Back-to-School Marks Open Season on Online Retailers

Posted August 14, 2017

Back-to-School Marks Open Season on Online Retailers

Three types of people tend to look forward to the new school year — parents, retailers and the cybercriminals who target them.

It’s pretty clear why this time of year matters to retailers. Back-to-school is retail’s second biggest season, and 2017 is expected to be a blockbuster. Sales are expected to surge 4 percent to $858 billion, with online spending expected to see a 15-percent increase this year to $74 billion.

Those booming sales numbers also matter to cybercriminals. And, according to the Q2 Cybercrime Report, far too many retailers are about to get schooled on the kind of rapidly evolving cyberthreats that have led to a record 144 million cyberattacks detected and stopped by ThreatMetrix in just the past three months.

Big Trends on Campus

Several factors make this back-to-school season critical for many retailers.

After a post-recession spike in 2012, seasonal sales drifted steadily downward through fall of 2015 before showing signs of life last year. This year, consumer confidence and a marked increase in college enrollment are expected to converge in a perfect storm for retailers.

But it’s the cyberthreats lurking behind these shifts that could ultimately decide the winners and losers in this critically important selling season.

Retail’s Mobile Madness

With the forward edge of Generation Z heading to college armed with mobile phones, back-to-school shopping is now squarely moving mobile.

The National Retail Federation reports 43 percent of consumers plan to use their mobile phones for back-to-school shopping—up 10 percent in the past five years.

Meanwhile, 63 percent of parents plan to use mobile devices in some way when shopping for their children—doing research, taking photos of products under consideration, price comparisons and so on. More than 30 percent plan to do at least one-quarter of their actual shopping via mobile.

Overall, 47 percent of all retail transactions now occur on mobile phones—an increase of 40 percent year over year. Unfortunately, this shift hasn’t gone unnoticed by cybercriminals, who are turning their attention toward the booming mobile economy.

Last quarter, online retailers experienced 88 million attacks. That’s a 41-percent increase year over year—and an increase of nearly 20 percent in just one quarter.

What’s driving this spike? One factor is the growing number of consumers who open and manage new retail accounts entirely through their mobile devices.

Another is fraudsters looking to capitalize on consumers’ growing propensity to save credit card information on trusted retail apps.

Gifts That Keep on Giving

Perhaps propelled most prominently by this year’s increase in college students, retailers are expected to see a volume shift to non-traditional forms of shopping, including gift cards.

Together with expanded adoption of free and same-day shipping, gift cards can be especially appealing to last-minute shoppers and college students making purchases once they’re settled in dorm rooms.

Fraudsters will increasingly capitalize on these trends through a number of attack modes. Some will obtain stolen card numbers and drain the value from accounts—a double whammy for consumers, since gift cards typically lack the same fraud liability protections of credit cards.

Far more will make gift card purchases using stolen credit card numbers, and then place fraudulent purchases on merchant sites.

School of Hard Knocks

Behind these and so many other cybercrime trends is the proliferation of identity credentials stolen through countless corporate data breaches in recent years.

In 2016 alone, 4.2 billion personal credentials were compromised worldwide, making it shockingly easy for fraudsters to harvest credit card numbers, user names, passwords and more on the dark web.

With this information in hand, thieves can take over existing accounts, or create fraudulent new ones. Once breached through a login attack, for instance, retail accounts offer a platform for direct theft, fake product reviews, and the monetization of other credit card details, making them especially fertile ground for sustained and pernicious attacks.

Many fraudsters automate the effort through the use of bots that continuously test new credentials in order to hijack or create accounts. In Q2, there were nearly 300 million such bot attacks worldwide—a problem expected to get much worse very soon.

Grading Risk on a Curve

With the back-to-school season now in full swing—and with the all-important holiday shopping season just around the corner—many retailers are finding themselves racing to put advanced anti-fraud solutions in place.

The problem is that traditional user verification systems that rely on usernames and passwords are defenseless against a fraudster using legitimate, albeit stolen, credentials. As a result, a growing number of retailers are turning to digital identity-based authentication.

Instead of relying on logins, these systems continuously assess user locations, personas, behaviors and intent across hundreds of dynamic identity elements that cannot be stolen or hijacked—and then cross-reference this data with anonymized, crowdsourced global threat intelligence to score the risk associated with each user and transaction in real time.

Legitimate users get the frictionless experience today’s retail consumers demand. And fraudsters are instantly stopped at the door—even if they’re using legitimate login credentials.

According to a retailer with 160 stores spanning 100 countries, digital identity-based user verification helped it dramatically reduce fraudulent transactions, especially for high-risk items such as gift cards—leading to increased profitability. And a global retailer hit with 1 million bot-based login attempts per day used these technologies to successfully block more than 90 percent of all bot traffic.

Let’s hope that, someday soon, digital identity-based systems cause cybercriminals to be expelled from back-to-school season.

Alisdair Faulkner

Alisdair Faulkner

Chief Products Officer, ThreatMetrix

close btn