The holiday season is rapidly approaching and now more than ever consumers seek out safe and frictionless mobile shopping experiences. In preparation, merchants are scanning, testing, and optimizing their sites while cyber criminals wait in the shadows.

Analysts expect online payment fraud losses to surpass $22 billion this year. Unfortunately, lack of proper preparation and awareness only increase the likelihood a cyber-criminal will strike a merchant’s site. The only way to properly safeguard your store is to know how these thieves are planning their attacks. Here are the top 3 tactics hackers will use against eCommerce sites in the holidays ahead.

1. Account Takeover

Password protection should be enough to save your login credentials, right? Well, not exactly. Fraudsters won’t let that stop them. The increase in automated credentials, robots, and data breaches are to blame. Even the most complex credentials are being stolen with relative ease. Even worse, you likely won’t see it coming. As a result, analysts predict ATO (account takeover) attacks will exceed the 122% increase in losses seen in 2018.

An account takeover is a common form of identity theft following a date breach, malware, or phishing. Through these tactics, fraudsters gain access to a victim’s credentials, bank or credit card accounts to make unauthorized transactions. 

Last year, the world experienced two of the most high-profile data breaches take place with Facebook and Uber. With Uber, not only did fraudsters have access to the names, email address, and cellphone numbers of 57 million riders… The personal data and driver’s license info from more than 600,000 drivers was also stolen.  Using the same technique, hackers exposed personal information from more than 50 million Facebook users. 

Cybercriminals are not only becoming smarter and more efficient, they often act brazenly, attacking high-profile businesses. With access to phone numbers and emails, there’s no doubt they’re planning to use this information during the holiday season.

2. Phishing

Cyber criminals hide in plain sight, and they’re becoming more aggressive in targeting mobile users. In fact, 48 percent of phishing attacks are on mobile users. With biometric authentication, consumers are becoming more negligent, and giving up their financial information with ease, by allowing easier access to login credentials.

Phishing is another form of identity theft where cyber criminals are using emails and phony websites to steal personal data and information. Cyber criminals are hijacking apps, emails, and posing as legitimate companies all to gain the access they need. During the holiday season 80% of people are falling for the most common holiday phishing attacks such as phony advertisements, shipping invoices, purchase verification, and charities—pretty low right?

In 2013, Target’s data breach affected about 40 million retail card accounts by sending out phony emails to collect personal information and data. 24 hours of negligence cost the company $162 million. 4,000 new mobile phishing sites are created daily, which means smartwatches, tablets, and other wearables are also under attack. Extra security measures must be set in place to protect all ends, especially when consumer’s online payment information is up for grabs.

For extra security measures, here is how you can tell if your email credentials have been compromised.

How to Avoid It

By now, your team should be familiar with what a phishing email looks like. They can be as simple as a fake newsletter from your favorite coffee shop asking you to accept a free coupon, or a FedEx tracking email telling you to accept your package. Others appear as Google Docs links or Microsoft SharePoint links sent to you by someone within your organization.

An easy way to check a link is to hover over it with your mouse. If the URL doesn’t look right or is hundreds of characters long, it could be a phishing email. Make sure your team knows what to look out for and send anything you feel is “phishy” to your IT or security team to review. Lastly, remember clicking a link can download a file that gives hackers access to your system.

 

3. Payment Fraud (Online and Offline)

In the past few years, major banks, and even PayPal began issuing chip-based security on all credit cards. While in-store or ATM attacks are now more challenging for criminals, your online store is still quite vulnerable. So, an increase in online transactions during the holidays makes it easier for hackers to collect consumer payment information. In addition, this info is being stolen through an increase of data breaches, chatbots, synthetic identities, and fake URLs found in Google that mirror your site’s layout.

Payment fraud is committed when cybercriminals gain access to payment and card information to make fraudulent unauthorized transactions. Online payment fraud is the most common, as it is more difficult for a merchant to verify the cardholder’s legitimacy. Chargebacks, counterfeit cards, and money orders with customer’s account information are used to commit online and offline payment fraud.

On the surface, artificial intelligence tools may be attractive additions to your site, but some pose unseen risks. AI- driven chatbots are becoming an industry favorite. As a result, cyber-attacks will keep rising as merchants rely on bots to communicate and personalize customer experiences. Analysts are already predicting fraud loss to reach $61 billion by 2023. Therefore, finding the right solution that focuses on transactional and behavior habits is a strategy that should be adopted in any fraud prevention strategy.

 

Consumer Expectations Drive Opportunity for Fraud

Finding the right strategy for payment and fraud prevention can be challenging. Consumers are demanding more from their retail experience and merchants are thinking with a mobile-first mentality. 41% of US millennials are expected to do their holiday shopping online and merchants are catering to their needs by introducing alternative payment options such as Zelle, PayPal and Cash App.

It’s great to keep your consumer journey in mind but protecting customer information should be a major priority. In the end, more than your revenue is up for grabs, your reputation is on the line. Signifyd, our trusted partner, states that online fraud costs retailers 5.4 percent of revenue on average.

Merchants need to start with an honest evaluation of what fraud really costs your company. This isn’t just the money you lose on fraudulent orders you ship; it also includes all the time your staff puts into screening orders as well as the revenue lost to rejected orders which may have been safe. When you add up all these costs, the price of top fraud prevention solutions starts to look a lot more attractive.

— Oliver Sosinsky, Lead Solutions Engineer, Redstage

Consumers want to check out as soon as possible, and as a result, they will be relying more on automated logins, autofill, and alternative payment options while fraudsters are waiting to attack. Make sure you’re prepared to block fraud in any situation.

 

Properly Safeguarding Your Customers and Business

Fast and frictionless wins the race for sales, but proper security measures can mean more friction for consumers. Protecting consumer privacy MUST be the primary factor in your eCommerce strategy. If merchants are not careful with integrating certain systems to support security, your customers and your bottom line are both potential casualties. Here are 4 ways to block an attack from fraudsters.

• Upgrade your account security with a VETTED ANTI-FRAUD SOLUTION.
• Double up on your password protection and consider two-factor identification.
• Update your customer verification process and payment processing method.
• Monitor, Monitor, Monitor!

 

Final Thoughts

Redstage works with our technology partners to even the battlefield between cyber criminals and site security to mitigate losses. Shoppimon, Signifyd, and Siteimprove are just a few solutions thoroughly vetted by the Redstage team that can save your online store from disaster. Working with these platforms, we designed customizable security and maintenance bundles to suit your specific needs and keep your store safe. Learn more about our security bundle options here, and stay safe this holiday season!