A forecast for the first-ever trillion-dollar holiday season is good news for retailers and eCommerce players. However, a shorter run to Christmas will stretch retailers thin, and force them to fight heightened fraud activity—both automated and human-driven.
The 2019 Holiday Season, By The Numbers
According to eMarketer, a market research firm, this year the holiday season is expected to cross the magic figure of $1 trillion, which is up 3.8% from 2018. Cyber Monday will likely be the biggest online shopping day with nearly $10 billion in sales. Further, eCommerce sales are expected to jump 13.2% to $135.4 billion, accounting for 13.4% of the total sales. Use of mobile for payment transactions is also expected to total up to $98.9 billion this year.
When it comes to consumer spending, the National Retail Federation (NRF) expects a healthy consumer spend during the 2019 holiday season with an average per consumer spend of $1047.83 compared to $1007.24 of last year.
A Holiday Spike in Fraud
If these numbers are anything to go by, retailers are surely in for a record-breaking holiday season. They must also know that this will be the most challenging time of the year: their moment of truth.
Fraudsters, too, are aware of the challenges retailers face during this period of frenetic activity. That is why they take advantage of the festive season to blend with the genuine traffic and gain access to the business systems for greater monetary exploits. Thanks to a string of data breach incidents, fraudsters have fresh databases full of stolen customer credentials and corrupted online identities of genuine customers, which they can use to orchestrate numerous types of fraud this holiday season. These include:
Identity Fraud:
Apart from personal details of customers including names, email addresses, phone numbers, credit card numbers, and social security numbers (SSNs), fraudsters now also have in-depth details such as consumers' bank accounts, funds in the account, payment history, loyalty points, saved passwords, and so forth. This gives fraudsters greater control and a wider horizon of opportunities to exploit these details—for payment fraud, synthetic fraud, account takeover, new account registration, money laundering, inventory hoarding—during this peak activity period.
Since BOPIS is a CNP transaction, fraudsters use stolen credit card details to buy products online and request in-store pick-up. They either create fraudulent identity proofs to clear the in-store-verification processes or use delegates (similar to money mules) to pick up the products as quickly as possible—before the fraud is detected—causing losses to the retailers.
New Account Registration:
Holiday season is a prime opportunity for retailers to attract and acquire new users. As a result, they often lower their guard to make onboarding for new users as frictionless and quick as possible. Using this convenience to their advantage, fraudsters use stolen and synthetic customer details to create numerous fake accounts, which are then used to abuse businesses. Coupon abuse and referral abuse are two such examples. In coupon abuse, fraudsters buy a product multiple times causing losses to the retailers. Similarly, these fake accounts are used for referral abuse where fraudsters pocket the referral discounts by referring the business to these fake accounts.
Account Takeover:
Fraudsters break into genuine customer accounts and impersonate the authentic users to shop for expensive or limited-edition items as they have high resale value. Fraudsters can abuse the saved payment information to buy multiple items and redeem the points for the next purchases without raising suspicion. The retailer not only loses the items but also loses returning customers when the fraud is discovered.
Payment Fraud:
Commonly manifested as card not present (CNP) fraud, fraudsters max out stolen credit card details for big-ticket purchases. When the credit card owner discovers the fraud, she disputes the purchase, which causes chargebacks to the businesses. Arkose Labs has found in its Q4 Fraud and Abuse Report that as online retailers encourage their customers to set up accounts and save payment details, fraudsters are increasingly looking to take over genuine customer accounts for payment fraud.
Additionally, fraudsters can use bots to disrupt online shopping such that for payment purposes, consumers are redirected to an off-site payment choice, which the fraudsters control.
Gift Card Fraud:
Gift cards is a lucrative business stream that helps retailers increase revenue and retain customers. Despite their low dollar values, gift cards are attractive to fraudsters because they are easy to monetize and promise massive returns when monetized at scale. Fraudsters can either sell the gift cards on the dark web or cash them on numerous websites and physical kiosks that convert gift cards into cash at a fee of 30-40% of the card value.
BOPIS:
The 'buy online, pickup in store', is a fast emerging trend where retailers are going 'phygital'. It is expected that 90% of retailers will offer BOPIS by 2021. Although BOPIS is available to consumers right through the year, it assumes greater significance during the holiday season as retailers look to augment their in-store sales with greater footfalls.
BORIS:
'Buy online return in store' is a fraud where fraudsters use the product and return them in store within the stipulated return period. Wardrobing is a common BORIS fraud where fraudsters buy expensive apparel online, wear it once for an occasion, and return it in store for cash. Since, these used items cannot be sold again, they add to revenue losses for the online retailers.
Inventory Hoarding:
Using bots, fraudsters can prevent genuine consumers from accessing limited-edition items by hoarding the inventory. This can force consumers to buy from competitors, causing revenue losses to the business.
Fake Reviews:
Tech-savvy consumers have come to rely on reviews and ratings of products before buying them online. Fraudsters can post damaging reviews to skew the ratings against the retailer, causing business losses.
Spam:
When fraudsters are able to abuse the online messaging systems of the retailers, they can send out spam to the entire customer base and phish out verified consumer details. All of these details can be used later for any or all of the above mentioned crimes.
Friendly Fraud:
Authentic users, who are not necessarily fraudsters, indulge in friendly fraud when they do not wish to pay for the items they buy online. They deliberately book online items using credit cards, only to claim later that their card is stolen so they can retain the item, causing revenue losses to the online sellers.
A Cheerful Holiday Season for Everyone
It is a given that fraudsters will employ every technique possible to attack businesses this holiday season. As such, apart from trying to meet and exceed the rising customer demands and offering a seamless, multi-touch user experience, online retailers must ensure they have the right capabilities to shut the entry gates for fraud.
It is during this important commercial period of the year, that retailers must adopt a fraud-prevention approach that eliminates fraud from its roots, without unnecessarily disrupting the user experience for genuine consumers. Arkose Labs' bilateral approach to fighting fraud and online abuse makes authentication fun for genuine consumers but targets automated bots and phony fraudsters with adaptive, graduated friction to force them into abandoning the attack.
The holiday season is about business. But, it's also about people—the consumers. Make sure you give your customers the gift of a safe and secure online shopping experience and ensure strong business revenues this holiday season. To learn about how Arkose Labs can help with this, schedule a demo now.
Share The Blog
