The fraudsters who stole Christmas: Why online retailers should be braced for attack
The digital acceleration faced by businesses, retailers, financial providers and other organisations in 2020 has been rapid. With retailers entering what will be a critical festive shopping period, starting with Black Friday, ensuring their customer digital journeys are fit-for-purpose to maximise sales is of great importance.
However, the deluge of digital transactions we expect to see in December brings its own risks and challenges, to both businesses and consumers. Fraudsters, whose activity has remained constant throughout the pandemic, will be primed to take advantage and make hay under the camouflage of substantial online activity.
The digital acceleration and fraud
It’s worth highlighting the wider environment in which we’re operating in 2020. The huge increase in volumes for eCommerce this year is remarkable; in countries such as Brazil where the digital marketplace isn’t as well established as other parts of the world, the acceleration has been even more pronounced, with some retailers experiencing a 200% increase in traffic due to the pandemic.
Against this backdrop, 2020 has also seen a significant level of data breaches – estimates put the number of personal pieces of information compromised at around 36 billion. The sheer amount of information now available for sale through the dark web is the main driver in fraudulent activity and one which will be the basis of attacks this Christmas period.
The type of information available to buy; credit card numbers, other payment details, log-in details and personal data all conspire to pose a significant risk to digital retailers. The fact online transactions are carried out with a physical card being presented also adds another layer of ease for those carrying out the attack.
2020 has seen a large increase in ‘account takeover’ attacks and we expect this a trend to continue over the festive period too. Increasingly, retailers require customers to set-up an account, and with consumers often using the same passwords for multiple accounts, giving fraudsters the opportunity to access them when their details are compromised.
Once accessed, those carrying out the attack can use the saved payment details, amend delivery addresses and emails, all without the legitimate customer knowing what’s happening.
Fraud prevention and a frictionless journey
The risk posed to retailers is also heightened by their own prevention systems. Crucial to the online experience is as frictionless journey as possible – recent research from Experian’s Global Insight Report found that consumers are only wiling to wait up to 30 seconds before emptying their basket and taking their custom elsewhere.
At time such as Christmas, where retailers are dealing with a huge number of transactions, they tend to put in place slightly less stringent, amended strategies in order to reflect the different nature of customer purchasing.
For example, the delivery address for a Christmas present could be different to the billing one. Given the sheer volume of transactions, fraud teams are unable to check each one which raises a suspicion. Finding a balance between adding an acceptable level of friction to the customer journey and letting potentially questionable transactions be approved is one which all prevention teams must grapple with.
The situation also plays into the hands of another growing trend. ‘Money mules’ – people who are willing to accept goods bought with stolen details and shipped to an alternative address are able to be successful carry out their plans, as again this looks like typical consumer behaviour amongst the high volume of transactions being completed.
However, It’s not a black and white situation. Consumers also value security and are happy with an experience that feels safe for them, even if they have to provide more information on their first visit. Therefore the balance between a frictionless journey and protection is critical and one which must be found.
Artificial Intelligence and Machine Learning
Retailers and other organisations must remain vigilant and technology can assist. Solutions and services incorporating Machine Learning and Artificial Intelligence can support this objective.
By looking at the results of an application, whether it was fraudulent or not, ML and AI then uses this information to inform its decision making on future applications. The more information it has at its disposal, the higher quality decisions can be made.
Fraud teams are braced for a busy period. But with this support they can ensure that Christmas is a successful time for both retailer and their customers.
This was posted in Bdaily's Members' News section by Eduardo Castro, Head of Identity and Fraud, Experian UK&I .
Enjoy the read? Get Bdaily delivered.
Sign up to receive our popular morning London email for free.