Retail security: Prepare to spoil the criminal's fraud spree this Black Friday

News by Natasha Abramson

Retailers face a two-fold threat: the pressure is high, the volume of visitors may cause personnel to miss signs of potential fraud, plus cyber-criminals conduct disruption attacks as well as extortion attempts.

This year online sales on Black Friday/Cyber Monday are estimated to reach  £10.4 billion in the UK  as shoppers rush to get the best deals online creating a tempting target for cyber-hackers and a headache for retailers.

Retail fraud attempts are projected to increase 14 percent during Cyber Weekend compared to last year, according to benchmark data from online payment provider ACI Worldwide based on hundreds of millions of merchant transactions. The fraud activity is likely to peak on Thanksgiving Day, according to ACI. The average value of an attempted fraud transaction is projected to increase three percent from £185 to £190, ACI said. 

According to research from Paysafe nine percent of purchases are abandonded at the checkout, which  28 percent of merchants believe reflects successful fraud checks; 33 percent say these abandoned transactions have a major impact on business.

Oscar Nieboer, CMO Paysafe notes that whether the abandonment is due to fraud checks or not cannot be known as there are a multitude of reasons as to why purchases are abandoned. Nevertheless, the warning bells have sounded and hackers will use Black Friday and Cyber Monday to gain everything they can. The pressure of traffic can be so high that it can cause personnel to miss signs of stolen credentials, identities and so on.

So what can merchants do to protect their consumers? RSA, in its latest fraud report  provides the following tips for retailers:

Be mindful of the links that take your customers to your website, embedded links can catch even the most saviest of consumers out by taking them to an illegitimate site that look very similar to the original website. Another con to be aware of is the seeding of  false information throughout legitimate web pages, social media, forums, and comment sections you unknowingly build trust for your consumer that the fraud perpetrators can hijack.

Another way to reassure your consumers is to protect your url with HTTPS. That way consumers will know if they are on the legitimate website or not. It is worth bearing these simple measures in mind as a successful hack can not only damage the merchants profits but also  their reputation to their customers.

It is essential to remind  your customers to stay extra vigilant during the bargain season, keep track of their credit card records, banking records and only purchase goods from acceptable and well-known retailers and brands.

Jens Monrad, principal security analyst at FireEye emailed SC Media UK to explain how, as a result, retailers face a two-fold threat:

"From a physical store perspective, the pressure is high, where the volume of visitors may cause personnel to miss signs of potential fraud, for example with stolen credentials, identities and so on.

"From a cyber point of view, we have previously observed cyber-criminals conduct disruption attacks as well as extortion attempts with ransomware, with the hope that the retailers might be more willing to pay extortion money since it is one of the most important events of the year for the retail industry and they will want to minimise downtime."

Monrad adds that besides being targeted directly by cyber-criminals, retailers are often used as a means of money laundering, as the actors purchase gift cards from retailers using illicitly obtained funds and then resell those gift cards for a profit in other marketplaces or use them to buy goods from the retailers and then resell the fraudulently obtained goods.

In an email to SC Media UK Ryan Wilk, VP at NuData Security, a Mastercard Company adds: "With the largest retail day of the year happening on Black Friday, there is more opportunity than ever for criminals to blend in amongst legitimate transactions, making off with goods, customer details or stolen funds before anyone has noticed. Organisations need to be aware of this, and make sure that their account security corresponds to the heightened threats by engaging with more robust access protocols, such as two factor authentication and passive biometric solutions."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews