2017 was a whirlwind year in just about every way imaginable. Online fraud was no exception! There were data breaches, the fight for net neutrality, the debates surrounding fake content, the Russian hacking scandal…and that’s not even scratching the surface.

Let’s get some closure on last year and kickstart this one by taking stock of major online fraud trends from 2017.

1. Data breaches escalated to an unprecedented level.

In 2017, we came to grips with a startling new reality: nearly every adult in the United States has been impacted by a data breach.  Each day, online fraudsters buy and sell information stolen from billions of people worldwide. The problem is growing along two dimensions: prevalence and severity.

We’re accustomed to hearing stories about hackers targeting government sites and high-profile retailers, but these criminals no longer discriminate. Last year, fraudsters targeted all kinds of businesses and organizations: fast food chains like Sonic, universities like Oxford and NYU, password managers like OneLogin, and even an outdoor emergency siren in Dallas. By the end of the year, businesses and consumers alike were coming to the horrifying realization that no one is safe.

Last year also saw a change in the severity of data breaches. The most notable example, of course, is the Equifax breach. This record-shattering hack exposed sensitive data belonging to over 143 million consumers. But the scariest thing about the Equifax data breach is that it wasn’t unique. Bell Canada also lost millions of customers’ data to a data breach. Ransomware WannaCry targeted over 300,000 machines. FedEx, the British ad agency WPP, Maersk, and Russian energy company Rosneft lost hundreds of millions (if not billions) to hacks. This is the new normal.

2. ATO continued to prove lucrative for fraudsters.

Since data breaches are on the rise, so too is account takeover (ATO). Many people tend to use the same password across multiple sites, so there can a domino effect where one company’s data breach can lead to additional ATOs for other sites that have keep their data secure.

As more stolen information is posted on the dark web, it’s getting easier for fraudsters to buy users’ passwords and take control of their accounts. This trend is even more worrisome in light of the fact that many ecommerce sites, online banks, and credit card companies use static PII identification to secure customers’ data. Quite simply, that data is no longer secure.

Just as alarmingly, the rise in ATO seems to be causing more data breaches. For example, the Equifax data breach happened because fraudsters took over system administrators’ accounts. As fraudsters grow more adept at stealing passwords and other identifying information, we should expect data breaches to happen even more often.

Ready to start fighting ATO? Check out our Complete Guide to Preventing Account Takeover.

3. Mobile fraud continued to climb.

The data is clear: m-commerce is on the rise. By the end of 2018, mobile devices will account for nearly a third of all American e-commerce sales. That’s 1 out of every 4 U.S. e-commerce dollars. This growth is great for businesses and fraudsters alike.

In 2017, businesses and users fell victim to unprecedented rates of mobile fraud. Last year, between $7.2 billion and $16.4 billion were lost to mobile ad fraud like click spam, fake installs, and fraudulent clicks. M-commerce fraud proved even more lucrative for fraudsters. Now, 1 in 3 fraudulent transactions attempted on a smartphone is successful, according to LexisNexis.

For fraudsters and for fraud-fighters, mobile represents the new frontier. Fraudsters are getting crafty, trying out new tactics like tricking users into wiring them funds through fake payment apps, or posting fake online ads. And fraud-fighters are innovating too, using behavioral data, machine learning and biometrics to fight back. Fraud solutions are beginning to detect when a phone user is scrolling more quickly than normal, or tapping the screen in an unfamiliar pattern, and draw on this data to diagnose fraudulent activity. Check out an innovative approach to fighting mobile fraud in our Maximizing Mobile Opportunities ebook.

4. Fake content dominated the news.

Beyond debates over “fake news,” 2017 was the year businesses had to start taking content abuse seriously or suffer the consequences. The rallying cry “information is power” gave way to the less catchy but more honest rallying cry “the ability to sift through information and extract truth is power.”

From Google to Facebook to the New York Times, businesses were forced to innovate and hire aggressively to combat fake content. Throughout 2017, the content fraud infection spread across YouTube and Facebook. The problem was frighteningly salient in cases like the mass shooting in Sutherland Springs, after which YouTube users posted fake content about the shooter’s political affiliations. In response to this incident and others, Facebook ramped up its machine learning solutions to detect fake content, while Google pledged to hire 10,000 analysts. Content abuse had a role to play in the net neutrality debate, too: when the FCC opened its website to public comment on net neutrality, the site was flooded with fraudulent content. By the end of the year, even the New York Times had invested in a machine learning solution to cut down on fake content in their articles’ comments sections.

5. On-demand businesses had to keep up with fast-paced fraud trends.

We live in the age of Uber, Airbnb, and Netflix, where consumers expect goods and services to be delivered at the speed of want. In 2017, on-demand businesses continued to see fast-paced growth, now accounting for over $58 billion in revenue a year.

But on-demand businesses are in a unique position. Their greatest strength is also their most major vulnerability. Because on-demand businesses deliver their services in real time, they experience fraud just as quickly. To minimize friction for the customer, on-demand businesses collect as little information as possible before checkout. Such little time for review leaves businesses vulnerable to credit card fraud and chargebacks.

That vulnerability became abundantly clear last year. In 2017, a hack exposed 57 million Uber riders’ data. Like Uber, Netflix is constantly waging war with fraudsters, battling everything from phishing schemes to account fraud. And rumors of problems with credit card fraud have swirled around Postmates since it started. Last July, the company finally addressed these allegations by pledging to fight back with the power of data science. Ready to do the same? Check out our on-demand ebook.

6. Fraudsters continued to rely on bots as a fast, powerful tool.

Fraud-fighters aren’t the only ones turning to automation to get their job done. Bots are now a powerful tool in the fraudster’s toolbox. Last year, we saw a dramatic rise in the number of fraudsters who’ve incorporated bots into their arsenals, but also increased variation in the ways fraudsters are using bots. For example, fraudsters now rely on bots to test stolen credit cards they’ve purchased on the dark web, as well as to generate CVVs to test against valid credit card numbers. Once they’ve found a match, fraudsters then use bots to place as many orders as they can before they get caught.

It doesn’t stop there: criminals are also using bots to engage in devastating online and mobile ad fraud. Fraudsters employ bots to view and click on online ads, an illicit behavior that cost businesses an estimated $16.4 billion last year. And in September of last year, criminals built a bot called “HyphBot” to execute a massive online ad scam that cost businesses about $1.3 million a day. HyphBot created fake versions of various websites. Brands then inadvertently bought ad space on these sites…but potential customers weren’t actually seeing them. These businesses ultimately wasted millions of dollars, and publishers lost just as much in ad revenue.

If last year has taught us anything, it’s that we’re moving into unchartered territory. The way we conduct business and communicate with each other online is changing dramatically. Ready to take on 2018? Check out the Sift Science Digital Trust Platform to gear up for this year’s challenges!

Tags: , , ,

Roxanna "Evan" Ramzipoor

Roxanna "Evan" Ramzipoor is a content marketing manager at Sift. Her debut novel The Ventriloquists will be released August 27, 2019.