Loading...

E-commerce fraud rates spike 33% in 2016

Published: March 28, 2017 by Guest Contributor

Florida, Delaware, Oregon and New York were the riskiest states for e-commerce fraud

e-commerce fraudMiami accounted for the most ZIP Codes ranked across shipping and billing fraud.

Where is e-commerce fraud taking place? Everywhere.

Last year we reported that 2016 e-commerce fraud attack rates were on pace to surpass the 2015 totals. At the time, the fraud attack rates for the first half of 2016 appeared to be at least 15% higher than the 2015 total. That percentage turned out to be much higher as e-commerce fraud increased to 33% in 2016 compared to 2015 according to Experian data.

View our e-commerce fraud heat map
See the top 100 riskiest cities in the United States.
Download the list today

Experian analyzed millions of e-commerce transactions from our 2016 client data to identify fraud attack rates for both shipping and billing locations across the United States. The data reveals the increase of e-commerce attacks in 2016, the geographical differences, and whether a credit card has been stolen or personal credentials have been compromised. Fraud attack rates represent the attempted fraudulent e-commerce transactions against the population of overall e-commerce orders.

The 2016 e-commerce fraud attack rate data shows:

  • Miami, FL., is where the riskiest ZIP™ Code comes from for both shipping and billing e-commerce fraud. Miami accounted for 17 of the top 100 ZIP™ Codes for shipping fraud and 20 of the top 100 for billing fraud.
  • 70% of e-commerce billing fraud came from three states – Florida, California and New York – based on the sum of fraud attacks
  • Delaware, Oregon, and Florida were the top-ranked states for billing and shipping e-commerce fraud in 2016
  • Oregon and Delaware saw an increase in e-commerce billing fraud attacks of over 200%.

Many of the higher-risk ZIP™ codes and cities are located near a large port-of-entry city or airport, making them ideal locations for reshipping fraudulent goods. This includes Miami, Houston, New York City, and Los Angeles, perhaps allowing criminals to move stolen goods more effectively. All those cities are ranked among the riskiest cities for both measures of fraud attacks.

Top 10 riskiest Billing ZIP™ Codes for 2016
33198 Miami, FL
33192 Miami, FL
33195 Miami, FL
33166 Miami, FL
91733 South El Monte, CA
33191 Miami, FL
91746 La Puente, CA
17064 Port Reading, NJ
66025 Eudora, KS
89423 Minden, NV
Source: Experian.com
Top 10 riskiest Shipping ZIP™ Codes for 2016
33198 Miami, FL
33166 Miami, FL
33191 Miami, FL
33195 Miami, FL
77036 Houston, TX
33192 Miami, FL
91733 South El Monte, CA
91746 La Puente, CA
66025 Eudora, KS
62694 Winchester, IL
Source: Experian.com


What is driving credit card fraud trends?

The biggest component of this trend is the fact that 2016 was a record year for data breaches. There were 1,093 data breaches last year, a 40% increase from 2015, according to the Identity Theft Resource Center. The recent Federal Trade Commission (FTC) 2016 Consumer Sentinel Network Data Book, announced a jump in consumers who reported that their stolen data was used for credit card fraud, from 16% in 2015 to more than 32% in 2016. The record number of data breaches is a signal that future fraudulent activities will take place. This is further reflected by the increase of consumers reporting credit card fraud to the FTC in 2016. So far in 2017, that same trend continues as the total number of breaches has increased 56% compared to the same time in 2016.

See our 2016 e-commerce fraud infographic
Compare fraud attack rates — and more — from 2015 to 2016 in our latest infographic.
Download today

Why are there geographical differences in ecommerce fraud?

Most e-commerce merchants have basic controls in place to validate that transaction billing information matches a particular account holder using things like the address verification service. So from a billing or victim perspective, attackers typically leverage the legitimate cardholder billing details in a fraudulent order. In order to maximize successful fraud attacks, they need to make the transaction appear as normal as possible. But from a shipping perspective, those same fraudsters often can’t rely on shipping to the cardholder’s address and trying to intercept the package. To acquire the proceeds of their fraudulent transactions, this is where attackers get creative, often using re-shippers or shipping “mules”, freight forwarders, or delivery addresses that do not raise suspicion but are nearby international ports or airports so the fraudulent order can be quickly picked up and shipped to its final destination (often overseas). That’s why we see such a big disparity between attacks by a victim or billing address being mostly evenly spread across the country vs. shipping attacks, which are mostly concentrated in coastal states with major port cities and airports. Delaware and Oregon are two exceptions to this flattening of victim attacks, as both states saw a more than 200% increase in billing attacks with only modest increases in shipping attacks. From a shipping perspective, 10 states saw at least a 100% increase in fraudulent orders, having a significant impact on the overall population attack rate.

