Christmas Holiday Fraud Trends 2022/2023 – Exclusive SEON Data

As the days grow shorter and festivities draw nearer, SEON’s data scientists worked hard as Christmas elves to find, consolidate, analyze and put in context the fraud activity observed over the previous holidays so we can identify and share the trends and types of malicious activity to expect and guard against this year.

Our findings will shed light on Christmas fraud trends, as well as consumer trends, and advise on what to watch out for.

How Much Online Fraud Is There at Christmas? 

First off, we consulted our internal data across the 2021 Christmas period to see just how much fraud there has been among our customers. SEON’s fraud fighting figures confirm that the holidays are not just a time of mirth and jolly for the everyday person but for criminals too.

Overall, 9.68% of user actions monitored by SEON over Christmas were suspicious. By this, we refer to transactions that were deemed to be high risk enough to block or to flag for review.

Meanwhile, the average rate of fraudulent transactions for 2022 so far is 3.85%. From January 1 to December 5, 2022, SEON’s flexible, modular APIs conducted over 851 million checks of user transactions. Of those, 32.75 million were ultimately declined as fraudulent – preventing losses to revenue, customer loyalty, reputation and growth – out of 9.03% initially flagged as suspicious.

Another thing to keep in mind is that there are noticeable differences based on the industry.

As you’ll see below, the online retailers we protect were on the receiving end of a lot of fraud in the week before Christmas and New Year’s. Meanwhile, the highest fraud activity for our iGaming partners was between the 10th and 17th of December, with attempts dropping somewhat later in the month.

Christmas Fraud – What Should You Expect?

Overall, SEON caught and declined 2,781,668 fraudulent Christmas transactions from November 30, 2021 to January 6, 2022, protecting our customers’ bottom line – and their own customers as well. 

Remember that this is internal SEON data only. Once you start considering how many companies do not monitor for fraud using software at all, and the fact others may choose different fraud prevention software to do so, the numbers become dizzying. Christmas fraud is massive.

Such transactions are flagged as fraudulent right away or deemed suspicious – a grey area for the company. In the latter case, some of SEON’s customers choose to funnel the traffic to additional automated verification, to gather more data for further analysis. Others will choose or combine this with manual reviews by fraud analysts and fraud managers.

Following our traffic lights system, any customer action the business wants to monitor goes through a series of customizable risk rules to provide a fraud score. This means everything from a log-on to a payment, account creation, etc., depending on your industry and risk appetite.

Based on the fraud score generated, such activity will be labeled as:

• Minimal risk/APPROVE: Those that are demonstrable as legitimate when scrutinized can enjoy a completely frictionless customer experience. 
• Medium risk/REVIEW: We will ask individuals flagged as potentially (but not certainly) fraudulent for additional information and/or scrutinize them more closely, to ensure there are no false positives that slip through the cracks. This means we can approve even more transactions and maximize revenue.
• High risk/DECLINE: Those with a very high risk score will be automatically blocked from completing their action or even blocked and blacklisted from the platform, if that is preferred.

When Are You More at Risk from Holiday Fraud?

According to SEON data, the rise in all consumer activity as well as the web search trends we’ve looked at correlate with the peak of fraudulent activity: between December 11 and December 16. That is when most online criminals set in motion their most mischievous schemes for holiday fraud.

Overall, SEON caught and declined 2,781,668 fraudulent Christmas transactions from November 30, 2021 to January 6, 2022, protecting our customers’ bottom line – and their own customers as well. 

Another interesting point to keep in mind is exactly when fraudsters are more active and make up more of your customer activity.

In other words, we are referring to those days when the ratio of fraudulent to legitimate customer activity is particularly high.

The highest risk dates for fraud rates in December are the 5^th, 12^th, 13^th, 14^th, and 15^th. Merchants and other online companies may want to increase their fraud protection and even employ more fraud analysts on these days, for maximum efficiency.  

Specifically, let’s look at some key dates when we’ve seen almost twice the fraud we normally expect:

What Are the Biggest Risks to Businesses at Christmas?

