SAN FRANCISCO, March 16, 2023 (GLOBE NEWSWIRE) — Aim, the leader in Digital Trust & Safety, today released its Q1 2023 Digital Trust & Safety Index, which found that almost one in five (16%) consumers admit to having committed, or know someone who has, payment fraud. Likewise, 17% of consumers have encountered online offers to commit payment fraud, a symptom of fraud’s accessibility and democratization among regular internet users. Consumer data was collected via a survey of over 1,000 American adults.
In addition, the report includes fraud data findings from Sift’s global network of over 34,000 websites and apps. These combined insights have revealed the latest techniques fraudsters are adapting to turn stolen data and proven attack methods into profitable – and marketable – products and services in volatile economic conditions.
Payment fraud is increasing within Fintech, digital goods and services
According to Juniper Research, payment fraud costs online businesses 41 billion dollars globally in 2022. These losses are expected to jump to 17% in 2023, reaching $48 billion by the end of this year. With attacks on the rise, it is no longer a question of if a business will face a payment fraud attack, but when and on what scale. Even industries facing significant headwinds remain in the sights of fraudsters, as Sift’s network, which analyzes more than one trillion incidents annually, shows that payment fraud attacks in fintech jumped 13% between 2021 and 2022. In fintech, buy now pay later (BNPL) merchants faced a massive 211% increase, and crypto exchanges saw a 45% increase. Meanwhile, providers of digital goods and services were hit by a 27% increase in payment fraud.
Avoid detection with “Card Hopping”
Payment fraud attacks have persisted through the veritable arms race between cybercriminals and businesses, with fraudsters continuing to evolve their methods to avoid detection. Now, as businesses are equipped with better tools and technology to combat attacks, Sift researchers are observing a trend of payment fraudsters increasingly resorting to “card hopping” techniques to avoid detection.
Card hopping—paying for goods and services with a variety of stolen credit cards—can provide a sense of legitimacy to cybercriminals who want to make purchases without being detected by a company’s fraud prevention measures. While using a single credit card to make multiple high-value purchases on a company’s website may raise suspicions of fraud, card hopping spreads the purchases across multiple cards so that they appear unrelated and are therefore approved by the merchant.
The democratization of fraud and fraud-as-a-service
Part of cyber fraud’s recent explosion into the mainstream can be attributed to its availability, marketability and accessibility to anyone with an internet connection. The ease with which someone can both sell and buy stolen credit card or account information has led to this democratization of fraud. It has also opened up new revenue streams for experienced cybercriminals who go beyond sharp attacks. While veteran thieves recruit customers through deep and open online channels such as Telegram forums and TikTok, fraudsters can now scale their networks and activities, in a fraud-as-a-service model that profits from the expansion of fraud and reaps the rewards of successful attacks.
In one example of how this criminal enterprise works, a fraudster steals credit card credentials via hacking, malware, or a phishing attack. Then that person creates or joins a group on a deep web forum and begins to cultivate a following. The fraudster advertises the credit cards of other fraudulent buyers at a steep discount. An opportunistic buyer agrees to purchase several credit cards at a 50% discount. In the end, the buyer makes purchases with the stolen credit cards and cybercriminals make money.
“The rapid democratization of fraud provides even more opportunities for motivated criminals to expand their reach by productizing their offerings and selling their services to commit fraud against businesses,” said Jane Lee, Trust and Safety Architect at Sift. “As cyber fraud continues to seep into everyday internet culture, trust and security operations have become the single point of failure or success for businesses. Now is the time for businesses to ensure they leverage the right technology and implement a Digital Trust & Safety strategy to successfully stop payment fraud while driving growth with every transaction.”
To read Sift’s Q1 Digital Trust & Safety Index, please visit here.
Sift is a leader in digital trust and security, enabling digital disruption for Fortune 500 companies to unlock new revenue without risk. Sift dynamically prevents fraud and abuse through industry-leading technology and expertise, an unmatched global data network with one trillion (1T) events per year, and a commitment to long-term customer partnerships. Global brands like DoorDash, Twitter and Wayfair rely on Sift to gain a competitive edge in their markets. Visit us at sift.comand follow us further LinkedIn.
Senior Director of Corporate Communications, Sift
Images accompanying this announcement are available at