jewelry Insurance Billpayments Charity Utilities Average value of transaction Average value of fraud 0 10 20 30 40 50 46% 264 1830 659 1480 331 1320 307 1300 931 1180 674 1140 495 1040 897 1000 585 702 104 581 467 552 16% 13% 9% 5% 1% 1% 1% 1% 1%
  3. 3. page 3R S A M O N T H LY F R A U D R E P O R T CONCLUSION In 2013, one out of every seven payment cards in the U.S. was exposed in a data breach3 . With hundreds of millions of payment cards in use and circulation in the U.S., this is quite noteworthy. Rapid changes are taking place beyond embracing the EMV standard. In October, 2015, changes will go into effect modifying the liability rules concerning card purchases for both issuers and merchants. Long overdue in the U.S., EMV adoption is going to invoke rapid changes in the payment card landscape, and financial institutions and retailers must be prepared to make the investments in technology to manage fraud risk in e-commerce. 3 Discover Financial Services’ Pulse ATM Network
  4. 4. page 4R S A M O N T H LY F R A U D R E P O R T Phishing Attacks per Month RSA identified 55,813 phishing attacks in June, marking a 43% increase from May. Based on this figure, RSA estimates phishing cost global organizations $476 million in losses in June. US Bank Types Attacked U.S. regional banks have consistently been hit with 30 – 35% of phishing volume over the last few months, targeted by about one out of every three attacks. Top Countries by Attack Volume While the U.S. saw a 16% decline in attacks, it still remained the most targeted country in June with 57% of phishing volume. Other top targeted countries include the Netherlands, UK, Malaysia and South Africa. 55,813 Attacks Credit Unions Regional National 57% 7% 6% 5% UK Malaysia Netherlands U.S. JULY 2014 Source: RSA Anti-Fraud Command Center
  5. 5. page 5R S A M O N T H LY F R A U D R E P O R T Top Countries by Attacked Brands U.S. and U.K brands were the most affected by phishing in June, targeted by 40% of attacks. Brands in India, the Netherlands, and Canada were collectively targeted by 16% of phishing attacks. Top Hosting Countries The number of phishing attacks hosted in the U.S. remained relatively the same at 43% in June. Germany continues to be the second top hosting country. Top Merchant Categories Affected by Fraud In the first half of 2014, the merchant category most affected by e-commerce fraud, with 46% of fraudulent transactions, was airlines and travel. The second most affected merchant category, with 16% of fraudulent transactions, was money payment processors. 11% U.S. UK 28% 5% 4%7% 43% GLOBAL PHISHING LOSSES JUNE 2014 46%Airlines 13%Computers/Electronics 16%Money transfer
  6. 6. CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at ©2014 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. JULY RPT 0714