The retail industry has steadily evolved towards an omnichannel model over the past decade, with the pandemic-era shift in consumer spending habits pressuring retailers into digitizing on a frantically accelerated timeline. For many, this has opened up great opportunities for growth. But with great opportunity comes great vulnerability.
Cybercriminals have adapted to this dynamic landscape, scavenging for new ways to exploit the expansion of omnichannel retail for their own benefit—and succeeding. Recent data from Sift shows a 69% increase in the average value of attempted fraudulent purchases in 2020.
During a recent webinar hosted by Sift and Retail Dive, Karisse Hendrick, Owner/CEO of Chargelytics Consulting and Kevin Lee, Trust and Safety Architect at Sift, discuss this “new normal” of omnichannel retail digitization and bring light to five emerging threats within the industry.
1. Fraudsters infiltrate BOPIS and curbside pickup
Following the initial pandemic shutdowns and social distancing measures, many omnichannel retailers turned to buy-online-pickup-in-store (BOPIS) and curbside pickup to retain business and offer customers more flexibility. But this rushed expansion left retailers—particularly smaller businesses without fraud-prevention methods in place—susceptible to cybercriminals looking for flaws in the system.
These “card not present” channels are more prone to abuse because fraudsters can pick up illegitimate orders without needing to verify their payment information, or in some cases, prove their identity. So retailers are faced with a challenge: protect customer ease of shopping and risk losing revenue to fraud, or add friction to the shopping experience and risk losing customers’ business. Lee offers a wise saying as advice to any omnichannel retailer struggling with this balance:
“Trust is earned in drops and dropped in buckets.”
Hendrick also succinctly describes this struggle as a “balancing beam” on which retailers are constantly having to weigh the customer experience along with the risks.
2. Account takeover takes a toll on consumer trust
As new omnichannel retail processes are put into place, fraudsters love to find loopholes. With the vast majority of consumers using the same password for multiple accounts, it’s easier for them to do even more damage. Automation only adds to the problem—one bad actor can scale targeted, more profitable attacks using a whole slew of tools. Between March and August 2020 alone, account takeover (ATO) attacks increased by a staggering 378%.
Account takeover not only leads to financial losses, but also brand damage and tainted consumer trust. In fact, nearly one-third of customers say they would stop buying from a retailer if their account was compromised on their site.
When it comes to adapting in the face of mass economic disruption, Lee provides some compelling thoughts: “One of the pieces of advice that I’ve been given that I think of quite a bit is the term ‘evolve or dinosaur’ where businesses must continue to adapt to what their end consumers really want, or they’ll become irrelevant.”
While most big-box retailers have extensive security measures in place, smaller retailers don’t always have the infrastructure to combat fraud as effectively, resulting in a loss of consumer trust in the event their accounts are compromised. This is where fraud prevention software comes in—the Sift Digital Trust & Safety Suite dynamically scales to unique and diverse business needs, helping to fight fraud and improve the customer experience.
3. Digital transformation can be a double-edged sword
As retailers rush to digitize, they’re quick to discover the benefits—and risks—of rapid innovation. This is precisely why experts flag digital transformation as a “double-edged sword.” While it does offer flexibility to retailers and consumers, it can also open up new possibilities for attack.
Because it’s relatively easy to cancel a compromised credit card and stop fraudsters in their tracks, illegitimate actors have had to get more creative with their tactics. Fraudsters have evolved past the standard credit card fraud and are now targeting credentials and user information to infiltrate new technologies, apps, and even loyalty programs, including credit card points, airline miles, and hotel rewards.
4. Alternative forms of payment surge in popularity
To cybercriminals, gift cards are as good as cash due to their anonymity. So as online gift cards surged in popularity during the pandemic, fraudsters were ready to take advantage of the opportunity. In just the third quarter of 2020 alone, consumers lost nearly $80 million in gift card scams, according to the Federal Trade Commission.
Due to this rise in gift card fraud, many companies have defaulted to friction—treating any questionable transaction as grounds to shut down an order. But this friction can cause legitimate customers to have their transactions unfairly canceled, impacting their trust and loyalty in the business.
Hendrick emphasizes why it’s so crucial to not only combat fraud, but prioritize enabling legitimate customers: “A lot of times when you’re canceling a good order, you’re not just canceling that specific order, but you’re essentially encouraging your customer to go shop with your competitor because they weren’t able to have a successful transaction.”
5. Credit card fraud gets automated
Credit card fraud has been pervasive for decades, and it’s only picking up speed thanks to technology and automation. It’s now the fastest-growing form of identity theft, increasing by more than 104% between Q1 2019 and Q1 2020.
Lee explains that cybercriminals utilize scripts to automatically cycle through and test thousands of accounts and usernames at an inhuman speed. They’ve also deployed machine learning to mimic legitimate behavior by taking over valid accounts and even creating synthetic identities to create accounts that appear credible to the naked eye.
Shockingly, credit card numbers are easily accessible on public platforms like Reddit, Facebook, and Telegram. Fraudsters no longer have to go to the dark web to get into the game of credit card fraud, making it all the more pervasive and uncontainable.
Watch the full webinar to get even more insights from trust and safety experts Kevin Lee and Karisse Hendrick.