The Current, delivered daily.
Black Friday and Cyber Monday are the busiest online shopping days of the year. Brands and retailers roll out their best offers, and shoppers are often willing to try out new sites in search of a great deal.
Amid the bustle, the reality is that bad actors are also likely to be scouring for chances to perpetrate fraud through nefarious tactics like bots and fake profiles.
“For a cybercriminal, Black Friday and Cyber Monday present the perfect opportunity to hide in a crowd and defraud customers, as well as online businesses, such as ecommerce brands and retailers,” said Jimmy Fong, chief commercial officer at fraud prevention startup SEON. “Given the commercial nature of these days, merchants inevitably see a heavy increase in transaction volumes, which often leaves customer service and fraud management teams more thinly stretched, leading to less time to manually review orders.”
SEON found a big uptick in this activity in 2021. Here's what an analysis of internal data on ecommerce merchants, online loan providers and iGaming companies showed:
Black Friday saw 26% more transactions when compared to a normal Friday, yet it saw a 57% increase in declined transaction rates, which are indicative of fraud attempts.
The threat level was even higher on Cyber Monday. Last year, there were 19.5% more transactions on that day compared to a normal Monday, but a 100.3% increase in declined transactions.
The company is predicting similar figures this year, and believes more people may turn to online fraud given the darkening economic picture. SEON reviewed more than $300 billion worth of transactions for the period in 2021, and was able to stop more than $6 billion in attempted fraud on behalf of clients.
Fong said the company’s fraud prevention system was built with the specific tactics of modern online fraud in mind.
Attacks can take a variety of forms, and “have simultaneously become increasingly sophisticated and more accessible in recent years,” Fong said.
Some of these exploit vulnerabilities to break into systems.
“In recent times, we’ve really seen a rise in virtual SIM card usage, which has serious implications for the security of online businesses,” Fong said. “These programs make it much simpler to bypass two-factor authentication systems, as well as one-time passwords and therefore facilitate fraud. Moving forward, online businesses need to be more cognizant of this threat and have protocols in place to spot it. The first step in that process is raising awareness around the subject.”
Over the last five years, there has also been a steady rise of organized bot attacks, in which software is deployed that imitates legitimate clicks or purchases, and searches for a way past authentication tools through repetition.
“Bot programs remain expensive to set up, but if built properly they can be a highly effective tool for fraud,” Fong said. “Unfortunately, as fraudsters play a constant game of cat and mouse with fraud-prevention teams, bot programs are evolving to become more complex, agile, and harder to stop, which means greater levels of protection are needed than ever before.”
Fraudsters also pay attention to shopping trends. With the rise of Buy Now, Pay Later, loan fraud saw the biggest increase out of any category of attack in 2021, leading SEON to believe that there will be another uptick this year.
SEON seeks to provide tools to combat these threats, including an industry-agnostic solution that is designed to be accessible in its free plan. It has worked with businesses ranging from Buy Now, Pay Later companies like Mokka to reduce fraud rates by 65% over four months, and supported Shopify merchants in efforts to limit chargeback fraud.
To get prepared, the first step is raising awareness that fraud levels may be elevated among the people who will be running these systems during the holiday shopping season.
“I think on an instinctive level most businesses are preparing for an increase in fraud attempts, but as our research shows, the levels that companies should expect to see are truly staggering,” Fong said. “I’d always recommend that company leaders share this information with the rest of their business, especially with the fraud prevention and customer service teams who will be on the front line of the battle.”
But given those high levels of attempts and the ability to scale attacks through bots, it can also be necessary to explore raising protection levels within the machines that facilitate shopping.
“The volume of transactions that many businesses receive during this period often renders manual processing obsolete,” Fong said. “That’s why I’d recommend any concerned businesses to urgently explore enhancing their existing systems with more comprehensive fraud prevention solutions. There are fraud prevention tools, such as ours, that can be onboarded in a matter of minutes and will start to deliver a return on investment almost immediately.”
Sometimes, investment isn’t needed to get started.
“For example, we’re now able to offer a ‘forever free’ version of our solution to businesses, which could go some way in curtailing the worst excesses of Black Friday and Cyber Monday fraud,” Fong said. “As a company, we’re committed to making fraud prevention accessible to businesses of all sizes, across practically every vertical and this launch allows us to do that. So, my final and most important recommendation would be to onboard an effective fraud prevention tool like this ahead of this busy period.”
More people are expected to shop online this year, with ecommerce projected to outpace overall retail as people jump at deals and convenience. Fraudsters will be just as quick to act when an opportunity grabs their eye.
Trending in Operations
Cybersecurity delivers brand security, writes BlueSnap CEO Ralph Dangelmaier.
There is one lingering element among the sea of sales heading into the new year that could stick around well into 2023: fraudulent bots.
As online shopping continues to grow in popularity, so does the risk of fraud and cyber-attacks. The presence of these bots on retailer websites can threaten the completion of successful, authentic purchases in the buying journey for consumers. For brands themselves, they can lead to increased security risks, poor site performance and incomplete purchase headaches. With more sensitive personal and financial information being shared online, retailers need to ensure that their customer data is protected at all times, which means security in ecommerce payments is more important than ever this year.
