"The ease with which you can commit fraud these days and get goods delivered to your doorstep with little to no risk, is just too appealing to overlook," the report suggested. Most online retail fraud follows a simple two-step process:  Get a stolen credit card. Order goods from a retailer.

"As eCommerce continues its explosive growth, fraud has followed suit, making it very difficult for merchants to distinguish good customers from bad actors," Eido Gal, CEO of Riskified said. "Inefficient fraud prevention costs merchants billions in chargebacks, overhead and missed sales, so accurate decisions are a must."

The report found some key trends:

• A 297% rise in the number of false retailer websites designed to "phish" for customer credentials. In the third quarter alone, there was an average of 23 phishing sites per company, a significant increase from 2017.
• A 278% rise in stolen goods listed on black markets for resale.
• An average of 22.1 internal login pages or development servers exposed per retail company in 2018.
• Fake apps and social media profiles on the rise with a 469% spike in suspicious applications and a 345% increase in fake social media profiles (respectively) in the fourth quarter of 2017.

"Retailers are increasingly focused on driving sales through a variety of online channels — Facebook, SMS messaging, Instagram, Twitter and more — all of which provide an ideal opportunity for fraudsters to lure in new victims through phishing attacks as it is the most common way to obtain stolen credit card numbers," Guy Nizan, co-founder and CEO of IntSights Cyber Intelligence said. "As prime targets for cybercrime, retailers need to understand how their goods are being sold and bartered for on the dark web."

The report noted, "Although credit card information is not issued by retailers, they often store this information, and tend to have weaker security systems in place than financial companies." This makes retailers one of the most targeted groups for obtaining credit card data. Once stolen, credit card data can be used to fuel the trade of stolen credit card data on the dark web, and to defraud the same organizations from where they originated.

Among the methods used to obtain credit cards:

1. Phishing websites: One of the most common ways to get credit card data.
2. Point of sale malware: Infecting POS machines can generate hundreds to thousands of credit card numbers per day.
3. ATM skimmers: can copy the data of every card entered and send it to a hacker's server.
4. Malicious apps: by either mimicking a bank app or keylogging within a legitimate app, malicious apps can acquire card and bank data.
5. Trojan malware: This involves infecting a computer with keylogging and/or screenshot-taking programs that monitor activity on financial institution or credit company websites.
6. Social engineering: This can be a fake bank support call, a SMS message leading to a phishing site, a tax-return request, or a fake job proposal. Social engineering is hard to anticipate and defend against because it relies on a person's voluntary action.
7. Black markets: For some, it's as easy as going to black markets and buying a bunch of stolen credit cards that cost anywhere from $1 to $20 each, depending on the quality and freshness of the card.