Consumers aren’t the only ones with shopping lists this holiday season. Cybercriminals will also be hitting online stores for special deals. During the 2018 holiday shopping season, the average basket value of transactions rejected as fraudulent was 2.7 times higher than the value of legitimate transactions. And 2019 won’t be all that different. Considering cybercrime’s negative effects on customer loyalty and brand reputation, cybersecurity should concern all company personnel, not just executives. Check out the following tips as a starting point to ward off cybercrime.
While you’re here, check out these other retail marketing tips from PostFunnel and Optimove:
Big Data in Retail: How Customer Data Platforms Enhance The User Experience
How Immersive Environments Redefine The Modern Retail Experience
Existing Customers Are STILL More Valuable Than New Ones During The Holidays
Use 3D Secure to Fight Chargeback
Chargeback fraud eats at your profit and may prevent you from accepting credit cards altogether. One smart way to prevent chargeback fraud is by using 3D Secure. This advanced tool enables shoppers to authenticate themselves with a password or pin before completing online purchases. Below are some things to keep in mind when using 3D :
- Choose the Right Partner: Ensure the 3D Secure solution you choose is easily integrated into your eCommerce platform, scalable, and offers mobile optimization.
- Liability Shift: Understand which party is liable for fraudulent chargebacks, the point at which the obligation shifts to the card issuer, and which transactions are covered. Check with issuing banks to familiarize yourself with liability shift terms.
- Educate Customers: Inform customers early in the checkout process that you’re using 3D Secure and that they’ll face extra authentication. Use microcopy to explain the benefits of 3D Secure and any relevant logistics. To boost consumer trust, display the Verified by Visa or MasterCard SecureCode logo on your website.
Look Out for Abnormal Online Behavior
Fraudsters often leave red flags while shopping, and if you spot these behaviors on time, you may be able to prevent them from doing damage. Below are some examples of suspicious behaviors indicating potential fraud:
- Addresses Don’t Match: If the shipping and billing addresses differ, proceed with caution. To detect fraudulent transactions, use an AVS (Address Verification Service) tool. Work with a payment processor that allows you to customize the rules so you can spot fraud without denying legitimate purchases.
- Multiple Orders of the Same Item: Watch out for repetitive orders of the same item in different colors or sizes. Your fraud detection tool should be able to monitor the data involved in each transaction and flag suspicious purchases made in rapid succession.
- Unusually Large Orders: Fraudsters try to buy as much as they can as fast as possible. Doublecheck orders that are significantly higher than your average transaction. To be safe, limit large transactions by specifying minimums and maximums for legitimate purchases.
- Order of Big-Ticket Items: Criminals often go for items with the biggest resale earning potential. Invest in adaptive behavior analytics to identify legitimate customers and to prevent false positives.
Stock Up on Advanced Tools
With cybercriminals today using advanced techniques to launch sophisticated attacks, yesterday’s defense tools aren’t enough to protect you from today’s attacks. Beyond security code and shipping address verification, check out these advanced tools for your anti-fraud arsenal:
- Advanced Identity & Transaction Verification Solutions: Use advanced identity and transaction verification solutions such as rules-based filters, automation, transaction scoring, and real-time transaction tracking to prevent identity theft and reduce the risk of fast fraud.
- Adaptive Behavioral Analytics: To differentiate between actual fraud and activities that appear suspicious but are actually legit, include adaptive behavioral analytics technology in your stack. Your solution should ensure that models and profiles are built and updated based on each customer and merchant profile.
- Artificial Intelligence: Invest in AI-based solutions to respond faster to breaches. 61% of retailers say they couldn’t respond to cyberattacks without AI. To successfully implement AI in your cybersecurity strategy, Capgemini suggests you identify data sources and create data platforms to operationalize AI, train cyber analysts to be AI-ready, and deploy security orchestration, automation, and response to improve security.
Prepare for Account Takeover Fraud
Account takeover (ATO) fraud is a successful attack vector for cybercriminals. Here are three tips to help you prevent account takeover fraud:
Bot Management: Automated bot attacks were the primary attack vector during the 2018 peak holiday shopping week. Use dedicated bot management solutions to identify fraudulent bots through pattern and behavioral analysis. Ensure the solution automatically prioritizes genuine customers in real-time while preventing unwanted bot traffic.
Strong Passwords: Use automatic password strength checkers to ensure users have strong passwords and employ a password screening tool to prevent customers from using compromised logins.
Credential Screening: A whopping 91% of the login attempts on online retailers’ websites were made by hackers using stolen data. Prevent the reuse of compromised credentials on your website by using a credential screening solution for usernames and passwords. Work with a solution that allows you to customize your response to compromised credentials.
Secure Your Mobile App
Mobile apps are also an attractive target to hackers. In fact, they carry the highest fraud risk after desktop web browsers. Considering the importance of shopping apps, mobile app security mustn’t be an afterthought. Here are some tips to help you secure your app this holiday season:
Have a Mobile Fraud Strategy: Prepare a dedicated mobile risk strategy with a set of criteria to identify, validate, and authorize mobile purchases. Use specialized risk management tools and services for your mobile apps and get a detailed assessment of your fraud exposure to identify where your app is vulnerable.
Use Strong Encryption: 92% of all online retail apps actively leak sensitive customer information. Make use of strong encryption to prevent hackers from accessing customer data. Secure personal and financial customer information during communication and storage according to the PCI DSS security guidelines.
Beef Up Authentication: Use multi-layer authentication like sending a one-time password to an authenticated email address to prevent bad actors from gaining access to sensitive information.
Remember the Human Factor
Surprisingly, temporary workers with high turnover rates may be your biggest security threat this holiday season. 83% of companies have had an incident where employees accidentally exposed customer or business data. To help minimize risks from insider threats, here are some steps you can take:
Bolster Your Security Culture: Strengthen your cyberculture by documenting your security policies, communicating them consistently during onboarding, and encouraging employees to report breaches.
Security Awareness Training: Carry out regular hands-on security awareness training so that employees can understand cyber risks and their business implications, recognize potential insider threats, and minimize risks. Customize training content based on individual company status or department risk profile and include modules on social engineering and sharing permissions.
Look Out for Malicious Employees: To prevent a disgruntled employee from intentionally sabotaging your business, track insider behavior by monitoring and logging access to sensitive data. Stay alert to risks by cross-referencing employees’ cyber footprints with suspicious behaviors such as accessing critical information, data dumps from key applications and working outside of normal hours.
Don’t Let Fraudsters Rob You This Holiday Season
As criminals prepare to wreak havoc this holiday season, keep in mind that no single initiative will guarantee security. Adopt a multi-layer solution approach to cover all your bases, work with experienced data and fraud experts, and participate in an information-sharing partnership to identify current fraud threats. Lastly, track all attempts to plug gaps in your cybersecurity strategy and help your team maintain over these ever-evolving attacks.