In today's digital landscape, constant technological advancements and the significant increase in online activity due to COVID-19 contribute to the rise in cybercrimes and bot threats. The sophistication of cybercriminals and the rise of advanced attacks against protocols like Payment Card Industry Data Security Standard (PCI DSS) compliance have made it imperative for retailers to implement robust security measures in their ecommerce operations. For example, specific bot-powered fraud threats include these disruptive schemes:
- Account takeover: This type of fraud occurs when a bot takes control of the user account, and the activity results in unauthorized transactions and theft of users’ personal information.
- Ad fraud: Bots are used to artificially inflate website traffic or click on online ads, which results in wasted ad spend.
- Carding: A form of card fraud where attackers make many attempts to authorize stolen card credentials.
The root solution to this problem is to protect customer information. So retailers must ensure that their online payment processes are secure and that payment systems are protected against bot activity and other forms of cyber-attacks. As a result, implementing security measures that can quickly detect and prevent fraud has become a top priority.
How to optimize against bot-based fraud
Protecting one’s company from bots and fraud doesn’t have to be a complicated process. In fact, it’s par for the course in today’s tug-of-war between bad actors and cybersecurity systems. It’s important to understand that any business can become a target of a bot attack, but it isn’t a foregone conclusion that bot activity will cripple that company’s ecommerce operations. It is crucial to first be aware of the risks and establish an actionable method to protect themselves.
Implement continuous monitoring for suspicious activity.
Businesses should continuously monitor transactions and suspicious activities while having an incident response plan in place to quickly detect and respond to bot fraud. Implementing fraud detection software programs can analyze customer behavior and transactions in real-time to identify and flag such suspicious activity.
Behavioral analysis is used to track and analyze customer behavior over time, which allows payment orchestration platforms to identify long-term patterns of fraud. This can include tracking customer browsing and purchase history, as well as analyzing repeated customer interactions with a retailer's website. This ultimately helps to quickly identify and prevent fraudulent purchases or account creations.
Prioritize anti-bot technology.
Implementing CAPTCHA, multi-factor authentication, or challenge-response systems to detect and block bots from accessing websites or applications are table stakes at this point. But it should be said that these basic preventative measures can help stop automated scripts from creating fake accounts or gaining access to login credentials to make fraudulent purchases. Simply put: they get the job done.
Additionally, businesses can also use IP blocking and user-agent blocking to cut off known bot IP addresses. Tokenization is another anti-fraud method, in which payment providers tokenize sensitive data such as credit card numbers and replace them with a non-sensitive equivalent called a token. The token is a randomly generated string of characters that has no intrinsic value and is used to reference the original sensitive data. The sensitive data is then stored in a secure, off-site location, separate from the token so data isn’t stolen or compromised during a data breach.
Rely on payment platforms for easier detection.
Payment platform partners usually have robust fraud detection and prevention systems in place and can help businesses use their technology and data to help identify unauthorized transactions. Payment technology itself can be used to assess the risk of a transaction by analyzing data such as a given IP address and device data to then be used to identify potential fraud, including bot activity. By analyzing large amounts of data, these algorithms can quickly identify and flag suspicious activity, such as multiple purchases from the same IP address or abnormal spending patterns.
Implementing 3DS authentication through payment providers also increases the level of security and helps to prevent account takeovers by bots. 3DS authentication works by redirecting customers to their card issuer's website during the checkout process, where they are prompted to enter a one-time code or use biometric authentication to verify their identity. This helps to ensure that the individual making the purchase is the actual cardholder and not a bot using a stolen or compromised card.
The benefits of implementing a secure payment process
We’ve gone through the how, but an equally important component of the equation is the why. Being secure sounds good, but what will a secure payment gateway — which allows retailers to accept credit card and other electronic payments securely and seamlessly — do for a retailer, site visitors, and eventual customers?
Simply put, a secure payment gateway provides encryption and security protocols to protect sensitive customer information, such as credit card numbers, during online transactions. This ensures that customer information is transmitted securely and is not vulnerable to the severe hacking or data breaches mentioned above. Most importantly, this helps to build trust with customers, so they can be confident that their personal and financial information is protected.
Furthermore, a secure payment gateway also allows retailers to accept a wide range of payment options, including credit cards, debit cards, e-checks, and more, which can increase the chances of customers completing a purchase. A streamlined checkout process is probably the most fundamental yet important component when it comes to customer retention. It seems simple to say, but making it easy to check out and increasing the chances of customers completing their purchases reinforces brand security in the customer’s mind, on top of increasing sales for the retailer.
From an internal perspective, a secure payment gateway can also provide retailers with valuable data and analytics. This can include information on customer demographics, purchase history, and more, which can be used to improve the customer experience and optimize marketing and sales strategies.
Security in ecommerce payments is crucial in 2023, as online shopping continues to grow in popularity, as does the risk of bot-related fraud and cyber-attacks. Retailers need to protect customers' sensitive information and their reputation by ensuring secure online payment processes and implementing robust security measures to detect and prevent fraud.
Ralph Dangelmaier is the CEO of BlueSnap, an online payments technology company.