(c) Copyright 2021 by Sift.com



Exposing the Multi-billion Dollar Fraud Economy


Confronting the Impact of a Booming Fraud Economy:

Fraud thrives in a business’s blind spots. Cybercriminals are well versed in the markets they target, and masters at circumventing security tactics to gain access to valuable data. Trust and safety analysts witness threats grow more sophisticated by the day, sprouting from endless digital channels and undermining the steps merchants take to
secure and streamline the customer journey. It’s an incredibly profitable system for fraudsters, too:
experts estimate that more than $1 trillion was lost globally to cybercrime in 2020, with ransomware attacks rising by over 40%, and email-delivered malware attacks up by ~600% compared to 2019.

Fraud vectors have evolved from siloed incidents—a compromised account here, a stolen credit card there—into different functions of the same machine, making a complex problem even more so. This shift has given rise to a vast, crowded, and interconnected network known as the Fraud Economy, with the majority of abuse vectors serving as means to an eventual payout. It’s an incredibly profitable system for fraudsters, too: experts estimate that more than $1 trillion was lost
globally to cybercrime in 2020, with ransomware attacks rising by over 40%, and email-delivered malware attacks up by ~600% compared to 2019.


Screenshot from 2021 06 10 13 23 19


The findings in this report are derived from Sift’s global network of customers, representing over 34,000 sites and apps using Sift, and focus on the dynamic state and rising impact of payment abuse. With these insights, merchant fraud teams can better navigate the aftermath of worldwide market disruption, and apply proven trust and safety strategies to proactively prevent payment fraud, scale operations, and contribute directly to business growth.



Vertical trends and insights


The pandemic played an influential role in how payment fraud changed and scaled in 2020. Incidentally, the relentless disruption felt across e-commerce also exposed the depth of the Fraud Economy, and the danger it poses for businesses. It’s more than a blanket term for online crime; it’s a sophisticated network of active cybercriminals with access to everything they need to exploit online businesses—and it operates on the same basic principles as the industries it impacts.

As a result, fraudsters are as knowledgeable about the mechanics of digital commerce as the legitimate merchants they target. They can accurately identify security vulnerabilities, and know how to use a merchant’s success against them. As internet traffic surged last year by between 50%-70%, the amount of money spent by online shoppers nearly doubled. Fraudsters seized on climbing transaction volumes and unanticipated consumer behaviors like stockpiling, driving the average value of attempted fraudulent purchases up by 69% year-over-year.


Screenshot from 2021 06 10 13 42 03


Fraudsters’ growing willingness to work together also contributes to the Fraud Economy’s steadily-growing reach
and complexity. In 2020, every market experienced some level of uncertainty or unexpected shifts in demand, and
fraudsters were quick to exploit those changes: when traffic tanked in transportation, cybercriminals attacked dormant
accounts for rewards points and payment data. Conversely, when volumes swelled in gaming and crypto, fraud rates
still rose—the byproduct of fraudsters banking on risk teams being too overwhelmed by surging traffic to catch them all.


Attempted fraud ballooned across Sift’s data network, driving year-over-year fraud rates wildly high in some industries. Loyalty merchants, which help businesses engage their customers, saw fraud rates jump by 275% as compared to 2019.


Attempted fraud


Screenshot from 2021 06 10 13 44 50


Fraudulent order values generally rose in tandem with expanding traffic. Gaming/gambling merchants were hit with illicit orders that doubled in value from 2019, followed by commerce marketplaces (similar to Etsy), on-demand services, lodging, and crypto exchanges, which saw illegitimate transactions grow by nearly half or more.


Four types of businesses were hit particularly hard by the burgeoning Fraud Economy: lodging merchants, omnichannel retailers, digital wallets, and professional marketplace companies each saw fraud rates and fraudulent order values rise considerably between 2019 and 2020—a problem compounded by pandemic-era market fluctuations.

Sift’s Trust and Safety Architects credit these higher- value attacks and ballooning fraud rates to the challenges e-commerce businesses faced under coronavirus restrictions: too many people cooped up at home, misinformation causing changes in consumer behavior, dormant user accounts, and fraudsters watching from the wings, ready to take advantage.



Old Tricks, New Schemes:

Automated attacks and counterfeit accounts

Bigger, faster, and more valuable online fraud attacks, happening across multiple verticals, are a clear sign of automation at work. Bots, scripts, and malicious software make the grunt tasks of cybercrime simple, and allow fraudsters to do more damage in less time. It’s specifically useful for accelerating card testing and credential stuffing—an easy route to pilfered profits, given that 65% of consumers repurpose usernames and passwords across multiple sites and services.

But the combination of tech and new tactics is causing the most concern among industry experts—fraudsters are weaving them together to supercharge new, sophisticated patterns of attack. Recently, Sift’s Data Science team identified a prime example of the Fraud Economy in action: a money-laundering fraud ring, dubbed Cart Crasher by Sift, targeting donation sites during a time of global turmoil and need—and subsequently, rising traffic worldwide.


In 2020, the pandemic drove online giving up by 20.7%, providing cover to fraudsters who “hide” behind traffic and
sift.com transaction surges, knowing that many merchants won’t be equipped to handle scaling demand and rising
fraud simultaneously.

Using stolen credit cards, fake accounts, and automated scripts to do the dirty work, this fraud
ring repeatedly funneled small amounts of money to themselves by setting up fake causes on various giving sites in order to request donations. After creating a separate recipient account to link to those funds, the fraudsters involved would use guest checkout—entering fabricated emails or usernames as verification—and stolen payment information to “donate” small increments of money to their own fake causes (typically around $5 USD).

