If you are at a socially-distanced Thanksgiving event and you run into a family member involved in eCommerce fraud prevention, be gentle; they are more than a little freaked out at the moment.
We are now heading into the most surreal of holiday shopping seasons. With COVID-19 rebounding into a deadly third wave and as retail shopping is regulated to maintain social distancing, more people would rather sit in front of their laptops than fight the holiday crowds.
Even though several vaccines are ready to be introduced to wider audiences, we will not see its impact until the end of Q1 2021. With that in mind, I think that the expected rise in online shopping will exceed the projected 20% increase experienced in 2019.
When holiday spend figures were calculated prior to the opening bell, COVID infection rates were on the downslope. Also, certain states were aggressive when it came to re-opening their states to achieve some sort of normalcy. However, as the viral infection rate roared back with a vengeance, more online spending will equate into more online fraud.
This means that larger merchants—often the targets for Bad Guys—will find themselves under a greater threat as we move through the holiday season. We already know that online fraud has spiked as the result of the pandemic, nearly doubling from 2019. We know that the sophistication level demonstrated by Bad Guys has expanded in depth and breadth. We also know that Bad Guys will always have the element of surprise even as billions are spent to fight fraud and predict where weaknesses in the payment ecosystem might occur.
So how will Bad Guys take advantage of things?
Watch for increased malicious Bot Attacks on high value retail and eCommerce brands on critical shopping days, like Black Friday and Cyber Monday. According to the FBI, roughly 30% of these attacks will come from the United States and another 30% will come from countries that made up the old Soviet Union (Russia and the Ukraine).
Account Takeovers are also spiking, due, in part, to the time lag between when the attack occurred and when the consumer discovered the breach. With the growth of information available for purchase on the Dark Web, these numbers will only increase until consumers become more diligent in their own digital hygiene. I would also expect to hear about an increased number of data breaches as we move from November into December—but these breaches will be announced in April or May.
While most shoppers are familiar with skimming and phishing, there is a whole new generation of bad behavior that will make a more publicized debut this holiday season.
Formjacking is when Bad Guys while set a trap with corrupt Java code in order to steal customer data and payment information. This negates any strong front end authentication because its fraud comes to the payment ecosystem through a back-end third party plug-in.
Cross Site Scripting is when malware scripts are attached to trusted websites. This attack blooms when a Bad Guy attaches malware in the data sent from a website’s search or contact form.
Remote Code Execution is when hackers activate a remote code to find weaknesses in a payment network. Essentially, it is like walking around at 2 AM to check if there are any unlocked doors in your neighborhood. Once the Bad Guy gets in, they have full access to your entire network.
What connects the dots is the value found in stealing customer information, spending data, and payment information. What makes things worse is that when we look at the maddening crowd of online holiday shoppers this season, Bad Guys can hide—and hide well.
So, if your family member is rocking in a fetal position after Thanksgiving dessert is served because he or she thinks about online fraud, please be kind. It will be a very rough season.
Payments, Fraud, and Leadership 