Aug 2685° in the Shade and They’re Playing “Jingle Bells”
The Time for E-Retailers to Put Together a Strong Security Strategy with Shared Customer Intelligence Is Now. ThreatMetrix Can Help.
National Retail Federation figures put total 2013 holiday retail sales – which includes November and December – at $601.8 billion, an increase of 3.8 percent over 2012. With sales only expected to increase this year, retail and most especially e-retail will be a tempting target for cybercriminals.
“Holiday shopping keeps coming earlier and earlier each year, with many e-retailers beginning to run holiday sales even before Thanksgiving,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “With less than four weeks between Black Friday and Christmas this year, e-retailers will experience an incredibly high number of transactions in a short period of time – and without the bandwidth to manually inspect every order, there will be a higher reliance on automated solutions. The question is ‘how many good customers get caught in the net this year?’”
The name Target has practically become as synonymous with data breach as with low prices. Not that you need reminding, but close to 40 million Target customers had their credit and debit card information compromised. And, of course, earlier this month, a Russian crime ring reportedly gained access to 1.2 billion username and password combinations and more than half-a-billion email addresses. Why should this particular crime concern e-commerce sites? Because the cybergang could very well use these stolen credentials to cash in big during the holiday shopping season via card-not-present transactions, account takeover and financial fraud.
Outlined are several holiday shopping trends retailers may expect and what they mean for online security.
- Increased Mobile Holiday Shopping – Across the ThreatMetrix network during October 2013 through December 2013, mobile traffic accounted for approximately 20 percent of all online sales. This number is expected to be even higher this holiday season with more transactions happening via mobile devices. Many retailers will be rolling out new mobile apps. Security could take a backseat to development to have the apps done in time for the holidays. For the sake of convenience, some businesses allow customers to bypass security steps on mobile devices. Obviously, this offers cybercriminals an opening. If rumors are true and Apple’s iPhone 6 comes equipped with an “Apple e-wallet,” brick-and-mortar retailers will also have to be extra cautious when it comes to transactions that take place through customers’ phones. This CNP could be a hot target for cybercriminals.
- Visa Checkout and Username/Password Transactions – This holiday season, many retailers will implement username and password transactions rather than having customers enter their credit card information at checkout. Visa Checkout, for example, lets customers check out from registered online retailers simply with their username and password using a secure backend system with contextual information to quickly and easily determine whether the transactions taking place on that account are authentic. Retailers who opt to set up their own username and password checkout system will see an increase in transactions taking place through that system. This poses a challenge when it comes to accurately identifying legitimate customers. These retailers should consider help from third-party automated identity and cyberthreat intelligence. Retailers with username and password systems should also urge customers not to use the same credentials across multiple sites, especially on sites where sensitive information is stored.
- Deleting Cookies –Deleting cookies is no longer cause for increased suspicion around a transaction because a significant number of shoppers now delete them on a monthly basis. With the high volume of orders this holiday season, retailers will be looking for reasons to accept an order, rather than slowing the order process and creating friction that hinders genuine users. Leveraging cookieless device identification and a shared global intelligence network, retailers can use a shopper‘s reputation to maintain security without hassling the customer.
- EMV and Increased Online Fraud – By October 2015, U.S. merchants must adopt Europay-MasterCard-Visa (EMV) global standard chip card payment systems. After this deadline, retailers and banks supporting magnetic stripe cards will be liable for fraud losses. While the goal of EMV is to decrease in-store fraud by getting rid of antiquated magnetic stripe technology that allowed cybercriminals to skim cards and steal information for example, the increased security measure in-store will likely lead to an increase in online fraud. Although an online fraud increase may not be readily apparent because many merchants have only just begun making the switch, e-retailers should consider EMV-readiness and have security measures in place prior to the 2015 deadline.
“While stopping fraud is essential, the primary goal for most retailers this season is maintaining a frictionless user experience for good customers,” said Faulkner. “Retailers need cybersecurity systems in place that are as good at recognizing good customers as they are at stopping fraud, and the best way to do this is through anonymized shared intelligence.”