Posted on Nov 25, 2019
The holiday shopping is right around the corner, but unfortunately Black Friday isn’t just an opportunity for shoppers and retailers — it’s also an opportunity for cyber criminals.
According to ACI Worldwide, fraud attempts by bad actors increased during both the 2018 and the 2017 holiday season, while Experian found that online identity theft tends to happen more during the holiday shopping season. It may be the perfect time for cybercrime; the high volume of transactions — both online and in person — makes it easy for bad actors to swoop in and take advantage of both shoppers and sellers.
What are some of the biggest risks holiday retailers and shoppers face this year? Below are a few of the most common threats.
On November 11, China observed Singles Day, a day that’s meant to celebrate single people, but also functions as the biggest sales event in the world. Case in point: China’s online megaretailer Alibaba did a record-breaking $38 billion in sales this year.
All that online business, however, means there’s plenty of online fraud as well. Phishing and spoofing scams are on the rise. The phishers often come out in force on Singles Day, building sites and apps that look just like online retailers and collecting the funds when unwary shoppers mistake them for the real thing. One year, more than 5,000 phishing sites were found on Singles Day, according to China’s state media. Last year, bad actors moved on to apps — almost 4,000 fake shopping apps were downloaded to more than 300,000 mobile devices in China.
Most shoppers are doing a lot of business online during the holiday season — they’re in a rush, they’re making more purchases than usual, and they’re more likely to make mistakes. That’s what cyber criminals are hoping for. It’s the same for retailers, who are doing more business than usual.
Experian found that nearly half of all shoppers plan to do their holiday shopping online, using both computers and mobile devices. That puts them at risk of theft; 43% of people who’ve had their identity stolen through online shopping, say it happened during the holiday season, says Experian.
There was a new fraud trend last year. During the 2018 holiday season retailers saw a 13% increase in BOPIS, or “buy online, pick up in store,” fraud attempts, according to ACI Worldwide.
This means criminals were showing up to collect other people’s shopping and while that sort of theft isn’t great, it points toward some good news: credit cards are getting harder to hack, so criminals are stealing other purchase information instead — like name and location — showing up in person to pick up someone else’s purchases.
Fraud can also happen when shoppers aren’t picking up purchases at the store. Rerouting scams happen when criminals steal consumer information, and then that information to contact a merchant or a shipper with a new address.
While a merchant might catch a suspicious address change, a shipping partner is a third party (and also very busy), and may not. The merchant will be none the wiser until they get a chargeback from the customer.
This sort of fraud often happens during the holidays because merchants who might otherwise be vigilant might not notice suspicious shipping activity when they’re rushing to fill orders. For example, in 2016, on the last day for express shipping during the holiday season, there was a spike in fraudulent orders because bad actors knew retailers would be frantically busy.
During the holiday season, merchants need additional help. They rely on their vendors and partners, which range from point-of-sale systems, to shipping partners to the software that help them do business. If any of those partners are targeted, that can be a huge problem for a retailer of any size.
Third parties hold important shopper data, from payment information to addresses. Trustwave’s 2018 Global Security Report showed that the retail industry suffered more data breach incidents in 2017 than any other sector. The reason? Retail organizations often relies on third-party services, and those services are getting breached.
There are plenty of steps both shoppers and retailers can take to reduce fraud this season. Smart shoppers should think critically about the store addresses they’re visiting and the apps they’re downloading, for example.
Retailers, overwhelmed during the holiday season, should get some cybersecurity help. While managing third parties can seem cumbersome, intelligent automated tools can leverage existing data on cybersecurity risk in order to help online stores manage their third party IT risk. SecurityScorecard’s Security Ratings help identify and prioritize third party cyber risks. Trusted by the world’s leading brands, Security Scorecard can help you strengthen your risk management framework, reduce risks and have a happier, safer holiday shopping season.
Vendor management is the process an organization utilizes to assess and manage a third- or fourth-party vendor. Learn how SecurityScorecard can help.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You can’t manage what you can’t measure. Check out our list of the top 20 cybersecurity KPIs to track in 2021.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.