Top 5 riskiest Billing fraud States
State Fraud Attack Rate
Delaware 69.0
Oregon 65.7
Florida 41.1
New York 28.0
Nevada 27.0
Source: Experian.com
Top 5 riskiest Shipping  fraud States
State Fraud Attack Rate
Delaware 44.8
Oregon 43.2
Florida 34.2
Alaska 26.2
Washington, D.C. 25.8
Source: Experian.com

Has the EMV switch affected fraud ecommerce rates at all?

The increase in e-commerce fraud follows a similar trend pattern from countries that previously rolled out EMV cards – UK, France, Australia, and Canada – that also saw gradual increases in card-not-present fraud. We suspect that the EMV liability switch and increased adoption by merchants of chip-and-pin enabled terminals have had a profound impact on driving up e-commerce attacks. Fraudsters that typically relied on committing counterfeit fraud have shifted their focus to the digital channels where they could have more success.  As more fraud attackers enter a rapidly growing mobile and online commerce space, that makes it even more difficult for merchants to differentiate their good customers from the sophisticated fraud attackers.

Our annual fraud attack rate data brings to light the increase of e-commerce attacks over the last year across the US. This latest data is a strong indicator that other types of fraud have already occurred and can help businesses understand how to better protect themselves and their customers. Whether a credit card has been stolen or personal credentials have been compromised.  Businesses need to expect an increase of e-commerce fraud over time and to be prepared.

If I run an ecommerce business what should I do to prevent fraud attacks like this?

Businesses need to anticipate an increase of e-commerce fraud over time and to be prepared.  The value of employing a multi-layered approach to fraud prevention especially when it comes to authenticating consumers to validate transactions cannot be understated. By looking at all the points of the customer journey, businesses can better protect themselves from fraud, while maintaining a good consumer experience.  Most importantly, having the right fraud solution in place can help businesses prevent losses both in dollars and reputation.

That layered fraud solution should pair transactional data elements with details about the user (and their previous history and behaviors), the device (and how they typically interact with the business and even understanding what the customers are purchasing and how it relates to the overall population of orders. Machine learning and automation are great complements in a holistic hybrid approach that pairs human intelligence and business rules with machine-based recommendations. We highly recommend that organizations partner with fraud experts who have visibility across peer organizations, the challenges facing the industry, and have been instrumental in solving those problems alongside merchants.

