E-tailers Can’t Wait for Christmas. ThreatMetrix Cybersecurity Strategies for Holiday Shopping

Posted July 23, 2015

Standard-Header-topliss

E-Commerce Merchants Need a Layered Security Strategy with Shared Threat Intelligence in Place well before Thanksgiving

ThreatMetrix® prevented more than 11.4 million attempted fraudulent transactions during the 2014 holiday shopping season, which was up 4 percent over 2013’s holiday shopping season.

Will EMV Chip have cybercriminals shifting focus to online?

The 2015 holiday shopping season comes right on the heels of the October 1 EMV chip adoption deadline. It’s easier for cybercriminals to copy account numbers and security codes for magnetic stripe cards than for EMV chip cards. Therefore the conventional wisdom is that cybercriminals will turn to other channels to steal information leading to a rise in fraud in the U.S.—both online and via mobile devices.

Stephen Topliss, ThreatMetrix vice president of services and support on preparing for maximum security with the least customer friction

“Generally, as retailers prepare for the holiday season, they tend to put off ramping up fraud prevention until it’s too close to the holidays—this should be done and mitigated in July or August to be prepared as soon as possible and work out any kinks in the cybersecurity system. The ultimate puzzle e-commerce merchants are trying to solve is what kind of effect integrated cybersecurity will have on their revenue, and whether or not the good customers will get caught up in these prevention measures.”

From Prime Day to Singles Day to Black Friday

This year, Amazon Prime launched Prime Day in July claiming to offer better deals than Black Friday. Another big shopping day is Alibaba’s Singles Day, which takes place November 11 each year in China. Singles Day actually surpassed Black Friday in 2014 with more than $9 billion in sales. Obviously, consumers will be thinking about holiday shopping well before the surge kicks off in November. And, if consumers are in a shopping mood, cybercriminals will be in a stealing mode.

Upwardly mobile

During Cyber Week 2014 (Thanksgiving through Cyber Monday), ThreatMetrix found that 39 percent of transactions originated from mobile devices, with 80 percent of those transactions originating from iOS devices. Over the week of Christmas, that shift toward mobile continued, with a peak in mobile transactions taking place on Christmas Day, at about 35 percent. Additionally, iPhones alone drove almost three-quarters of all mobile e-commerce transactions during Christmas Week, up from 65 percent on Cyber Monday.

Topliss on mobile as the unknown factor this holiday season

“As usage increases, retailers need to identify new strategies to mitigate mobile. Although mobile is quickly spreading across the e-commerce space, some retailers are very new to this concept and with this brings the possibility that they’re not aware of the fraud risks associated with mobile shopping. Mobile is the big unknown—the unquantifiable risk factor, and should be seen as a top target in the upcoming holiday season.”

ThreatMetrix tips for keeping a step ahead of cybercriminals

  • Profile existing customer base – Retailers should ask themselves how well they know their customers and their behavior. In doing so, they can leverage rules within their existing fraud systems to identify good transactions as opposed to bad ones so risks can be recognized and mitigated as they arise.
  • Review 2014 holiday season – Holiday shopping in 2014 saw an uptick in e-commerce sales, and with that, greater potential for fraud. Retailers should understand that initial reviews and recommended security strategies from last year don’t necessarily get taken into account right away. Now is the perfect time to look at last year’s practices and use them to prepare for this upcoming holiday season.
  • Create a holiday policy – From a rules point of view, consider defining a policy specific for the holiday season that can be switched out after the season has passed. Make clear the specific components of the holiday policy that can be kept in place the rest of the year. For example, retailers should get a handle on profiling good customers and raise the alert threshold so it’s easier for them to order without their transactions being constantly flagged.
  • Monitor analysis – Retailers should take a moment to think about how they currently monitor and analyze all transactions that come in each day. During the holiday season, transactions will be significantly higher, so retailers should make their fraud analysis as close to real-time as possible, rather than a review a few times a day or week. Retailers should also go beyond viewing each individual event and instead look at trends in particular areas, such as mobile. Identifying trends in real-time enables retailers to take immediate, preventative action if necessary during the holiday season.
  • Tighten up existing anomaly rule – It’s never a bad idea to check for loose nuts and bolts to see what parts of your security platform can be ramped up. Retailers should proactively identify new cybersecurity functionalities released in the past twelve months that can be added to existing portfolios. This might include new types of functionality or new rules that can be built upon to improve performance and prevent fraud.

Topliss on being prepared for a changing online landscape

“When it comes to holiday shopping season, all bets are off—for fraudsters and for businesses alike—so being prepared and staying one step ahead of fraudsters is the best way to avoid a disaster from happening that’ll likely ruin everyone’s holiday cheer. With the ever-changing realm of online fraud, retailers have an advantage when it comes to safety—being prepared and proactive in their fraud prevention efforts can go a long way not only for their customers, but for their businesses as well.”

ThreatMetrix

ThreatMetrix

close btn