E-Retailers Beware: Fraud Attacks Could Hit 50 Million During Holiday Season
Posted November 17, 2016
For e-commerce vendors in many parts of the world, the time between now and Christmas represents the biggest shopping period of the year. Attention will be rightly focused on website performance, ERP systems, the supply chain and other key operational factors to ensure there are no issues which could affect profits. But a word of warning: cybercriminals are also armed and ready to capitalize on the shopping frenzy.
ThreatMetrix is expecting around 50 million cybercrime attacks over the peak holiday week, as fraudsters try to sneak through high value purchases during the rush. It’s time to start planning.
That peak week, which encompasses Black Friday and Cyber Monday, is just the tip of the iceberg. In total in Q4 we expect a 60% increase in fraudulent transactions compared to the last three months of 2015. How can we be so sure? Because the ThreatMetrix Digital Identity Network® verifies more than 20 billion annual transactions supporting 4,000 customers globally – giving us a fantastic vantage point to spot the key trends facing e-retailers this holiday period.
We expect to see transaction peaks for the biggest retailers of up to ten times the daily average on some of the busiest days. Account logins and the use of digital wallets which store payment credentials will account for many of these transactions as shoppers look to make speedy, friction-free purchases. And ThreatMetrix predicts mobile will account for 50% of transactions as consumers enjoy the convenience of using mobiles to get the best deals on the move.
Bots and Brands
The holiday season is especially critical for retailers because the fraudsters will be trying to sneak through higher value transactions, capitalizing on a time when bigger basket sizes are the norm. Attacks are likely to be made mainly on items 70% higher than the average ticket size.
How will they do this? Cybercriminals have a wide array of tools and techniques at their disposal today including device and IP address spoofing technology and automated bots. We’ve seen the use of the latter evolve over the past decade or more. Increasingly they’re used not only to steal credentials but also to validate accounts, and even to imitate legitimate user traffic. Sometimes bot traffic can even exceed legitimate transaction traffic, and we can expect it to get increasingly difficult over the holiday period for retailers to spot the real customers from the scammers.
This is all made possible by the wealth of breached identity data sold on underground forums. Some of this is harvested in huge data-stealing attacks. But there are other ways the cybercriminals can get their hands on shoppers’ information. Just a few days ago, hundreds of fake retail and product apps were discovered in the Apple App Store – some masquerading as big name department stores and brands. Some were loaded with malware to steal personal information while others required the user to enter their payment card details direct, according to reports.
The challenge retailers have – especially during their busiest time of the year – is to combat these sophisticated techniques without introducing extra steps which cause consumers to abandon purchases.
They need to find fraud prevention platforms that take a contextual, global approach to the problem, first stitching together device, identity and location and threat intelligence to create a unique digital identity for each customer. This can then be fed through behavioral analytics and machine learning algorithms to create a real-time, dynamic and friction-free answer to the fast-moving fraud problem facing them today.