Black Friday shopping hassles drive customers to shop online and avoid the hassles. What merchants can do to protect themselves from online fraud.
Your arms are heavy as you bustle your way down the aisle towards the checkout. You’re carrying what you came for: a 40” Full HD LED TV. It digs into your arms as you squeeze through the crowd. Where does this line start anyway? After three hours of waiting in line, two minor altercations with fellow Black Friday shoppers, and a mild bruise later, you are through the door with your shiny new TV. Phewph! That was rough!
Some have made efforts to give the “Black” within Black Friday a positive spin by associating the “black” portion with profit (accountants use black to signify profit and red to signify loss). But most people aren’t fooled out of understanding that Black Friday was originally named this way because of the violence and traffic accidents associated with the shopping mania day. It’s not surprising that many consumers are opting for the safety and security of shopping in their PJ’s! Statistics show that Cyber Monday has begun to eclipse Black Friday in sales.
Cyber Monday hit a $3.07 billion sales record in 2015 versus $2.74 billion in US sales on Black Friday in the same year. Consumers are understanding that shopping in their pyjamas is a superior alternative to the hustle it takes to get they’re sought after holiday gifts in the store. Why waste your time and comfort going to a brick-and-mortar when you have the convenience of the click of a button literally at your fingertips? DealNews.com found in 2015 that 70% of Black Friday door busters were available, at least briefly, on the store’s website. Major retailers as focusing more and more on e-commerce, including Macy’s this year announcing their plans to close 15% of their store base. Needless to say, things are trending towards the e-commerce world and we’d better get used to it.
However, as we mentioned in our previous Cyber Monday post, during high-volume shopping events like Black Friday and Cyber Monday, retailers will lower their threshold for declines making Cyber Monday an ideal time for fraudsters to attack. Also, it is more difficult for companies to identify automated botnet attacks when there is an unusually high and unpredictable amount of traffic coming through during these shopping-frenzy days.
So here’s some tips to our merchant friends on this high traffic holiday:
Keep your customers out of the in-store pandemonium and safe behind their screens! E-tailers that use behavioral analytics and passive biometrics, and therefore know their genuine good users, have the option to give them an added discount or consider a smoother green authentication path to allow for a seamless customer experience.
Layer up, winter is coming
As mobile transactions continue to gain market share, cybercriminals will develop sophisticated strategies to target iOS and Android software for personal gain. Retailers accepting mobile transactions must have layered, preventative measures in place to differentiate between authentic and fraudulent transactions and protect against cybercrime.
Go in knowing what your system can handle and be prepared for contingencies.
E-tailers, you still have time to audit your website security in advance of next Monday to test for load, security loopholes and account protection.
Expect that stolen account credentials will be used or have been used to create new accounts in preparation for the best deals.
After the unprecedented slew of data breaches we saw this year, we can expect that fraudsters will use the chaos of Cyber Monday to mask their fraudulent activities online with the credentials stolen from these breaches. Look for unusual and anomalous traffic hidden with high volumes such as unusually high purchasing volumes or dollar amounts, multiple logins to the same account from different IP’s, new account creation with unusually high purchases, high volumes of account testing (failed login attempts) across multiple device ID’s.
Watch out for aged online accounts that have sat dormant and suddenly become active.
Cybercriminals are patient. They create accounts that sit dormant waiting for the perfect time to strike. It is more likely than not that they have been planning this day for months. Look for anomalies such as dormant account activation combined with unusually high purchasing volumes or dollar amounts, multiple logins to the same account from different IP’s, dormant account profile changes combined with payment and address changes within close time and session proximity, plus other suspicious activity patterns.
By looking across the entire account for user behavioral patterns, NuDetect learns how good and bad users typically behave and enables our clients to take appropriate actions from this intelligence. Combining this data from our intelligence network, NuData’s Trust Consortium, we can provide an even deeper understanding of how users behave for a very accurate assessment of user risk.
Don’t overlook gift cards
If you notice gift card guessing or gift card testing, this is a sign of fraudulent activity. Treat gift cards in the same way you would any other payment method.