Fraud attacks against online food and beverage businesses in the U.S. increased by nearly 80 percent in the past year, as fraudsters have decided that dining establishments are the perfect places to test stolen card credentials.
Food and beverage businesses are generally considered less at risk to fraud because their wares are typically low-value and hard to resell. But these purchases are also low risk for fraudsters to test the validity of any card accounts they've obtained — before spending to the limit on luxury purchases later on, according to Forter's 2019 Fraud Attack Index.
"The scale in food and beverage is significant, as there can be 10 pizza places in a three-mile radius for testing cards in some cities," said Vered Gottesman, vice president of marketing at
"You can click-and-collect much more efficiently and do a lot more testing, and then go on to the bigger and better items," she added.
Fraudsters have also figured out that the food and beverage industries have been, in most cases, the last to be hit by fraudulent attacks. Thus, they enjoyed a false sense of security that rendered them the least prepared.
"They don't have the barriers against fraud that other traditional retailers or those with luxury items have in place," Gottesman said. "Food and beverage is like a new industry in this field, but a liquor store can have some high-end liquor that can be bought frequently by fraudsters and then sold."
In addition, many restaurants are just now diving into mobile apps and rewards programs, and fraudsters are attacking those mobile apps more regularly.
"We are trying to work with those types of restaurants closely to prevent that type of mobile app and in-store fraud as well," Gottesman said.
The Forter Fraud Attack Index, which pulls data from hundreds of millions of transactions to calculate fraud averages, also revealed that apparel and accessories retailers have seen a 47 percent increase in fraud attacks. Jewelry and luxury item retailers have seen a 19 percent increase in the past year.
It was long warned that e-commerce fraud would spike in the wake of EMV chip cards being established for use at the physical point of sale in the U.S., and that concern still applies. But fraudsters are becoming increasingly clever at attacking physical stores based on credentials and rewards program information they can steal online, Gottesman said.
"Traditional EMV chips put a barrier on some in-store POS systems, but it doesn't mean in-store transactions are not being targeted in different fashions," she said. "Someone could access your account, get into your online loyalty program and steal rewards points to use in the store."
The tricks of the trade are becoming so easy for fraudsters, in fact, that Forter and others are using the term "crime-as-a-service" to describe the phishing kits and other fraud-attack tools made available on the Dark Web.
"It allows the inexperienced fraudsters to enter the market and be able to launch cyber attacks, as the criminals keep developing advanced tools and kits," Gottesman said.
Even when something appears positive in terms of fraud trends, there is a potential ominous underbelly. Such is the case with fraud attacks on the travel industry, which saw a 29 percent decrease against airlines.
Forter warns that this type of dip in high-value fraud could mean that the data available from large 2018 hacks, some of which made passport information available, has not surfaced yet.
That type of data is valuable enough to be leveraged for "fully-fledged identity theft" with many stages, rather than being used on a single fraud attempt, the report noted.
The most notable decrease, at 90 percent, came in fraud through returns abuse in which fraudsters make purchases and return items, but keep the rewards points to cash in later. The decrease came from major retailers changing their online returns policy, limiting the number of returns a customer can make.
"It is unfortunate that, because of these attacks and repeated returns, many stores that were quite friendly regarding returns had to put up their guard as a result of this," Gottesman said. "It can destroy the customer experience for those who are good customers."
Ultimately, Forter would prefer that online retailers put up tighter fraud prevention through machine learning and data gathering, rather than altering return policies that help good customers.
"It can be a case of destroying your brand with a restrictive return policy, instead of creating fraud prevention systems," Gottesman said.
