Rippleshot Blog

The Where and What of E-Commerce Fraud

Posted by Sid Khaitan on Oct 10, 2016 4:55:01 PM
Find me on:

ECommerceFraudZipCodesPic.jpg

During March, the Rippleshot Team covered the top locations and trends of e-commerce fraud in a previous blog post, outlining where both the fraudsters and victims of fraud were located. Much of our focus was on warning financial institutions that EMV implementation was not the cure-all to fraud, as fraud, and its impact of customers, was not going anywhere. Some listened, while some countered that their “fraud losses were lower than ever because of EMV”. So although we don’t like to say we told you so…we told you so. Experian’s latest report, published right around the 1-year anniversary of the EMV liability shift, projects 2016 e-commerce fraud attack rates to be at least 15% higher than last year’s total. Learn the Top 10 Riskiest Zip Codes for shipping and billing fraud in our latest blog- “The Where and What of E-Commerce Fraud”.

Data Equals Power

In order to produce its bi-annual report on Fraud Attack Rates, Experian analyzes millions of e-commerce transactions from the first six months of the year. The attack rates are then calculated by comparing the number fraudulent transactions to a count of total transactions, generating risk basis points for each zip code as a ranking structure. Shipping fraud is an indication of where fraudulently purchased goods are sent, or the shipping address. Billing fraud refers to the address of the fraud victim, or “purchaser”, whose account information is hacked.

Shipping

Our blog post from March still has the most recently updated statistics from Experian relating to the top states for billing and shipping fraud, but here we will take a somewhat different approach by listing it by zipcode.

Here are the Top 10 Riskiest Shipping Zip Codes in the US for H1 2016:

Zipcode

City

State

Attack Rate (in basis points)

66025

Eudora

KS

1138.3

33195

Miami

FL

795.0

33192

Miami

FL

758.7

33166

Miami

FL

675.3

38858

Nettleton

MS

546.1

62694

Winchester

IL

545.8

91733

South El Monte

CA

507.4

49622

Central Lake

MI

496.3

07201

Elizabeth

NJ

422.0

77036

Houston

TX

409.7

As you can see, Eudora, KS, found the top of the charts (again) at 1138.3 basis points, symbolizing that over 11% of e-commerce transactions with shipping addresses in 66025 end up becoming fraudulent. Mike Gross, Fraud and Identity Director of Risk Strategy at Experian, attempted to describe the trend in Eudora, explaining that it was caused by a small ring of fraudsters that were leveraging reshipping and freight-forwarding fraud. Reshipping fraud is when cyber criminals use stolen cards for e-commerce transactions and ship them to U.S. addresses, where an individual receives the package and then “reships” it to another location, generally international. Freight-forwarding fraud occurs when an item is shipped to a freight forwarder so that it can be shipped out internationally.

Another continuing trend from our coverage in March was Miami, as it commanded three of the top ten riskiest shipping locations. This was no surprise at all, considering Miami’s status as an international shipping hub, and having previously made the top ten list with five separate zip codes in 2015.

Billing

Let’s move on to billing fraud. Before moving on to examine the list, consider this: 44% of e-commerce billing fraud came from Florida, Connecticut, and New York, based on the sum of attacks that were represented on the top 100 riskiest billing zip codes.

Here are the Top 10 Riskiest Billing Zip Codes in the US for H1 2016:

Zipcode

City

State

Attack Rate (in basis points)

77036

Houston

TX

1145.0

66025

Eudora

KS

955.3

33192

Miami

FL

725.3

33166

Miami

FL

691.3

99603

Homer

AK

559.1

33195

Miami

FL

531.1

62694

Winchester

IL

524.4

49622

Central Lake

MI

504.3

33136

Miami

FL

371.7

19952

Harrington

DE

320.6

Small Town, Big Fraud

As you can see, although some of the listed zip codes and cities can be seen as intuitive, many are small locations that, respectively, some of us may have never even heard of. We call this the case of small town, big fraud. Mike Gross mentioned earlier that many of these fraudsters are leveraging small towns as a source of reshipping and freight-forwarding fraud, meaning that they are actually using smaller towns to their advantage, knowing fully well that the transactions will go unnoticed, and they can fly under the radar. For example, Eudora, Kansas, has the highest overall riskiest ZIP code, yet no other Kansas ZIP code appears in the top 100 list.

Correlation VS Causation

On the other hand, major port cities, and international shipping hubs, also pop up on the top 100 lists, since the items involved in the e-commerce fraud are easily shipped or flown overseas to international criminals. For example, “New York, New Jersey, [and] Houston are big port cities or international airports” Gross explains. Therefore, although the shipping/ flying capacity of the city is certainly correlated with its propensity for shipping or billing fraud, it is not necessarily a cause, as there are other more complicated trends impacting the where and what of e-commerce fraud.

Back To The Drawing Board

From the latest key findings by Experian, it is clear that e-commerce fraud is here to stay, in fact it is still growing at an astounding rate. However, the trends influencing the locations of shipping and billing fraud are also becoming more apparent, with a certain emphasis by fraudsters on smaller towns, and then port cities/ international shipping hubs. A development that may have a stronger effect on mitigating e-commerce fraud is the much-anticipated debut of authentication technology 3D Secure 2.0 by EMVCo, as it promises to reduce online fraud, and will be designed to work in apps/ browsers, along with being mobile-friendly.

 

Did you know that Rippleshot Sonar employs a “Whales and Minnows” approach, meaning that it can detect smaller instances of fraud just as effectively as larger ones?

 

Find out how Sonar works by scheduling a demo today:

New Call-to-action

Topics: Fraud, Cybersecurity, E-Commerce