Digital commerce has been on an upswing, contributing a major chunk of sales during online shopping days—be it Singles' Day, Black Friday, Cyber Monday, or Thanksgiving. In fact, global e-commerce sales are projected to reach $8.1 trillion by 2026.
Valentine's Day online shopping is expected to be no different. For instance, Valentine’s Day spending reached nearly $24 billion in 2022, with 41% of the total sales coming from online commerce.
Download our free eBook, Protecting Shopper Trust - The Role of Early Fraud Detection in eCommerce Account Security, below and learn the warning signs of sophisticated attacks as well as best practices for sabotaging attacks.
Convenience and accessibility make eCommerce sites popular for consumers and attackers
It is primarily tech-savvy millennials who will drive the Valentine’s Day sales. Compared to offline purchases in brick-and-mortar stores, millennials prefer the convenience of their smartphones to search from a host of items, discounts, and last minute deals while on the go or in the comfort of their own homes. This makes e-commerce websites and apps so popular today.
An Arkose Labs' report states that mobile share of transactions grew 20% over the previous quarter, which further increases during the peak shopping period. On their part, digital commerce platforms offer frictionless onboarding, multiple payment options, same-day delivery to attract and retain customers. Further, in an effort to increase their customer base, e-commerce platforms oftentimes relax the barriers to entry.
This lower barrier to entry, however, has helped to create vulnerabilities within online retailers, many of which can be exploited by cybercriminals. These vulnerabilities often mean that attackers can steal customer data, including credit card information, through breaches that come as a result from a variety of cyberattacks.
Low entry barriers let attackers in and put online retailers at risk
User account creation and login flows have become a cybersecurity challenge for many e-commerce sites. Taking advantage of the increased online traffic and relatively relaxed authentication measures, attackers slip in along with the genuine shoppers to exploit the system through account takeover, fake account creation, and payment fraud, among other cyber tactics and scams.
Attackers create new fraudulent buyer/seller accounts using stolen (often through a data breach or by phishing) or fake user credentials, including passwords and emails, commit payment fraud using stolen credit card information, and take over genuine consumer accounts for fraudulent purposes.
During such high-activity periods, especially Valentine's Day shopping, hackers take identity fraud to a new level. They shop for desirable items such as mobile phones, tablets, and cameras—that can be quickly sold—using compromised accounts or stolen credit card information and personal data. Attackers collect the item from the victim's address on the pretext that the item was delivered at their address in error. Since the item gets delivered against a genuine customer account at a verified shipping address, the fraud does not raise suspicion—neither with the online business nor with the actual consumer whose personal information has been compromised.
Preparing to maximize exploits found in e-commerce
That said, it is not to suggest that fraudsters suddenly emerge, attack the e-commerce site or online shopping platform, dupe consumers and disappear. Attackers prepare the ground in advance to maximize the exploits, and uncover new vulnerabilities, during peak activity periods. They marshal their resources and employ automated bots, human sweatshops—or a mix of both—according to the economic dynamics at play.
In preparation for the big haul, fraudsters use credit card details bought off the dark web, often through previous data breaches, and stolen personal information to validate stolen credentials like email addresses, create fake accounts, put up fake web stores, process fake coupons, and ready bots or human sweatshops to attack at scale. Using easily available tools, fraudsters plant malware to steal payment and sensitive information of loyal customers. They also use ransomware to hold online businesses hostage, many of which will lose out on revenue generated during peak shopping period, should they not comply with the attacker's demands.
Fortifying defenses and protecting customer data is a cybersecurity imperative
Digital commerce platforms face significant risk of fraud and online abuse with a surge in factitious traffic. Financial losses, erosion of brand value, and customer churn are some of the biggest threats that stare e-commerce platforms in the face during heightened shopping days. It is therefore imperative for e-commerce platforms to fortify their cyber defenses by following best practices, which often includes a long-term approach to fraud prevention that secures proprietary and customer data.
These platforms need a strategy that not only makes them resilient to evolving cyber threats but also helps genuine consumers continue to shop without unnecessary friction. When done correctly with the right solution, e-commerce enterprises can also maximize their return on investment by avoiding many of the negative results of a successful cyberattack.
The Arkose Labs advantage
Arkose Labs protects global e-commerce players by making these platforms less attractive for attackers. Arkose Labs breaks the fraud model to progressively make the attack financially non-viable and forces cybercriminals to abandon their attack.
To learn more about our capabilities in partnering with e-commerce enterprises to help them maximize their savings, click here.
Arkose Email Intelligence for New Account Registration
Share The Blog
- Convenience and accessibility make eCommerce sites popular for consumers and attackers
- Low entry barriers let attackers in and put online retailers at risk
- Preparing to maximize exploits found in e-commerce
- Fortifying defenses and protecting customer data is a cybersecurity imperative
- The Arkose Labs advantage
