The direction of retail was likely captured by data from the holiday season’s special shopping days. In-store shopping was down 55 percent on Thanksgiving Day and 37 percent on Black Friday according to the National Retail Federation, and RetailNext said foot traffic was off by up to 47 percent. By comparison, Adobe Analytics calculated that Cyber Monday sales grew in 2020 by more than 15 percent compared to a year earlier, and that shoppers spent more than $30 billion at online retailers between Thanksgiving Day and Cyber Monday.
Those figures reflect unique conditions created by the pandemic—and next year in-store holiday sales will likely be a different matter—but most retail analysts expect online will continue to grow as a percentage of total sales. The pandemic has brought new shoppers to the world of e-commerce, and the types of goods consumers now think to buy online has expanded. For examples, online sales on Thanksgiving and Black Friday in the food and grocery category increased 137 percent, according to data from NetElixir.
Risk Accompanies Growth
A core principle in e-commerce security is that more fraud always accompanies more transactions, and retailers’ race to capture more revenue online has left some of them vulnerable, say experts. “As the pandemic continues to push more brick-and-mortar businesses online, merchants should expect the high traffic there will drive a rise in several risk areas,” said Jason Cheung, fraud product manager at Digital River, an integrated solution for e-commerce back-office functions. There are also complicating issues, such as card brands lowering chargeback rate thresholds, “so merchants will find it more challenging to perform under these limits,” he said.
Cheung told LPM that all retailers, whether they are primarily brick and mortar, e-commerce, or omnichannel, will see a continued trend of:
- Falsified chargebacks from valid cardholders;
- Increased fraud from criminal organizations;
- Attempted abuse of discounts, offers, coupons, and the like;
- Returns abuse; and
- Expanding acceptance and justification by customers when it comes to taking advantage of merchants.
As for specific e-commerce risks, some analysts warn that there has been a significant growth in account takeover—bad actors getting login credentials and authenticating themselves as legitimate, returning customers and accessing their online accounts. The problem has grown significantly in the last two years, as more retailers—seeking customer loyalty and a better, easier experience for customers—push them toward creating online accounts that often include storing payment methods.
More online customer accounts mean more opportunities for fraud, and the growing number of data breaches, which has made billions of email-password combinations available and which customers tend to use across accounts, provides fraudsters with access to the information they need to take advantage of them. Add the fact that bots and automated scripts are being used to automatically validate credentials, and fraudsters have even a better chance to scale up their operations.
“For retailers hit by account takeovers, problems can quickly multiply. It erodes consumer trust and encourages other bad actors to join in, which can cause site performance problems. Some of these bad actors will even put out how-to guides, and specifically call-out your site or your company as a place to test,” said Erica Rainsberg, director of fraud strategy and analytics at Macy’s in a presentation to the NRF Protect conference in September.
Suggestions from Experts
Since fraudsters logins are legitimate—in that they use proper credentials for identification—identifying signs of it can be difficult. Rainsberg suggested taking a “funnel approach.” She explained, “Right up front it’s your site traffic. If there are blips or jumps, that’s something you need to be watching from a site security side.”
From a fraud perspective, the total number of logins and failed logins can suggest if you might have a problem, she added. Going deeper, retailers can track data over time to be better alerted to spikes and to understand its who its customers are and how they behave. “Look for outliers and abnormal behavior that would cause you to dig in,” she said. For example, if a customer that previously placed orders once every few months for a few hundred dollars suddenly makes several expensive purchases in a short span shipping to a new address. That type of thing is something that needs to bubble up for investigation.
In response to the 2021 risks he sees, Digital River’s Cheung recommends merchants re-evaluate their existing risk mitigation tools and processes, including e-commerce fraud tools; loss prevention operations including processes, systems, and staff; and to complete a gap analysis. He noted that some merchants may find additional process layers useful, such as third-party data validation, behavior analytics, and device identification/fingerprinting. “Make sure you thoughtfully architect which additional technology and process layers will give your team the best performance impact to minimize increased headcount and multiple work screens and systems,” he told LPM.
Cheung also recommended paying attention to—not just how powerful data tools are—but how the data they collect can be examined and used. “New tools requiring extensive manual reporting can hamper the analytics and require additional customized development to truly be effective,” he warned.
Finally, he advised to ensure that data reporting both shows overall data and permits deep dives into your transactions with ease, and over time, “not just simple day-by-day aggregation or similar views.” He added, “If you can easily turn this reported data into a forecasting tool and apply it to the performance of subsequent years, you’ll be able to trend repeated fraud groups, recurring anomalies, assess volume and risk trends, and estimate staffing requirements.”