Online Fraud is Costing Your Business More Than You Think: Insights from RSA 2023

What do you know about online fraud? That’s one key question we consider to best serve and protect our customers. At RSA Conference 2023, we asked attendees what they know about online fraud and how it affects them and their organization.

Here’s what we learned:

The majority (63%) of people underestimate the financial costs of online fraud by several million dollars.

Most of our respondents guessed that online fraud costs businesses anywhere from $500,000 to $3 million annually.

In reality, online fraud costs businesses, on average, $4.5 million per year.

Respondents on LinkedIn were slightly better at estimating the true cost, with 59% accurately guessing that online fraud costs businesses between $3 million and $5 million each year.

Online (or “internet”) fraud can occur via websites, web applications, mobile apps, and email. Unfortunately, our increasingly digital world creates more opportunities for cybercriminals to attack users and businesses by the second, and online fraud attacks grow increasingly difficult to detect and stop. 

Common types of online fraud include:

• Account Takeover (ATO) Fraud
• Ad Fraud, Click Fraud, and Voting Fraud
• Credential Stuffing and Brute Force Attacks
• E-Commerce Fraud and Online Retail Fraud
• Fake Account Creation
• Identity Theft
• Payment Fraud (Carding, Chargeback Fraud, Coupon Fraud, Invoice Fraud, etc.)
• Phishing (to Steal Credentials, Card Information, etc.)

Preventing online fraud is a necessity for every business operating online today. Most vigilant business leaders know that fraud prevention is a necessary investment to avoid risking millions of business dollars each year.

58% of respondents know their organization has been exposed to bot attacks over the past two years.

Another 32% are unsure if their organization has been exposed, and only 10% say their organization has not been exposed.

Cybercrime continues to grow more scalable and profitable for fraudsters due to technology advancements, such as easier access to AI, machine learning (ML), residential proxies, and bots. Bots do the heavy lifting, working automatically to carry out fraud for bot operators. 

Bots can attack a business by the tens of thousands, and they don’t need any breaks. Many different kinds of attacks leverage malicious bots, but the most common are:

• Account Takeover (ATO)
• Brute Force (Credential Stuffing) Attacks
• Card Fraud
• DoS/DDoS 
• Scalping
• Spam
• Web Scraping (the “Gateway Threat” to More Damaging Attacks)

When bot attacks steal users’ personally identifiable information (PII), accounts, and payment details, even one successful attack can be catastrophic. And most people agree that the damage goes far beyond financial costs.

63% of respondents believe reputational damage is the most detrimental business consequence of online fraud.

Other consequences, like degrading site performance and financial costs of fraud (e.g. chargebacks) didn’t even come close.

Interestingly, LinkedIn respondents were more concerned with the performance impact (67%) of fraud than the reputational consequences (33%).

All in all, depending on the type of fraud attacks your business faces, you can lose anything from website content to millions of dollars in fines for not protecting customer data. On top of that, falling victim to ransomware attacks, data breaches, and other malicious campaigns can make your business front page news and cause irrevocable damage to your brand reputation.

Effective online fraud prevention can save your business a lot of money, time, and effort dealing with the after effects of an attack by proactively protecting your business and customers from fraud before it happens.

Most people are worried about becoming victims of account fraud in their personal lives.

Account takeovers and fake account creation are on the rise, and most respondents—79%—were either very concerned (58%) or somewhat concerned (21%) about it.

On LinkedIn, a full 86% of respondents were concerned about becoming victims of account fraud.

Spotting the Signs & Stopping Fraud

Account takeovers (ATOs) replace your legitimate human customers with bots hiding behind real customer accounts, making the fraudulent activity much harder to spot. For e-commerce sites, this might lead to more transaction disputes, chargebacks, and customer churn, and eventual damage to your brand’s reputation. 

ATO prevention software automates fraud protection for you, looking at all the small signals that indicate when something is wrong and stopping cybercriminals before they cause problems.

With fake account creation, cybercriminals use bots to automatically create new (fake) accounts specifically to commit fraudulent activities, like distributing false information, spreading malware, and influencing product reviews. But how do you determine whether a new user account is being created by a bot? 

You don’t want to add friction to the account creation process, because that might drive real users away. Like ATOs, fake accounts can be spotted through a series of small behaviors, so a powerful bot detection solution can efficiently identify suspicious behavior to automatically block fake account creation on autopilot.

Protect Your Business From Online Fraud With DataDome

The results of our survey at RSA confirmed that most people understand how dangerous online fraud is and realize they are at risk, both personally and professionally. 

The most comprehensive protection against online fraud is specialized bot and online fraud protection that leverages machine learning detection and provides proactive and evolving security measures to protect your site from malicious bots and fraudsters. 

DataDome offers a complete bot and online fraud protection solution as a service, making it incredibly easy and quick to install on any infrastructure. Our powerful detection engine reviews every single web request made to your website, mobile app, or API anew and determines the intent in less than 2 milliseconds.

DataDome’s solution processes 5 trillion signals per day, scaling new information to ensure the protection of enterprises across the globe, at the edge, in real time.

See the detection dashboard for yourself, free for 30 days.