Fraud Analysis Points to Outlook, Elite Credit Card Vulnerabilities
The fraud rate is highest between 2 and 6 a.m. ET, security vendor Forter finds. The analysis also shows Outlook's fraud rate is higher than other email sites.E-commerce fraud-prevention vendor Forter has examined data for more than 1 million transactions in 2014 and identified a number of fraud trends. Among the key findings in Forter's analysis is the fact that fraud rates peak between 2 and 6 a.m. ET. "We know that many fraudsters operate from outside of the U.S., which is one explanation for this," Noam Inbar, vice president of business development at Forter, told eWEEK. "The other is that there are fraudsters that operate from within the U.S. but have a day job in addition to being fraudsters, so it makes sense for them to operate at night." Fraud rates also varied based on the type of credit card, with elite cards (such as Centurion, Infinite and Black) having a 1.7 percent fraud rate. In contrast, Gold and Platinum cards had a 1 percent fraud rate while basic credit cards have a fraud rate of 0.8 percent. In Forter's analysis, the high-profile elite cards are more attractive to fraudsters as they typically have higher credit limits. Surprisingly, Forter found that for the peak shopping days of Black Friday and Cyber Monday in November, the fraud rate was only 49 percent of the industry average. When it comes to Christmas Eve and Christmas Day, the story changes and the fraud rate spikes to 200 percent of the average fraud rate. In Forter's analysis, the Black Friday and Cyber Monday fraud rates are lower because fraudsters are indifferent to promotions. Forter attributes the spike in fraud rates on Christmas to the fact that many legitimate shoppers have already completed their holiday shopping by then.
Fraud rates also vary across different email domains, with Forter identifying Microsoft's Outlook.com as having the most fraud. According to Forter, the rate of fraud from Outlook is 15 times the industry average. With the Outlook emails, there is no indication of a breach, Inbar said.