To understand the top fraud trends for the holiday period, we looked at the types of rules that were triggered as suspicious during the same period last year. There was a clear pattern identified, all to do with the browser the customer is connecting with.

Back during Black Friday weekend, the fraud trends we observed had to do with fake accounts and freshly created email addresses.

This time round, it’s all about browser data. Old (5+ years) and suspicious browsers (bots, high-risk or privacy browsers) are trending.

• Suspicious browsers: The fraud we stopped last Christmas was largely due to a massive 1246% increase in the use of suspicious browsers. What does this mean? Browsers with unusual or very old version numbers or dates, for example. This could be partly explained by visits to friends and family who don’t use or update their software as often, but it is worth taking into account when gauging a user’s true intentions.
• Bot activity: Over Christmas, fraudulent bot activity increased by 255.36%. Bots are automated scripts used in isolation or combined into botnets. They are utilized by fraudsters to help scale their schemes and make them more efficient.
• Suspicious devices: One of the myriad ways in which SEON’s solutions identify potential threats is by looking at unpopular hardware and software configurations. In this case, there was a 212.5% rise in very unpopular device screen resolutions – which usually signals the use of emulators or similar tools to spoof hardware and software.
• Privacy browsers: These include software like the Tor Browser and AntBrowser to access online shops, iGaming websites, travel websites and so on. There are both legitimate and fraudulent reasons why someone might use these, so they are just one data point to consider in combination with hundreds of others.
• Use of VPNs: VPNs are used to spoof someone’s location. The purpose could be as innocent as wanting access to a YouTube video you’re not supposed to watch from that country, all the way to multi-accounting attempts to conduct money laundering activity.

Top Holiday Fraud Trends to Watch

The increased volume in overall online purchases made during the gift-giving season can make catching fraud a needle-in-a-haystack proposition. Fraudsters will take advantage of the massive numbers of transactions to hide in plain sight over Christmas.

Here are some common but decidedly un-festive holiday fraud trends:

• Shifts in payment behavior: Online purchases will naturally lack the physical payment security of in-store EMV chip card purchases. Meanwhile, online retailers will want to keep digital security measures low to keep the customer journey smooth. Higher volumes of overall sales may motivate stores to raise their thresholds for detecting risky transaction values, adjusting risk software to approve purchases that might otherwise trigger manual review. This lowers holiday shopping friction but also lowers security, so consider the balance that works for you.
• Uncommon shipping patterns: Many fraud prevention solutions will be looking for anomalies in shipping patterns and comparing addresses for signs of potentially fraudulent behavior. The holiday season presents unique challenges in this regard but one should keep in mind that customers are more likely to travel and thus pay from countries that don’t match their card issuing country. Towards the end of the year, there will be a large uptick in online purchases made from one address but shipped to another too – this isn’t always a fraudulent drop address. Relaxing controls on geography-based risk metrics will allow for faster purchases, but also more losses to fraud. The balance is delicate. 
• Chargeback fraud: In terms of holiday fraud trends, chargebacks are a sad inevitability. Fraudulent chargebacks are not only disproportionately detrimental to bottom lines; they also muddy the waters of genuine chargeback claims – while the complicated logistics of the holiday season result in more of these as well. Shoppers are more likely to initiate an illegitimate chargeback due to:
  • holiday buyer’s remorse
  • purchases they don’t remember making during holiday spending sprees
  • making a purchase they always intended to use and then return
• Account fraud: Alongside the increasing prevalence of phishing, account takeovers also increase during the holidays. Fraudsters will use card information and personal data stored in consumer accounts to make illegitimate purchases. While all ecommerce verticals are susceptible to ATOs, certain services should take particular care of their customer account security. In particular, BNPLs, which defer payments, and services that promise extremely fast payment processing and delivery give fraudsters more time to make their getaway.
• Mule behavior: Taking advantage of the desperate and willfully ignorant is easier during the holiday season, when consumer attitudes and psychology shift. Mules do the legwork when it comes to hiding the source of illegitimately acquired money or goods. Sometimes a cybercriminal may recruit legit customers to act as mules, but a customer may become one unknowingly too.
• Phishing: Holiday shoppers feeling the financial pinch of holiday spending may be more likely to be duped into phishing scams. Fraudsters, through any channel available – phone, text, email, website – will be seeking to skim personal identifying information wherever possible. Any data stolen will inevitably be used to take over ecommerce accounts, make unauthorized purchases, and otherwise wring as much money out of a persona as possible. 

