By Doriel Abrahams, Head of U.S. Analytics, Forter
‘Tis the season for holiday shopping, and with it, a surge in e-commerce transactions. While this festive time of year presents a big opportunity for retailers, it is also rife with fraudsters hoping to catch them off guard.
From new, sophisticated scams to variations on tried-and-true tactics, cybercriminals are hard at work devising ways to take advantage of eager shoppers and their spike in online activity.
Here are five trends online merchants need to watch out for to keep their business – and their customers – safe this holiday season.
1. Rise in Amateur Actors
In a case of good shoppers turned bad, a growing number of customers formerly recognized as legitimate are going rogue. Within Forter’s own network, we’ve seen a 35% increase in fraud committed by non-professional fraudsters, particularly in North America.
Unlike specialized cybercriminals who run well-organized operations like a business, these are everyday consumers who turn to fraud as an additional source of income. They are more likely than professional fraudsters to target items on the average shopper’s holiday wish list such as cell phones, gaming consoles and luxury goods.
Their activities are not to be confused with friendly fraud aka policy abuse, but are rather standard credit card fraud using stolen card data. What usually gives amateurs away is their lack of technical savvy. They often use their own devices and resort to simple obfuscation strategies like a VPN.
2. Increase in Couponing
Given the current state of economic uncertainty, consumers globally, and especially in the U.S., are being extra scrupulous about how they spend and using more coupons. In the past, coupon use remained fairly steady from one season to the next, but this year, we’re already seeing a double-digit increase in coupon usage of about 11%.
Fraudsters who are in on this buying trend are craftily using coupons to make their personas look more legitimate and trustworthy. For this reason, merchants can’t let their guard down just because a customer comes with coupons.
Even good customers are giving way to different forms of coupon abuse. They try rigging the system by reusing or stacking coupons, sometimes setting up multiple accounts to get more than what’s allowed. Merchants need to ensure they have clear policies on applying coupons and that their systems are configured to enforce those rules.
3. Gift Card Growth
Gift cards are on the wish lists of holiday shoppers and fraudsters, alike. They make a practical present for friends and loved ones. And fraudsters like them because they’re anonymous, easy to resell and can be used as part of a chain of fraudulent activity.
Traditionally, gift card purchases spike during certain periods of the shopping season, notably during Black Friday and Cyber Monday and again in mid-December. The ultimate peak comes on Christmas Eve when gift card purchases are six to seven times greater than on November 1.
This year is different with fraudsters getting in on the act much earlier. They’ve already started doubling down on gift card attacks since late October and are exploiting where they have found vulnerabilities, which are retailers more so than gift card-specific merchants.
4. Creative Address Manipulation
Fraudsters are always looking for new ways to circumvent security measures, including address verification services (AVS) that merchants use to catch credit card fraud. After all, just like good customers, bad actors have to provide a shipping address in order to receive merchandise.
During the busy season, criminals are employing rather low-tech ways to skillfully trick AVS, such as writing “one” instead of the numeral “1” since AVS only checks numbers and not words.
Another maneuver is writing the address in the name field and “see name” in the address field. This makes the address discernable to the mail courier without getting flagged by the AVS or other detection systems.
Similarly, adding an innocuous element to a shipping address prevents machines from noticing that the same address has been used multiple times, while still enabling the courier to deliver the package.
5. More Bot Attacks
More is anything but merrier when it comes to malicious bots, yet vertical industries across the board, including those that haven’t typically been targeted, are seeing a major uptick in attacks. These attacks are generally large, professional operations utilizing sophisticated technology at extreme volumes.
When a site’s traffic is heavy, bots find it easier to fly under the radar. And while they’re known for targeting checkout, bot attacks are increasingly infiltrating other points along the customer journey, including account creation and login.
Forter’s data shows that apparel and footwear merchants that offer limited stock drops or flash sales are particularly vulnerable, facing five to six times more bot attacks than merchants that don’t engage in similar marketing tactics.
As more transactions are conducted online, fraud attempts are also expected to increase this holiday season, making it a stressful time for e-commerce merchants. By understanding the evolving threats to their bottom line and taking proactive steps to thwart them, companies will help keep their business protected not only during the holidays but every day of the year.
