What do you get when you mix a massive surge in e-commerce with impending supply chain shortages and the holiday shopping season? A fraudster’s wish list.
Last year, online holiday shopping was up by more than 23 percent over the previous year as consumers opted to click their way through their shopping lists rather than to brave crowds in the middle of a pandemic. As a result, online holiday purchases hit a record-setting $209 billion in 2020, with much of buying being done by consumers entirely new to online shopping.
So, it should also come as little surprise to learn that — according to one industry analyst — various types of shopping-related fraud also spiked last year by as much as 146 percent.
In other words, now is the time to take stock of the latest cybercrimes and for consumers and billers to identify steps they can take to protect themselves.
Holiday Spending to Reach Historic Highs
Wrapped up in the season of giving, holiday spirit and seemingly a million things to do — the holidays serve as a perfect cocktail to let our guards down.
“Consumers are getting hit with all sorts of offers, typically with a time-sensitive aspect. It fits in with the holidays because everyone is trying to get that sale item before it’s out of stock. That’s when attackers slip right in,” says Dave Row, VP of Security Engineering at BillGO.
Despite the increased fraud and lessened anxiety of returning to brick-and-mortar stores, consumers still expect to do two-thirds of their holiday shopping online this year.
This might explain why the National Retail Federation predicts online sales may reach historic heights this holiday season, ringing in around $1.13 trillion for the year. However, with added supply chain shortages, global trade slowdowns and shipping delays, consumers may find themselves using untested (i.e., less secure) websites searching for the perfect gifts for friends and family.
Projected Online Card Fraud Costs: $8 Billion
Analysts predict online card losses could reach nearly $8 billion by the end of the year (up from about $6 billion in 2019.) So what can consumers and billers do to protect themselves from all the e-crime lurking in the shadows?
For consumers, Row says it pays to be alert. Ecommerce has become more multi-channel savvy, so generally, a deal offered won’t be restricted to one retailer. So, he advises checking multiple channels to determine if an offer is legitimate.
"With added supply chain shortages, global trade slowdowns and shipping delays, consumers may find themselves using untested (i.e., less secure) websites searching for the perfect gifts for friends and family."
Row also recommends consumers use a good anti-virus product. “Something that works in the browser as a last defense to protect from ‘drive-by attacks,’ which are bogus ads that can infect a device without even clicking on it,” says Row.
“Keep an eye on your statements, not just monthly but daily,” he says. “Log in live and look at transactions from today and yesterday. If you do that, chances are you’ll catch any fraudulent activity in time to avoid any further damage. You can also sign up for alerts from your bank or credit card, so you will be notified when purchases have been made.”
Row reminds shoppers that credit cards are still a safe way to pay online because of the built-in consumer protections. However, having a card compromised can be a hassle. Depending on your bank, you may have the option to use a virtual card instead, which is a one-time use card generated for a specific amount. This hides your actual card number, so your card information is never revealed even if you interact with fraudulent content.
For Billers, It Pays to Protect
Consumers aren’t the only ones at risk. The holidays are also a high-volume time for billers, and to keep up with the hustle and bustle of the season, businesses typically offer faster processing and shipping.
As a result, billers may be less likely to carefully check each transaction and keep up with their fraud prevention strategies. But Row cautions that skipping security measures can be a costly misstep.
“Faster payments are a shiny, red target for fraudsters. Therefore, merchants should be diligent in reviewing each rush transaction for signs of fraud,” he says.
It’s in a merchant’s best interest to build in extra security measures for their customers because if the item doesn’t reach the consumer at the end of the day, it’s ultimately their loss. So, he says, it’s up to the billers to educate their customers on the potential risks and common scams to look out for to protect themselves and their customers.
Supply Chains Pose a Larger Risk
Adding to the vulnerabilities this year: the well-publicized supply chain shortages.
Even in normal times, supply chains tend to be the weakest links, says Row. Larger companies partner with a wide variety of businesses to build their supply chains. But some of these may be mom-and-pop shops with leaner teams. “These smaller operations typically have less sophisticated IT and security departments, making them vulnerable to getting phished,” says Row.
“Faster payments are a shiny, red target for fraudsters.
But, he adds, just because a business is large doesn’t exclude it from being at risk. Organizations can’t always control the security measures taken by their supply chain partners.
”Fraud always goes to where the bigger pots of money are,” says Row. Once compromised, he says, fraudsters can pretend to be a business and exploit it up to a larger entity asking to send all future payments to a different ACH bank account or a physical mailing address.
“Now, a lot of attacks are ransomware. Bad actors aren’t just going after these small hits from individual consumers; they want to cripple a business and demand ransomware payments.”
“The holiday season is always a mad scramble, but especially this year with all the supply chain issues we’re seeing,” says Row. In addition, Row offers billers the following tips to help them protect their bottom line:
Additional Fraud-Prevention Tips for Billers
Row also reminds billers...
- Fraudsters will continue to target card-not-present channels and capitalize on any gaps remaining in e-commerce strategies.
- Closely examine any rushed or expedited orders for other signs of fraud.
- Establish a consistent process. When you follow the same process for every transaction, irregularities are more likely to stand out.
- Provide customers with easy ways to protect their accounts, like multi-factor authentication or a token code sent to their phone to verify identification.
Fraud Prevention Tips for Consumers
For consumers, Row suggests the following …
- Be on the lookout for phishing emails and text messages allegedly from FedEx or UPS. Fraudsters know people send and receive a lot of packages during the holidays and the bad guys know they are vulnerable.
- Look closely at delivery notifications and updates before clicking on any links or providing personal information.
- Rethink your passwords. Consider using a password manager to build a solid deterrent to hackers. Let the password manager generate long, complex passwords and never re-use the same passwords at multiple sites.
- Monitor your credit reports. Know how to lock your credit profiles with Experian, Equifax and TransUnion before you are victimized. (You can easily unlock those profiles before applying for new credit. Just remember to re-lock them afterward).
- If you’ve been a victim of fraud or think your personal information may be compromised, you can still lock your credit profiles to prevent fraudsters from taking out new lines of credit in your name.
- Vet unfamiliar websites before shopping. An easy way to do this is to hover over the link and confirm it looks like a legitimate website before clicking on it. Verify that the website shows a tiny lock icon or https in the checkout browser to ensure the transaction is secure.
Most importantly, Row offers this final reminder for staying fraud-free this holiday season: stop, think and take a deep breath. If something seems too good to be true, it probably is.