Related Posts

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus at nisl nunc. Sed et nunc a erat vestibulum faucibus. Sed fermentum placerat mi aliquet vulputate. In hac habitasse platea dictumst. Maecenas ante dolor, venenatis vitae neque pulvinar, gravida gravida quam. Phasellus tempor rhoncus ante, ac viverra justo scelerisque at. Sed sollicitudin elit vitae est lobortis luctus. Mauris vel ex at metus cursus vestibulum lobortis cursus quam. Donec egestas cursus ex quis molestie. Mauris vel porttitor sapien. Curabitur tempor velit nulla, in tempor enim lacinia vitae. Sed cursus nunc nec auctor aliquam. Morbi fermentum, nisl nec pulvinar dapibus, lectus justo commodo lectus, eu interdum dolor metus et risus. Vivamus bibendum dolor tellus, ut efficitur nibh porttitor nec. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Maecenas facilisis pellentesque urna, et porta risus ornare id. Morbi augue sem, finibus quis turpis vitae, lobortis malesuada erat. Nullam vehicula rutrum urna et rutrum. Mauris convallis ac quam eget ornare. Nunc pellentesque risus dapibus nibh auctor tempor. Nulla neque tortor, feugiat in aliquet eget, tempus eget justo. Praesent vehicula aliquet tellus, ac bibendum tortor ullamcorper sit amet. Pellentesque tempus lacus eget aliquet euismod. Nam quis sapien metus. Nam eu interdum orci. Sed consequat, lectus quis interdum placerat, purus leo venenatis mi, ut ullamcorper dui lorem sit amet nunc. Donec semper suscipit quam eu blandit. Sed quis maximus metus. Nullam efficitur efficitur viverra. Curabitur egestas eu arcu in cursus. H1 asdf asdf H2 H3 H4 Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum dapibus ullamcorper ex, sed congue massa. Duis at fringilla nisi. Aenean eu nibh vitae quam auctor ultrices. Donec consequat mattis viverra. Morbi sed egestas ante. Vivamus ornare nulla sapien. Integer mollis semper egestas. Cras vehicula erat eu ligula commodo vestibulum. Fusce at pulvinar urna, ut iaculis eros. Pellentesque volutpat leo non dui aliquet, sagittis auctor tellus accumsan. Curabitur nibh mauris, placerat sed pulvinar in, ullamcorper non nunc. Praesent id imperdiet lorem. H5 Curabitur id purus est. Fusce porttitor tortor ut ante volutpat egestas. Quisque imperdiet lobortis justo, ac vulputate eros imperdiet ut. Phasellus erat urna, pulvinar id turpis sit amet, aliquet dictum metus. Fusce et dapibus ipsum, at lacinia purus. Vestibulum euismod lectus quis ex porta, eget elementum elit fermentum. Sed semper convallis urna, at ultrices nibh euismod eu. Cras ultrices sem quis arcu fermentum viverra. Nullam hendrerit venenatis orci, id dictum leo elementum et. Sed mattis facilisis lectus ac laoreet. Nam a turpis mattis, egestas augue eu, faucibus ex. Integer pulvinar ut risus id auctor. Sed in mauris convallis, interdum mi non, sodales lorem. Praesent dignissim libero ligula, eu mattis nibh convallis a. Nunc pulvinar venenatis leo, ac rhoncus eros euismod sed. Quisque vulputate faucibus elit, vitae varius arcu congue et. Ut maximus felis quis diam accumsan suscipit. Etiam tellus erat, ultrices vitae molestie ut, bibendum id ipsum. Aenean eu dolor posuere, tincidunt libero vel, mattis mauris. Aliquam erat volutpat. Sed sit amet placerat nulla. Mauris diam leo, iaculis eget turpis a, condimentum laoreet ligula. Nunc in odio imperdiet, tincidunt velit in, lacinia urna. Aenean ultricies urna tempor, condimentum sem eget, aliquet sapien. Ut convallis cursus dictum. In hac habitasse platea dictumst. Ut eleifend eget erat vitae tempor. Nam tempus pulvinar dui, ac auctor augue pharetra nec. Sed magna augue, interdum a gravida ac, lacinia quis erat. Pellentesque fermentum in enim at tempor. Proin suscipit, odio ut lobortis semper, est dolor maximus elit, ac fringilla lorem ex eu mauris. Phasellus vitae elit et dui fermentum ornare. Vestibulum non odio nec nulla accumsan feugiat nec eu nibh. Cras tincidunt sem sed lacinia mollis. Vivamus augue justo, placerat vel euismod vitae, feugiat at sapien. Maecenas sed blandit dolor. Maecenas vel mauris arcu. Morbi id ligula congue, feugiat nisl nec, vulputate purus. Nunc nec aliquet tortor. Maecenas interdum lectus a hendrerit tristique. Ut sit amet feugiat velit. Test Yes asedtsdfd asdf asdf adsf Related Posts

Published: March 1, 2025 by Jon Mostajo, test user

Romance scams target individuals of all ages and backgrounds. Financial institutions need to protect their customers from these schemes.

