Online Holiday Shopping Fraud: What Retailers Need to Know

0
195
Online Holiday Shopping Fraud: What Retailers Need to Know

Opinions expressed by Entrepreneur contributors are their own.

The final months of the calendar are huge for any retailer. Last year alone, Black Friday, Cyber ​​Monday and Christmas sales combined reached nearly $937 billion in the US.

It’s also typically the time when retailers see a spike in fraud, with an 82% higher rate of daily attempts over the long weekend between Thanksgiving and Cyber ​​Monday last year. However, experts say retailers should be particularly prepared for this holiday season as many factors have contributed to making this time even more favorable for fraudsters.

Firstly, the combination of rising inflation and forecasts of a recession in the next 12 months means consumers with increasingly tight budgets are more likely to fall victim to bad “deals”. Second, recent technologies such as generative AI make it possible to carry out fraud on a much larger scale than ever before.

Finally, fraudsters actually seem to thrive on crime because they are rarely held accountable for their crimes. New regulations in the US hold merchants and banks accountable for fraudulent transactions, while those behind them typically go unpunished. In general, banks are more likely to be liable when the fraud involves an actual card, and merchants are more likely to bear the costs of card-not-present transactions when only the card’s details are needed, such as: B. for online payments.

Here are four types of online scams that retailers should be on the lookout for this holiday season.

Related: How to Turn Your Business’ Website Into a Real Money-Maker This Holiday Season

1. Malicious generative AI

AI is being used to drive fraud. Tools like WormGPT and FraudGPT are now available for free on the Dark Web and are being used for malicious purposes. FraudGPT can create very believable phishing scams and can also spread viruses and malware from websites that look like trustworthy retail sites but are actually fake. WormGPT may use data from chats to impersonate customer service representatives/trusted retail brands to trick consumers into providing sensitive information (e.g. their credit card details), also create fake products on online marketplaces, generate fake coupons and promotions that appear legitimate and create fake online reviews.

Email security company SlashNext conducted an experiment in which WormGPT was asked to generate an email that would pressure an unsuspecting customer service representative into paying a fake invoice. According to the researchers, WormGPT’s email was not only remarkably convincing, but also strategic and clever, demonstrating its potential for sophisticated phishing attacks.

What can traders do?

To defend against this latest threat, retailers should ensure all cybersecurity training for their business, such as: Some programs, such as awareness programs, are continually updated to reflect the latest fraud warning signs. This includes things like language that suggests urgency.

2. Website spoofing

Another type of online fraud that merchants should be aware of is website spoofing or branding with the intent to launch phishing attempts to carry out online fraud. Cybercriminals replicate a company website with an identical frontend to the original and a barely changed domain name, so users are unlikely to realize that the website is fake and therefore trust it with their personal information. More than 4.7 million phishing attacks took place in 2022.

As long as the impersonated website is active, it harms the brand financially and tarnishes its reputation, leading to customer churn. Memcyco’s Ran Arad calls this critical time the “window of disclosure”: the time between when Threat Intelligence Solutions detects a fake website and its eventual removal. In Arad’s words: “During this critical time, unsuspecting customers can easily be lured to the fake website, resulting in potential financial losses, data breaches and exposure of personal identities. What is worrying is that many businesses currently lack the insight to determine how many of their customers are falling victim to fraud during this vulnerable window of opportunity.”

With the help of technology, brands can take down these fake websites. However, the process can take too long to prevent customers from being scammed out of their money.

What can traders do?

Instead, merchants should implement website fraud detection solutions that can detect fraud attempts in real-time. This keeps the extent of damage and disclosure of customer data as low as possible.

Related: Retailers will be breaking discount records this holiday season – but you’ll have to shop right to take advantage

3. Gift card scams

With gift card sales expected to reach $2 trillion by 2030, gift card fraud is also expected to increase – especially around December. Although there is an annual increase in gift card purchases in mid-December, an incredible six to seven times more gift card sales occur on Christmas Eve.

Gift card fraud occurs when fraudsters steal a user’s credit card information and then use it to purchase a gift card. This type of scam is effective because it leaves little trace for victims: scammers can use stolen gift cards to make purchases without needing ID. It is almost impossible for consumers to get this money back.

What can traders do?

Merchants can attempt to prevent gift card fraud by limiting the ability to make large or repeat gift card purchases. Additionally, an internal system for tracking individual gift cards helps prevent fraudsters from taking advantage.

4. Bot attacks/account takeover

Account takeover is an old threat in retail, but with the rise of e-commerce fraud rings it has taken on a new twist. Malicious actors use malicious bots to enable credential stuffing and brute force attacks because the automation can quickly iterate through potential credentials until they are successful. These attacks have the potential to lock out retail customers from their accounts, provide fraudsters with sensitive information, contribute to lost revenue for businesses, and increase the risk of non-compliance.

With bot attacks on e-commerce sites increasing by 71% in 2022, retailers are finding themselves in a bind. On the one hand, it is becoming increasingly difficult for retailers to protect user accounts. At the same time, failure to do so can harm their business through fraudulent transactions, payment fraud, user distrust, and a negative impact on their brand reputation.

The sophistication of these cybercriminals and criminal gangs is increasing rapidly, posing a significant threat to retailers. Ping Li, VP of Risk and Chargeback Operations at Signifyd, highlights that automated attacks on their commerce network increased by 146% at some point in 2020 “We’ve seen fraud rings unleash bots for everything from credential stuffing to account break-ins, to quick fraud attacks, to quickly buying up inventory of hot products for resale.”

What can traders do?

Merchants should invest in technology that detects the latest fraud tactics. Many of these tools use machine learning and artificial intelligence to combat bot attacks by malicious actors.

Related: What Every Small Business Needs to Know About Friendly Fraud

Increase the protection of your business this holiday season

As retailers prepare for a spike in fraud during the holidays, increased vigilance is essential for many reasons. During these times of economic uncertainty, merchants must take additional protective measures, especially since they are now responsible for compensating victims of successful fraud attempts.

Fraudsters also exploit new and emerging technologies. Internal policies, including cybersecurity training and awareness, can provide increased protection. However, the first line of defense for brands today should be fraud detection technology, which detects fraud attempts in real-time across multiple attack vectors, including websites.