BNPL Provider Saves $9M in Fraud Losses with Socure

‘Tis the Season for Fraud Attacks: Banks, Credit Card, and BNPL Hit

Reinforcing the Fight Against Synthetic Identity Fraud

The Fraud Next Door: Confronting the True Scale of First-Party Fraud

Identity Trends: The Many Roles of Mules in Financial Crime

As most Americans begin celebrating the holidays and easing into the new year, fraudsters are unfortunately not taking any time off.
Socure assessed Thanksgiving week fraud data in four sectors historically impacted by increased shopping and major football milestones — banking Demand Deposit Accounts (DDAs), credit card issuers, Buy Now Pay Later (BNPL), and online gaming. Not surprisingly, we found that the holiday season brought fraud spikes…except in one industry, which actually saw a rise in good identities.
Here’s what we learned:
<h2>Banks Under Attack</h2>
In banking, fraudsters kept up business as usual while most Americans were focused on celebrating Thanksgiving. They took advantage of a period when many banks were using skeleton fraud crews as they rotated holiday schedules.
While we saw application volumes gradually decrease leading up to Thanksgiving, our data science team noted a 67% jump in new application third-party attacks from the beginning of November to the week before Thanksgiving. This rate remained high following the holiday as we moved into Black Friday and Cyber Monday shopping.
<a href="https://www.socure.com/wp-content/uploads/2023/12/holiday_shopping_dda_-of-population-with-risky-Sigma-Score_graph-1.svg"><img loading="lazy" decoding="async" class="alignnone wp-image-10008" title="holiday shopping dda % of population with risky Sigma Score graph" src="https://media.socure.com/app/uploads/2023/12/holiday_shopping_dda_-of-population-with-risky-Sigma-Score_graph-1.svg" alt="holiday shopping dda % of population with risky Sigma Score graph" width="760" height="509" /></a>
Within these attacks, we saw a 96% increase in risky <a href="https://www.socure.com/blog/socure-solution-insights-preventing-digital-fraud-attacks">email addresses created using tumbling techniques</a>, as well as IP addresses associated with spam activity. The team also noted a 56% increase in IP addresses originating from OFAC-sanctioned countries such as Russia, Iraq, Venezuela, and Yemen. Attacks from abroad on U.S. holidays have been a repeated pattern noted by fraud teams over many years. Analyzing these elements as they correlate to each other — and taken in context with <a href="https://www.socure.com/company/socure-risk-insights-network">our consortium data</a> — helps us draw conclusions about risk.
<h2>Credit Cards See Increase in Third-Party Attacks</h2>
Days before the holiday, our team noted a spike in credit card application volume, followed by a drop to its lowest point of the month on Thanksgiving. However, there was a 23% increase in third-party fraud attacks on Thanksgiving day. Even though the number of good applications dropped on the holiday, the total IPs originating from outside the U.S. remained steady — for criminals operating outside the United States, November 23 was just another day at the office.
These attacks included risk signals in line with identity theft, including a 10% increase in a mismatch between address and Social Security number. We also saw a 13% increase in random-issue Social Security numbers – these are a batch of 400 million SSNs which are outside of the typical SSA numbering scheme, and are much more difficult for fraud systems to validate.
<a href="https://www.socure.com/wp-content/uploads/2023/12/holiday_shopping_credit-card_-of-population-with-risky-Sigma-Score_graph-1.svg"><img loading="lazy" decoding="async" class="alignnone wp-image-10009" title="holiday shopping credit card % of population with risky Sigma Score graph" src="https://media.socure.com/app/uploads/2023/12/holiday_shopping_credit-card_-of-population-with-risky-Sigma-Score_graph-1.svg" alt="holiday shopping credit card % of population with risky Sigma Score graph" width="851" height="491" /></a>
These third-party fraud attacks were particularly concentrated in the Gen Z and Millennial population, ages 21-34. The highest percentage of risk signals we saw? A 15% increase in very new email addresses combined with a 21% increase in inactive phone numbers, all mixed with a 42% increase in IPs with an anonymous or uknown VPN. Together, these elements provide a holistic picture of risk.
<a href="https://www.socure.com/wp-content/uploads/2023/12/holiday_shopping_credit-card_-of-population-with-risky-Sigma-Score-by-age_graph-1.svg"><img loading="lazy" decoding="async" class="alignnone wp-image-10010" title="holiday shopping credit card % of population with risky Sigma Score by age graph" src="https://media.socure.com/app/uploads/2023/12/holiday_shopping_credit-card_-of-population-with-risky-Sigma-Score-by-age_graph-1.svg&quot;" alt="holiday shopping credit card % of population with risky Sigma Score by age graph" width="808" height="479" /></a>
<h2>Different Risk Signals for BNPL</h2>