Published: February 5, 2025 by Alex Lvoff

As data breaches become an ever-growing threat to businesses, the role of employees in maintaining cybersecurity has never been more critical. Did you know that 82% of data breaches involve the human element1 , such as phishing, stolen credentials, or social engineering tactics? These statistics reveal a direct connection between employee identity theft and business vulnerabilities. In this blog, we’ll explore why protecting your employees’ identities is essential to reducing data breach risk, how employee-focused identity protection programs, and specifically employee identity protection, improve both cybersecurity and employee engagement, and how businesses can implement comprehensive solutions to safeguard sensitive data and enhance overall workforce well-being. The Rising Challenge: Data Breaches and Employee Identity Theft The past few years have seen an exponential rise in data breaches. According to the Identity Theft Resource Center, there were 1,571 data compromises in the first half of 2024, impacting more than 1.1 billion individuals – a 490% increase year over year2. A staggering proportion of these breaches originated from compromised employee credentials or phishing attacks. Explore Experian's Employee Benefits Solutions The Link Between Employee Identity Theft and Cybersecurity Risks Phishing and Social EngineeringPhishing attacks remain one of the top strategies used by cybercriminals. These attacks often target employees by exploiting personal information stolen through identity theft. For example, a cybercriminal who gains access to an employee's compromised email or social accounts can use this information to craft realistic phishing messages, tricking them into divulging sensitive company credentials. Compromised Credentials as Entry PointsCompromised employee credentials were responsible for 16% of breaches and were the costliest attack vector, averaging $4.5 million per breach3. When an employee’s identity is stolen, it can give hackers a direct line to your company’s network, jeopardizing sensitive data and infrastructure. The Cost of DowntimeBeyond the financial impact, data breaches disrupt operations, erode customer trust, and harm your brand. For businesses, the average downtime from a breach can last several weeks – time that could otherwise be spent growing revenue and serving clients. Why Businesses Need to Prioritize Employee Identity Protection Protecting employee identities isn’t just a personal benefit – it’s a strategic business decision. Here are three reasons why identity protection for employees is essential to your cybersecurity strategy: 1. Mitigate Human Risk in Cybersecurity Employee mistakes, often resulting from phishing scams or misuse of credentials, are a leading cause of breaches. By equipping employees with identity protection services, businesses can significantly reduce the likelihood of stolen information being exploited by fraudsters and cybercriminals. 2. Boost Employee Engagement and Financial Wellness Providing identity protection as part of an employee benefits package signals that you value your workforce’s security and well-being. Beyond cybersecurity, offering such protections can enhance employee loyalty, reduce stress, and improve productivity. Employers who pair identity protection with financial wellness tools can empower employees to monitor their credit, secure their finances, and protect against fraud, all of which contribute to a more engaged workforce. 3. Enhance Your Brand Reputation A company’s cybersecurity practices are increasingly scrutinized by customers, stakeholders, and regulators. When you demonstrate that you prioritize not just protecting your business, but also safeguarding your employees’ identities, you position your brand as a leader in security and trustworthiness. Practical Strategies to Protect Employee Identities and Reduce Data Breach Risk How can businesses take actionable steps to mitigate risks and protect their employees? Here are some best practices: Offer Comprehensive Identity Protection Solutions A robust identity protection program should include: Real-time monitoring for identity theft Alerts for suspicious activity on personal accounts Data and device protection to protect personal information and devices from identity theft, hacking and other online threats Fraud resolution services for affected employees Credit monitoring and financial wellness tools Leading providers like Experian offer customizable employee benefits packages that provide proactive identity protection, empowering employees to detect and resolve potential risks before they escalate. Invest in Employee Education and Training Cybersecurity is only as strong as your least-informed employee. Provide regular training sessions and provide resources to help employees recognize phishing scams, understand the importance of password hygiene, and learn how to avoid oversharing personal data online. Implement Multi-Factor Authentication (MFA) MFA adds an extra layer of security, requiring employees to verify their identity using multiple credentials before accessing sensitive systems. This can drastically reduce the risk of compromised credentials being misused. Partner with a Trusted Identity Protection Provider Experian’s suite of employee benefits solutions combines identity protection with financial wellness tools, helping your employees stay secure while also boosting their financial confidence. Only Experian can offer these integrated solutions with unparalleled expertise in both identity protection and credit monitoring. Conclusion: Identity Protection is the Cornerstone of Cybersecurity The rising tide of data breaches means that businesses can no longer afford to overlook the role of employee identity in cybersecurity. By prioritizing identity protection for employees, organizations can reduce the risk of costly breaches and also create a safer, more engaged, and financially secure workforce. Ready to protect your employees and your business? Take the next step toward safeguarding your company’s future. Learn more about Experian’s employee benefits solutions to see how identity protection and financial wellness tools can transform your workplace security and employee engagement. Learn more 1 2024 Experian Data Breach Response Guide 2 Identity Theft Resource Center. H1 2024 Data Breach Analysis 3 2023 IBM Cost of a Data Breach Report

Published: January 28, 2025 by Stefani Wendel

Subscribe to our blog

Enter your name and email for the latest updates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Subscribe to our Experian Insights blog

Don't miss out on the latest industry trends and insights!
Subscribe