With automation to execute these illicit transactions at inhuman speed, it’s a scheme with the potential to cheat merchants and consumers out of thousands of dollars—and allow fraudsters to use those ill-gotten gains to buy more stolen data on the dark web.


Unwelcome guests


Summer Schemes and In-app Abuse

Payment fraud always arrives in spikes and valleys across e-commerce, and evidence suggests that fraudsters execute
their most damaging, expensive attacks under the umbrella of increasing traffic and transactions; it would follow that the
holiday season would be prime time for fraud. But last year’s fraudiest day happened on June 26th—about 6 weeks earlier than 2019’s fraudiest day of August 11th—suggesting that cybercriminals are prepared to exploit predictable changes in order volumes and values that take place year round.

Fraudsters follow the money and the market. Mobile shopping was set to hit over $284 billion (45% of the total
U.S. e-commerce market) last year, and well over half of payment fraud in 2020 was attempted via mobile device,
increasing by 11% YoY. Conversely, desktop devices were only utilized in about one-third of payment abuse incidents—a
10% drop from 2019.


Fraud On The Go


Fraudsters are drawn to the convenience offered by mobile devices and apps, emboldened to shoot for more valuable targets far more frequently. But that’s not the only thing indicating that cybercriminals are focusing less on careful, covert crimes and more on getting what they want however they can. Sift’s Trust and Safety Architects recently uncovered an emerging fraud scheme taking place on the instant messaging app Telegram, where professional fraudsters are teaming up with opportunistic online criminals via chat forums, in order to defraud delivery apps—in full view of the public.

And while food and alcohol are only fourth on the list of fraudsters’ favorite items to buy with stolen funds, the velocity and volume with which grocery, delivery, and fast food orders occur (especially during the pandemic) makes it an extremely lucrative industry to attack. Topping that same list for different reasons are video game virtual currency, cryptocurrency, and site credits—digital payment types that only function in specific online environments, but that hold tangible cash and resale value.


Fraudsters Favorite


Category Hits: Highest-value attempted fraudulent purchases


Category hits


The goods fraudsters go after with the money they steal aren’t especially unusual, but the amount they’re attempting to spend on them is striking. And, while these items don’t appear to have much in common, they all share something critical to fraudsters on the hunt: they’re tough to trace, hard to return, and worth more than their monetary retail value alone. Each of these goods can either be digitally laundered or physically resold for an even greater profit—including the top-targeted Patek Philippe luxury watches.

Collectively, 2020 Sift network data illustrates a thriving Fraud Economy that grows more sophisticated, efficient, intricate,
and costly by the hour. As e-commerce matures globally and businesses individually scale, they’ll naturally attract more
customers—customers complete with credentials, credit cards, and user-generated content that fraudsters see as untapped opportunities for financial gain.

Payment abuse may be a core component of most cyberattacks, but to effectively prevent it, fraud teams need a broader understanding of vectors beyond stolen credit cards and cash. Spam, scams, fake content, account takeover, promo abuse—and more recently, fraudsters using these vectors concurrently—all act as gateways for fraudsters to undermine online security measures and hijack data. Without an advanced, end-to-end solution that successfully identifies and stops all types of abuse, trust and safety analysts will forever be left to face an enemy they don’t fully understand or know how to fight.


fraudsters payment type

Scaling Fraud Operations with Digital Trust & Safety

Cybercriminals have demonstrated that they can, and will, apply sophisticated strategies and adopt cutting-edge
technology to execute the most profitable attacks possible against online merchants. With Sift Digital Trust & Safety,
online businesses can quickly implement scalable fraud prevention strategies that don’t limit growth for the sake
of protection. Using patented, real-time machine learning and over 70B events per month from our merchant data
network, Sift proactively detects multiple types of abuse spawning from the Fraud Economy, enabling merchants
to refine, scale, and streamline their trust and safety operations with every transaction—and every intercepted attack.
Stay tuned for our next Digital Trust & Safety Index report to explore new online merchant and consumer
data, developing e-commerce fraud trends, and expert insights. You can also access any of our 2020 reports on our website.






1. Adage, “Rise Of Buy Now, Pay Later Brands Sparks New Lending Industry Marketing Battle.” https:// adage.com/article/cmo-strategy/rise-buy-now-pay-later-brands-sparks-new-lending-industry-marketing-

2. AtlasVPN, “Cybercrime cost the world over $1 trillion in 2020.” https://atlasvpn.com/blog/cybercrime-

3. Forbes, “COVID-19 Pushes Up Internet Use 70% And Streaming More Than 12%, First Figures Reveal.”

4. U.S. Census Bureau, “Advance Monthly Retail Trade Report.” https://www.census.gov/retail/index .html
5. Blackbaud Institute, “Online Giving Trends.” https://institute.blackbaud.com/charitable-giving-report/

6. Sift, “2020 E-commerce Fraud Data: Digital Trust & Safety Index Recap.” https://blog.sift.com/2021/2020-

7. Dark Reading, “New Fraud Ring “Bargain Bear” Brings Sophistication to Online Crime.” https://www.

8. Google, “Online Security Survey Google/Harris Poll February 2019.” https://services.google.com/fh/files/

9. Business Insider, “Rise of M-Commerce: Mobile Ecommerce Shopping Stats & Trends in 2021.” https://

10. FastCompany, “Report: Scammers will offer you cheap food delivery on Telegram, then pay for it with
stolen credit cards.” https://www.fastcompany.com/90603698/report-scammers-will-offer-you-cheap-