February 16, 2018
February 15, 2018
February 12, 2018
Posted November 13, 2017
New data from the latest ThreatMetrix Cybercrime Report has online retailers bracing for what’s shaping up to be either the jolliest of holiday seasons—or the Nightmare before Christmas.
Retailers enter the season quite bullish. Holiday e-commerce spending in the U.S. is expected to top $100 billion for the first time ever. That’s a 14-percent increase from 2016, according to Adobe Analytics. Cyber Monday alone could surge 16.5 percent to $6.6 billion in online revenue.
According to Deloitte, 55 percent of consumers plan to shop online, mostly hunting for steep discounts and free shipping. Yet for all the good cheer, the season comes amid troubling developments, including a massive data breach at a major U.S. credit bureau that compromised identity files on 143 million Americans. The sobering reality is that a breach of this magnitude makes it easier than ever for cybercriminals to highjack consumer accounts and make illegal purchases.
Indeed, according to the new Q3 2017 Cybercrime Report from ThreatMetrix, the third quarter saw a record 171 million cyberattacks worldwide. That’s a staggering 32-percent increase from just the beginning of the year. The report, which covers attacks detected within the ThreatMetrix Digital Identity Network from July through September, is considered a reliable barometer for global cybercrime trends.
And its predictions for Holiday 2017 is a mix of the good, the bad, and the just plain “Bah humbug.” Here’s a look at five key predictions for retailers around the world.
Despite the fact that retailers increasingly entice shoppers with year-long promotional schedules, seasonality is still the name of the game. And the fourth quarter is still the Super Bowl of retailing. ThreatMetrix is projecting record transaction peaks throughout the season, with significant spikes during key shopping days — especially Cyber Monday and Christmas Eve.
Of course, as transaction volume increases, so do fraudulent purchases. In 2016, illegal transactions and chargebacks grew 31 percent during the holidays. The cost to merchants totaled 7.5 percent of their annual revenue.
ThreatMetrix also anticipates sustained high volumes of bot attacks as more leaked identity data becomes available to cyberthieves on the dark web. Indeed, some attack peaks will see more than 90 percent of retailers’ web traffic coming from automated bots testing identity credentials.
In Q3, mobile transactions overtook the desktop for the first time ever, and now account for 52 percent of all online transactions. That’s a 260-percent increase from Q3 2016.
This holiday season, two-thirds of all online purchases are still expected to originate from desktop computers. But mobile appears to be the starting point for most shoppers, accounting for up to 54 percent of retail web traffic. And the channel is now home to roughly 33 percent of all online purchases.
But for retailers, the mobile revolution isn’t risk-free. With a growing number of consumers opening and managing accounts on their mobile devices, more of them are saving credit card information to retailer sites and apps, making them tempting targets for cybercriminals wielding stolen login credentials.
Just as with holiday seasons 2014 through 2016, the bulk of online holiday shopping will come from return customers. With transaction volumes at unprecedented levels, the ability to recognize those customers and streamline their digital experience is increasingly important.
The problem is that traditional user authentication systems can’t even tell a trusted customer from a criminal using legitimate login credentials. Faced with unrelenting fraud, it’s no wonder a growing number of online retailers are gravitating to technologies, such as ThreatMetrix ID. This unique digital identifier marries anonymized offline and online data to passively assign a unique identifier to 1.4 billion consumers within the ThreatMetrix Digital Identity Network.
By leveraging real-time and historical device and behavioral data, ThreatMetrix ID provides an anonymized identifier at the point of each transaction, along with a dynamic confidence score to confirm the user’s identity and the risk associated with a transaction.
Retailers can now quickly recognize new and returning customers—even on different devices—and facilitate frictionless, fraud-free transactions with confidence. Fraudsters are blocked at the front door, even if they’re using legitimate credentials. Retailers can also extend their reach into new markets by accepting more cross-border payments, even from regions considered high-risk.
Meanwhile, the adoption of same-day shipping for physical items is enabling last-minute, and presumably desperate shoppers, who tend to spend a bit more.
As you might expect, the fraud risks can be enormous, as crooks wielding stolen credit cards can wreak havoc with little lag time for retailers to catch on. The most targeted segment for online purchases overall is cosmetics and perfume, which saw fraud rates skyrocket 171.9 percent in October.
And then there are those ultimate stocking stuffers — gift cards, often for digital movies and music, online subscriptions and other virtual goods that can be purchased, delivered and consumed on-demand.
Alternately revered and reviled by consumers, the appeal for retailers is obvious. Gift card recipients overwhelmingly spend more than the monetary value of the card, leading to higher revenue. In recent years, this has even opened up a large online market for gift card trading.
Of course, this doesn’t go unnoticed by cybercriminals, who can quickly monetize stolen, counterfeit and fraudulent gift cards by selling them for cash at online auction sites and other venues. If Holiday 2016 was any indication, expect such online marketplaces to face several sustained spikes in rejected transactions as fraudsters use bots in their attempts hack into user accounts.
All of this is going to make for a very interesting holiday season.
To learn more, listen to our podcast about The Digital Transformation of Holiday Shopping. And to get a full read on the threat landscape heading into the holidays and insights on how to protect your business, download the Q3 2017 Cybercrime Report.