When Do We Shop for Christmas?

According to the volume of customer activity among our ecommerce partners, it seems like most people do their gift shopping 1–2 weeks before Christmas Eve. During the Christmas season, you will notice both a huge spike in overall sales volumes as well as a spike in chargebacks.

Specifically, the peak is between December 6 and 16. Online, the 21^st and 22^nd of December have also proved to be popular days for all online consumer activity, with SEON monitoring around 2 million user actions each.

Interestingly, the very lowest levels of online consumer activity were observed on Christmas day, with just over 1.43 million customer actions. New Year’s Day comes second-lowest, at 1.57 million user actions regardless of the type of organization. This was observed across the various sectors that SEON serves as an industry-agnostic fraud prevention solution.

The observations align with the Google Trends data for Christmas-themed searches – for instance, for “Christmas gift” below. Fun fact: The correlation between declines in the SEON system and Google searches for this festive keyword is huge – 0.8021!

How to Stop Fraud During the Holidays

To handle increased holiday transaction volumes, ecommerce marketplaces of all sizes need to increase the resources they assign to stopping fraud. An effective golden quarter prevention program will also be multi-faceted.

Fraudsters will be approaching their victims from different angles. To address the aforementioned holiday fraud trends, consider implementing these strategies:

• Dynamic friction: A strategy of dynamic friction can be used to passively scan a user’s setup, IP address and any information they provide, such as an email, to come up with a fraud score. Based on this, you then only introduce friction to the shopping journey of those who haven’t already been proven to be fully trustworthy – while obvious fraudsters are banned right away and good customers experience a frictionless journey.
• Velocity checks: Fraud teams should also be on the lookout for high numbers of card declines that might indicate an account used for testing stolen credentials – as well as mismatches in submitted billing addresses and registered card addresses.
• Seasonal adjustments: To maximize sales via a minimum-friction shopping experience during the holiday rush, retailers would be wise to loosen thresholds on shipping address disparities but tighten them on unusual velocities in shipping behavior. For example, monitoring might reveal that a single computer ordered a single product to multiple addresses at a high frequency, or several accounts at apparently disparate locations all send the same purchase to one address at an industrial park – both potential signs of malicious activity but not uncommon over the gifting period either.
• Prevent chargebacks: To minimize the impact of chargebacks on a company’s returns, retailers will want to promote refunds over chargebacks:
  • Make language clear and understandable around return policies and customer satisfaction, as well as the descriptions of merchants and items themselves.
  • Have detailed documentation and keep records of customer interactions. In addition to driving customer satisfaction post-delivery, good customer service also goes a long way to preventing “friendly” fraudulent chargebacks.
  • Give customer service teams the resources to stay on top of communications and processing refunds so customers don’t feel they have to turn to the bank for a much more detrimental chargeback request.
• Monitor changes in patterns: Preventing ATOs is a complicated prospect, as much of the prevention is handled by the customer. Keeping customers educated on good password practices and general account security is the first line of defense. But also keep your fraud fighting software looking for cases where account behavior suddenly changes. This is a more difficult prospect during the holiday season, when macro-spending patterns change.
• Promote strong passwords: In the case of holiday phishing scams, an educated user base is again the first and best security measure. Asking customers to have good password hygiene – changing strong passwords often or using a password manager – and to be aware of existing scams du jour is most of what can be done preventatively. On the company’s side, accounts that fall victim to phishing scams can be flagged by monitoring for the behaviors above, especially card data mismatches, excessive failed password attempts, and unusual purchase values and velocities.

With a well-thought-out strategy and sophisticated fraud fighting software on their side, merchants can prevent holiday fraud without negatively affecting legitimate Christmas shoppers.