ClearSale @CSO: Fraudsters have known for years that small merchants can make easier targets than big-name online retailers with better security. Now they're finding that virtually any vertical can be a worthwhile target, not just the high-profile niches like electronics and designer goods. The reason? Thanks to data breaches, there's a glut of low-priced consumer data, including payment data and account credentials, for sale on the dark web. For example, a stolen credit card number with the CVV goes for as little as $5 now, while a card number plus bank information costs about $15. As the cost barriers to fraud fall, fraudsters are expanding into new areas—like hailing rides and ordering dinner with stolen data.
New risks for previously “safe” verticals
It's no longer safe or wise to assume that fraudsters will pass you by if you sell inexpensive items or everyday necessities. The risks for nontraditional fraud targets, like ride share providers and food delivery services, are magnified by the fact that they typically have lower margins than, for example, luxury goods and apparel retailers. This means that even small fraud losses have a big impact, especially when chargeback fees are factored in.
Not only can transportation, food, and other “low-risk” merchants lose money to thieves using stolen card data and hijacked accounts, they can be hurt by CNP fraud in other ways. Card-testing fraud, committed by humans or botnets, can cause small losses along with costly chargebacks as thieves try to match card numbers with other data like CVV numbers and billing zip codes. Card testing increased by 200 percent in the first third of 2017 compared to the same period in 2016, and it targets verticals you might not expect.
For example, it's hard to imagine charities as targets for CNP fraud, but thieves have learned that making online donations can be an easy way to test card data before they move on to bigger, more lucrative fraudulent purchases. Card-testing can affect charities' cash flow, skew budget planning, and raise their expenses as chargeback fees add up. Small retailers and B2B sellers are frequent targets for card-testing, too, because they often don't have controls to limit the number of data-entry attempts a customer can make during checkout.
The bottom line is that any merchant who takes card payments can and should expect fraud attempts. The LexisNexis 2017 True Cost of Fraud Survey found that “regardless of industry segment,” businesses that sell online face more fraud attempts, on average, than businesses that do not sell through digital channels.
Traditionally risk-prone verticals still face fraud threats
This increase in fraud in “low risk” verticals doesn't mean that fraudsters have turned away from higher risk, higher reward targets. [Click here to continue reading].