December 5, 2018
Top 3 Fraud Trends Retailers Can Expect this Holiday Shopping Season
Posted November 19, 2018
As much of the United States starts winding down for the Thanksgiving festivities this week, the global retail market is ramping up for its most intense period of the year. As the Black Friday and Cyber Monday phenomenon sweeps across the globe, no-one will be feeling the pressure quite like the fraud and identity management teams who are at the coalface of the holiday shopping period.
Every year sales expectations in the US and beyond grow and grow; but unfortunately, fraud attack rates rise right along with them! Last year, we clearly saw the effect of the holiday shopping period on fraud attack rates. Check out our Identity Abuse Index from 2017 – there is a very noticeable spike in attacks in November and December which was directly tied to the holiday shopping period.
2017 ThreatMetrix Identity Abuse Index
According to new projections from eMarketer, ecommerce sales will grow 16.6% compared to holiday 2017—translating into a record $124 billion in revenues. Nearly 20% of those transactions will be made during the five-day stretch from Thanksgiving through Cyber Monday, which could see sales surge 17.6% over 2017 totals. Mobile will figure prominently in all of this, of course—driving 68% of traffic and 46% of total online sales.
Despite its dominance, all that money’s not just going to Amazon, either. Retailers with both online and physical-world operations are expected to see conversion rates that are 28% higher than those that are exclusively digital.
But who else is expected to make out like bandits this holiday season? Actual bandits—aka cybercriminals. Fueled by stolen identity credentials, fraudulent transaction volumes grew at a much faster pace than overall sales last year. According to data from the ThreatMetrix 2017 Holiday Shopping Report in the last quarter of 2017 the number of eCommerce transactions rejected as fraudulent rose 173% year over year.
3 Ways the Grinch will Steal Christmas
Without a doubt, the ease with which cybercriminals are able to leverage stolen identity credentials to open up counterfeit accounts, hijack existing accounts, make illegal purchases, or fraudulently open lines of credit is astonishing. According to PYMNTS.com, nearly one-third of US consumers had their personal identity information compromised during the last year.
Compounding the problem: Merchants struggling to verify and assess the identity of the individual on the other end of a transaction also face the challenge of consumer expectations for a fast, seamless shopping experience. Nearly 50% of consumers will bail on a transaction after just 10 seconds of added friction.
With the threat surface growing ever more expansive as merchants enhance their digital operations, businesses will need to be vigilant against three identity-driven trends expected to cause more than a little holiday heartburn this year.
#1 Credential Stuffing ATOs
Account takeovers (ATOs) are expected to rank among the top fraud threats this year, after spiking 31% in 2017. The twist this holiday season: A wave of credential stuffing bot attacks using stolen credentials to hack into accounts en masse.
Last year, over the 5 peak shopping days encompassing Thanksgiving and Cyber Monday, our own data showed a huge spike in bot attacks. 2 million attacks were launched from Russia alone over these days, primarily targeting US retailers.
Expect an even more intense digital onslaught this season. As it stands now, 50% of merchants in a recent study reported falling victim to cyberattacks in the past year—up from just 19% from the year prior.
#2 Payment Fraud
This perennial problem will be especially painful. Here, there’s no ATO required—just a stolen credit card number. As I mentioned, merchants selling digital goods will once again be the hardest hit. But the largest increases in attacks are likely to be seen by retailers selling electronics and jewelry. The risks are more than direct loss of merchandise. Chargeback fees topped $19.4 billion last holiday season—or roughly two-thirds of the total $31 billion in total costs from chargebacks all year. And then there are false positives, in which merchants block a legitimate transaction for fear that it’s fraudulent. This year, that could add up to $118 billion in preventable losses.
#3 BOPIS Scams
“Buy Online, Pickup in Store” (BOPIS) continues to be a hit with both consumers and retailers. As Fierce Retail reports, 44% of retailers with more than $100 million in annual revenue view BOPIS as nothing less than a competitive imperative. But over the last year, merchants report seeing BOPIS fraud jump as much as 250%. Here, fraudsters place guest purchases and enter the identity information for an accomplice who’ll do the pickup. The problem? According to Multichannel Merchant, most retailers today use separate, siloed systems for internal and online purchases, which limits their ability to verify customer identities and pinpoint fraudulent orders.
Shopping for Solutions
To fight back against these and other trends, merchants will obviously seek to prevent fraudulent purchases from happening in the first place—without increasing friction or false positives.
To that end, merchants may deploy modern, digital identity-based solutions that use machine learning technologies that go beyond static credentials to analyze users’ identity information, devices, locations, past transactions and real-time behaviors, in search of anomalies and mismatches that may signal fraud.
But to be effective against all three of these trends, retailers would need to be able to spot fraudsters the first time they attempt to log in to an existing account, set up a new account, or make a purchase. Look for platforms that support 3DS 2.0, which enables frictionless transactions by connecting the dots between user, the merchant, and the payments issuer to prove especially compelling on the payments front.
But fair warning: To be fast and effective, solutions will need to bust siloes throughout the customer journey, and across both eCommerce and in-store systems. Proprietary data alone won’t be enough. Instead, look for sector leaders to invest in solutions that give them access to vast, digital identity networks that combine dynamic, online and offline identity intelligence from thousands of trusted businesses in numerous industries, along with tens of billions of public records worldwide.
Not to put too fine a point on it, but with $1,002 trillion in play from November 1 through December 31, the stakes are sky high. Whatever technology decisions they ultimately make, it could all spell the difference between the merchants singing, “Joy to the World,” and those grumbling, “Bah Humbug.”
Read in more detail about fraud and payment trends over this key period in our ThreatMetrix 2017 Holiday Shopping Report.