Online Fraud Predicted to Surge 60% This Holiday Season: Arkose Labs

A combination of a re-opening society and technical sophistication has online fraud poised to increase 60 per cent this season, new data from fraud deterrence platform Arkose Labs suggests. Industry watchers should be prepared for increased online fraud threats during the holidays such as rising attacks by bots and a resurgence in attacks on travel companies. Account takeover attacks and gift-card fraud also remain persistent.

Financial industries saw 32 per cent more online fraud attacks than in the first half of 2021. Retail and travel attacks increased 63 per cent in the third quarter, and gaming saw a spate of fake new accounts being set up for fraudulent purposes. Media and streaming businesses saw 60 per cent of malicious activity targeting logins, and 20 per cent of these attacks originating from human fraud farms. Technology platforms see 91 per cent of all attacks powered by bots. Overall, attacks are increasing in every industry, and they are growing more sophisticated.

“As we approach 2022, the frequency and severity of fraud continues to threaten any organization doing business online,” said Arkose Labs CMO Vanita Pandey. “Based on intelligence garnered from the Arkose Labs Network, we predict a 60 per cent increase in attacks for the upcoming 2021 holiday shopping season. No digital business is immune to this threat.”

Online fraud attacks have steadily increased over 2020, becoming more frequent, launching on a larger scale, and initiating with greater sophistication, the report states. Arkose Labs estimates eight million attacks will occur daily during the 2021 holiday shopping season.

The world is traveling again, and that means more online bookings through travel sites. The travel sector enjoyed a 40 per cent increase in digital traffic, creating the perfect opportunity for online fraud attacks, which increased 80 per cent from Q2 to Q3 2021. Digital traffic to U.S. travel sites was hit particularly hard, with 66 per cent of those online visits marked as fraud or bot attacks.

Asia has returned as the top originator of fraud attacks, with China driving nearly half of all attacks in Q3. In comparison, the United States, in second place, accounted for 19.4 per cent of attacks.

While human fraud attempts are increasing, machine attacks are predicted to hold steady and possibly ramp up during the holiday season. Bots now account for 88 per cent of online fraud attacks. In 2020, more than two million bot attacks occurred between October and December. This year, Arkose Labs expects the number will likely be even higher, making it all the more important for businesses to increase scrutiny of traffic intended to do harm.

Digital businesses are experiencing a massive surge of fake new accounts. Arkose Labs detected 560 million malicious attempts on registration flows last quarter, which is four times more than at the beginning of the year. These fake accounts open the doors to downstream fraud that directly impacts the bottom line of e-commerce firms.

As more customers open digital accounts, account takeover attempts fuelled by large-scale credential stuffing soon follow. Arkose Labs said it stopped three billion credential stuffing attacks over the past year, nearly doubling over the past 12 months. In 2020 digital businesses saw 90 per cent higher volume of credential stuffing attacks during the final quarter of the year, over the holiday shopping period.

The Q4 Arkose Labs Fraud and Abuse Report is based on actual user sessions and attack patterns analyzed by the Arkose Labs Fraud Deterrence Prevention Platform from July to September 2021. These sessions, spanning account registrations, logins, and payments from financial services, e-commerce, travel, social media, gaming, and entertainment, were analyzed in real-time to provide insights into the evolving online fraud and risk landscape. Unsophisticated bot attacks don’t result in a user session and have not been included in the report. The report focuses on attacks from fraud outlets that combine state-of-the-art technology with stolen identity credentials and human efforts.

Register Now!
Sponsored Links by DQ Promote



Send this to a friend