During the upcoming Christmas shopping period, many online retailers will face account takeover and account log-in fraudsters.
ThreatMetrix’s Q4 2014 Cybercrime Report has found that account log-in fraud (5.5%) and account creation (5.2%) are the high-risk fraud types likely to cause e-tailers the most woe this Christmas.
This is in contrast to payment fraud, with the report highlighting that only 3.4% of transactions will fall into the high risk category.
The reason for this rise in account log-in and creation fraud is due largely to the use of email addresses and shared passwords for authentication. Stored credit card data represents an easy target for criminals to turn stolen credentials into cash.
Hackers find it more lucrative to use a trusted credit card from a valid customer account, than to attempt to re-use a stolen card that has a limited shelf life, and netizens are making their life easier by reusing passwords across websites.
While e-commerce is dominated by a "spray and pay" approach to online fraud, financial services companies are hit less frequently but in a more targeted way which usually results in higher losses. Attacks frequently utilise a combination of methods, for example device spoofing and malware designed to bypass specific banks.
"It’s becoming increasing harder to tell good customer from bad and this Christmas sees an ecommerce environment with an ever increasing number of gated authentication sessions being attempted", said Tony Larks, Director of Communications and Research at ThreatMetrix.
"Whilst this will stop some fraud, the bigger losses could be had from lost business. It’s a really thin line to walk."
The firm’s Q4 2014 Cybercrime Report was an analysis of 850 million monthly transactions and 15,000 websites across thousands of customers globally.