May 31, 2018
Merchants that aren’t watching their mobile sales channels for fraud—especially apps—are missing something important. New research from RSA Security found 39 percent of fraudulent transactions that crossed its network in the first quarter of 2018 came through mobile apps compared to 36 percent during Q4 2017 and up from 24 percent year-over-year.
RSA’s research also indicated, specifically for e-commerce, what share of fraud was being performed on devices that were new to each merchant vs. trusted devices they had seen before. As a percentage of the value of all fraudulent transactions, 62 percent came from trusted accounts, but on new devices, 20 percent came on new accounts with new devices and only three percent came from transactions from trusted accounts using devices the merchant had seen before. The numbers backed up data from other sources that shows account takeover fraud growing very quickly.
“In the first quarter, 82 percent of fraud among e-commerce transactions originated from a new device,” the authors noted in the report. “In the case of known/trusted accounts, 62 percent of fraud transaction value was from a new device, which is indicative of account takeover or credential-stuffing attacks where fraudsters could be attempting transactions from the same account across multiple merchants.”
The report also noted the difference in value between legitimate transactions and fraudulent transactions. In North America, normal transaction value for e-commerce merchants across RSA’s network is $228. For fraudulent transactions, the number jumps to $508. In the U.K. and Australia, the difference is not as stark ($196 vs. $337 and $208 vs. $306, respectively), but the EU showed a pattern similar to the U.S., where normal transaction value was $174 compared to the average fraudulent transaction value of $439.