ThreatMetrix Outlines Strategies for E-Retailers to Avoid Adding Trusted Customers to Their Naughty Lists When Preventing Holiday Shopping Threats
Posted August 26, 2014
Retailers Without Real-Time Trust Analytics Must Brace Themselves for the Holiday Shopping Surge
San Jose, CA – August 26, 2014 – ThreatMetrix®, the fastest-growing provider of context-based security and advanced fraud prevention solutions, today announced security strategies for e-retailers to implement in conjunction with this holiday shopping season’s biggest trends. As holiday shopping continues to evolve and spending grows each year, ThreatMetrix recommends e-retailers have a strong security strategy with shared customer intelligence in place prior to this holiday season.
According to the National Retail Federation, total 2013 holiday retail sales – which include November and December – increased 3.8 percent over 2012 to $601.8 billion. If this year’s holiday sales continue to grow at the same rate, retailers will be a prime target for cybercriminals in the 2014 holiday shopping season.
“Holiday shopping keeps coming earlier and earlier each year, with many e-retailers beginning to run holiday sales even before Thanksgiving,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “With less than four weeks between Black Friday and Christmas this year, e-retailers will experience an incredibly high number of transactions in a short period of time – and without the bandwidth to manually inspect every order, there will be a higher reliance on automated solutions. The question is ‘how many good customers get caught in the net this year?’”
In December 2013, retailers and customers alike were shaken by the Target data breach, which exposed credit and debit card information of almost 40 million Target customers during the busiest holiday shopping month. Earlier this month, a Russian crime ring allegedly gained access to 1.2 billion username and password combinations and more than 500 million email addresses. This crime should be of particular concern to e-commerce sites, where this fraud ring can use these masses of stolen credentials during the holiday shopping season to cash in through card-not-present transactions, account takeover and financial fraud. Retailers who do not have the proper security strategies in place prior to this holiday season are putting their businesses and customers at risk.
To help retailers maintain a positive customer experience during the holidays without sacrificing security, ThreatMetrix has outlined several holiday shopping trends retailers will see this season and what each means for their security strategies. These include:
- Increased Mobile Holiday Shopping – Across the ThreatMetrix network during October 2013 through December 2013, mobile traffic accounted for approximately 20 percent of all online sales. This number is expected to be higher this holiday season, meaning retailers need to be prepared for more transactions taking place via mobile and the security risks that will pose to their business. Many retailers will also roll out new mobile apps and possibly rush development to have them ready in time for the holidays, without making security top priority. On top of that, businesses often allow customers to bypass security steps on mobile devices for the sake of convenience, opening the door to cybercriminals. Additionally, if rumors are true and Apple’s iPhone6 comes equipped with an “Apple e-wallet,” brick-and-mortar retailers will also need to be extra cautious of transactions that take place through customers’ phones, as this new card-not-present form of payment will be a hot target for cybercriminals.
- Visa Checkout and Username/Password Transactions – This holiday season, many retailers will implement username and password transactions rather than having customers enter their credit card information at checkout. Visa Checkout, for example, enables customers to check out from registered online retailers simply with their username and password using a secure backend system with contextual information to quickly and easily determine whether the transactions taking place on that account are authentic. However, retailers that opt to set up their own username and password checkout system will see an increase in transactions taking place through that system as opposed to regular checkouts, posing a challenge in accurately identifying friends versus foes in-house. Those retailers should consider enlisting the help of a third-party automated identity and cyber threat intelligence. Retailers with username and password systems should also urge customers not to use the same credentials across multiple sites, especially on sites where sensitive information is stored.
- Deleting Cookies – Unfortunately for online retailers, deleting cookies is no longer cause for increased suspicion around a transaction, as a significant number of shoppers now delete cookies on a monthly basis. With the high volume of orders this holiday season, retailers are looking for reasons to accept an order, rather than slowing the process and creating friction for good users in order to thwart cyber attacks. By leveraging cookieless device identification and a shared global intelligence network, retailers can use good shopper reputation to make sure they are keeping their systems secure without creating any problems for authentic customers.
- EMV and Increased Online Fraud – By October 2015, U.S. merchants must adopt Europay-MasterCard-Visa (EMV) global standard chip card payments systems. Following this deadline, any retailers and banks supporting magnetic stripe cards will be liable for fraud losses as a result. While the goal of EMV is to decrease in-store fraud by getting rid of the antiquated magnetic stripe technology that allows cybercriminals to do things like card skimming to steal information, the increased security measure in-store will likely lead to an increase in online fraud. Although an online fraud increase may not be apparent immediately this holiday season as many merchants have only just begun making the switch to EMV payments systems, e-retailers need to consider their EMV-readiness and put security measures in place ahead of the 2015 deadline.
“While stopping fraud is essential, the primary goal for most retailers this season is maintaining a frictionless user experience for good customers,” said Faulkner. “Retailers need cybersecurity systems in place that are as good at recognizing good customers as they are at stopping fraud, and the best way to do this is through anonymized shared intelligence.”
To help retailers accurately identify good customers while keeping cybercriminals at bay during the holiday shopping season, the ThreatMetrix ™ Global Trust Intelligence Network (The Network) protects against account takeover, card-not-present and fraudulent account registration by processing transactions using shared intelligence that provides predictive analytics to protect online businesses and reduce customer friction.
- Infographic: Data Breach! What Happens Next?
- Press Release: EMV Global Standard Chip Card Adoption Increases Likelihood of Online Fraud
- Press Release: ThreatMetrix Extends Mobile and Web Context-Based Security and Fraud Prevention Innovation with Patent
- Register today for the ThreatMetrix Cybercrime Prevention Summit 2014
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.
© 2014 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the TrustDefender Cybercrime Protection Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.