Published: October 17, 2022
Reading time: 4 minute read
Written by: Forter Team

Digital goods are evolving quickly as an industry — from cryptocurrency, NFTs, and metaverse goods to more familiar areas such as ticketing, digital services, gift cards, and gaming assets. And because of this rapid growth and evolution in the digital goods sector digital commerce, the market has seen unique challenges in fighting digital commerce fraud and abuse.

Forter provides account protection and decisions at checkout for a wide range of digital goods and services merchants and marketplaces on a global scale. In 2021, our team saw a 51% increase in Total Payment Volume (TPV) from 2020. And in 2022, Forter is projecting that the year will finish with a TPV that is 65% higher than 2021.

This reflects not only Forter’s dominance in the market but also the sheer growth of digital goods in general. And as they’ve expanded in scale, consumers have become equally more accustomed to operating and interacting online.

Digital goods is an industry that’s growing in variety and complexity as time progresses. This, plus our driving need to ensure merchants and marketplaces using Forter are well protected, means that we’re constantly analyzing trends and attack methods to ensure we’re on top of what’s happening in this challenging and fascinating industry. Here are five trends worth keeping an eye on:

Events and Ticketing

After a tough 2020, events and ticketing bounced back faster than many analysts expected and are continually growing. Those who couldn’t get out during the pandemic couldn’t wait to get out once it was possible again, and the proof is in the numbers, as Forter saw TPV increases of more than 2.3x from 2020 to 2021 and 3.5x from 2021 to 2022.

This has also proven, however, to be an opportunity for fraudsters, who are delighted to jump on the bandwagon and hide among the flood of good customers. Ticketing has qualities that make it particularly attractive to fraudsters — not only are the goods digital, and thus easy to receive and resell, but they’re also of a type that consumers are used to buying secondhand — making the fraudster’s monetization job easier.

There’s also the last-minute aspect. Last-minute purchases are standard in this industry, and ticketing sites know that and need to accommodate the many good, spontaneous customers. Fraudsters love last-minute checkout because it is unlikely that the owner of the payment method they’re using will notice what’s going on before it’s too late. This combination of factors puts manual review teams under a lot of pressure — something we’re proud to be able to help relieve with Forter’s instant decisions at checkout.

Given this context, it’s no surprise that fraud pressure in the events and ticketing vertical nearly doubled from 2021 to 2022.

ATO-No

There’s a common misconception that account takeover (ATO) and digital goods go together hand-in-glove, and that’s true when a fraudster already has access to an email account. This is relatively rare, however, as most attacks against digital goods sites use the more standard process of stolen credit card (or other payment methods) fraud. In other words, digital goods are just another kind of good, as far as fraudsters are usually concerned.

In this case, ATO represents an extra step of effort — which is often not worth it for the ROI-conscious fraudster — because digital goods are usually sent to customers’ email addresses. That makes a successful attack at checkout useless unless the fraudster has access to the email account.

Card Testing

On the other hand, card testing and digital goods are a natural fit — so much so that this use case is the exception to the ATO trend.

With card testing, fraudsters use the merchant’s site to see if the credit card still works. Digital goods are ideal because fraudsters can expect instant responses, and low-dollar purchases are not abnormal. Since the fraudster isn’t interested in the goods they’re attempting to purchase, ATO is popular as part of this attack method. The account’s good reputation makes the purchase more likely to be approved at checkout, and the fact that the fraudster can’t access the email with the goods is irrelevant.

Card Testing and Decline Rates

It’s worth noting that the prevalence of bots and scripts within card testing is a trend that is appearing more frequently. The intensive scale that these attack methods work means that a card testing attack can significantly impact a company’s decline rate.

With Forter, digital goods marketplace Fiverr cut their decline rate by 50% – which is not unusual. However, this area is the exception that proves the rule. In the event of bots and scripts, a higher decline rate may reflect the successful blocking of a wave of card testing – which is a good thing. Not only is monitoring these trends good for understanding when potential waves of attacks happen, but it’s also essential to be able to explain them internally.

Seller Collusion

Seller collusion is not a trend that is expanding dramatically, but its rate does seem to keep pace with the growth of digital goods in marketplaces.

Collusion is a simple method used for various bad activities — from money laundering and selling illegal items to feedback padding, all of which boost the online profile of the account.

Forter’s probabilistic linking capabilities put us in a unique position to identify seller collusion in marketplaces by recognizing that the purchaser and the seller are linked and, in fact, the same person, so we find it particularly interesting to dive into this trend regularly and see how it’s evolving. Our team has estimated this particular form of fraud constitutes around 1 to 1.5% of volume on marketplaces.

 


About Forter

Forter is the Trust Platform for digital commerce. We make accurate, instant assessments of trustworthiness across every step of the buying journey. Our ability to isolate fraud and protect consumers is why Nordstrom, Sephora, Instacart, Adobe, Priceline, and other leaders across industries have trusted us to process more than $500 billion in transactions.

4 minute read