On the BNPL side of transactions, while application volumes spiked on Black Friday the third-party attack rate noticeably increased beginning on Thanksgiving. Signals associated with these attacks also differed from credit cards — we saw increases in risk signals such as the SSN being associated with multiple addresses or dates of birth, indicating that the SSNs were likely stolen and reused by fraudsters. Other signals included the use of very new email addresses.
<a href="https://www.socure.com/wp-content/uploads/2023/12/holiday_shopping_bnpl_-of-population-with-risky-Sigma-Score_graph-1.svg"><img loading="lazy" decoding="async" class="alignnone wp-image-10011" title="holiday shopping bnpl % of population with risky Sigma Score graph" src="https://media.socure.com/app/uploads/2023/12/holiday_shopping_bnpl_-of-population-with-risky-Sigma-Score_graph-1.svg" alt="holiday shopping bnpl % of population with risky Sigma Score graph" width="790" height="537" /></a>
Within BNPL, our team saw the highest percentage of risky Sigma fraud scores in the 21-24 age group. Consumers age 50 and older had the lowest levels of fraud.
<a href="https://www.socure.com/wp-content/uploads/2023/12/holiday_shopping_bnpl_-of-population-with-risky-Sigma-Score-by-age_graph-1.svg"><img loading="lazy" decoding="async" class="alignnone wp-image-10015" title="holiday shopping bnpl % of population with risky Sigma Score by age graph" src="https://media.socure.com/app/uploads/2023/12/holiday_shopping_bnpl_-of-population-with-risky-Sigma-Score-by-age_graph-1.svg" alt="holiday shopping bnpl % of population with risky Sigma Score by age graph" width="804" height="517" /></a>
<h2>A Bright Spot: The Gaming Industry</h2>
There was some good news out of the fraud headlines on Thanksgiving. The online gaming industry saw a 166% jump in application volume on Thanksgiving, but the third-party and synthetic attack rates remained consistently low.
<a href="https://www.socure.com/wp-content/uploads/2023/12/holiday_shopping_gaming_consumer-applications_graph_v2-1.svg"><img loading="lazy" decoding="async" class="alignnone wp-image-10013" title="holiday shopping gaming consumer applications graph v2" src="https://media.socure.com/app/uploads/2023/12/holiday_shopping_gaming_consumer-applications_graph_v2-1.svg" alt="holiday shopping gaming consumer applications graph v2" width="858" height="495" /></a>
These attack rates were particularly low for the under 50 age group. This shows that the marketing for these demographics is on target. It also demonstrates that these companies had a better chance of onboarding more good customers associated with legitimate emails or phone numbers — and therefore more revenue opportunities — and less fraud. For the over 50 age group, the team noted a significant improvement in applicant email quality, or a higher percentage of the population with an email address that correlates with their name or address.
<a href="https://www.socure.com/wp-content/uploads/2023/12/holiday_shopping_gaming_-of-population-with-risky-Sigma-Score-by-age_graph-1.svg"><img loading="lazy" decoding="async" class="alignnone wp-image-10014" title="holiday shopping gaming % of population with risky Sigma Score by age graph" src="https://media.socure.com/app/uploads/2023/12/holiday_shopping_gaming_-of-population-with-risky-Sigma-Score-by-age_graph-1.svg" alt="holiday shopping gaming % of population with risky Sigma Score by age graph" width="869" height="501" /></a>
One interesting note — there was a 31% increase in gamers aged 50+ from Fortune 500 company email domains. Based on this data, it appears that gaming marketers successfully attracted older players with more disposable income to participate in online betting on football games and fantasy football on these platforms.
Overall, the gaming industry’s fraud prevention performed well, allowing it to pull off what could have been a set of fraud trouble spots.
<h2>Fraudsters Don’t Take Holidays</h2>
As the holidays continue, organizations must assume these kinds of attacks linked to busier shopping and sports seasons, as well as potentially lower-staffed fraud teams, will mean continued spikes in attacks through the New Year.
Considering the spike in DDA application fraud attempts on Thanksgiving, and an influx of risky signals from OFAC-sanctioned countries, skeleton fraud staffing on holidays could expose companies to risk. This data also demonstrates the importance of having a holistic picture of risk. One or two risky elements don’t necessarily equal a fraud attack. But when you connect those data points within an identity graph and look at them across institutions with a consortium approach, only then do you gain a truly customer-centric view of risk.
The holiday shopping and return season, as well as major sporting events in early 2024, provide tempting targets for fraudsters. As consumers increasingly shift to digital transactions through credit cards, BNPL services, online gaming, and more, attackers will look to take advantage of every opportunity.
With the right third-party fraud and synthetic fraud controls in place, increased staffing during peak fraud times, and a data-driven defense strategy, companies can stay a step ahead.
By remaining vigilant, the spirit of the holiday season can continue spreading cheer — not fraud.

‘Tis the Season for Fraud Attacks: Banks, Credit Card, and BNPL Hit

Jasmine Chang

Related Posts