Black Friday Fraud
The costumes have been put away and the Halloween candy has been devoured, and now it’s time for merchants to get ready for the most important days of their year. Black Friday and Cyber Monday kick off the official start to the holiday shopping season. It’s an exciting and hectic time that sees many merchants making their most significant profits, but it also creates countless opportunities for fraudsters.
What kind of scams and cyberattacks are likely to be launched this Black Friday and Cyber Monday, and what can merchants do to protect their customers and avoid costly instances of fraud and chargebacks?
- Why Do Fraudsters Strike on Black Friday and Cyber Monday?
- What Types of Attacks are Frequently Seen on Black Friday and Cyber Monday?
- Conclusion
For years, Black Friday has conjured up images of shoppers lining up outside stores in the wee hours of the morning, rushing the doors when they open, and fighting over the best bargains. Increasingly, customers are opting to do their holiday shopping online.
According to Adobe, online sales during Cyber Week last year totaled nearly $34 billion. Whether your transactions are card-present or card-not-present, the days following Thanksgiving are a great time to be a retail merchant. Unfortunately, it’s also a pretty lucrative time to be a fraudster.
Fraud is a numbers game, and when retail shopping is at its peak, the numbers are very much in their favor. Fraud attempts typically rise 25% during the holiday shopping season.
This puts merchants in a tough spot. New e-commerce shoppers and first-time customers are a big part of what makes these days so profitable, and new customers often exhibit unpredictable, “suspicious” behavior that can be misidentified as fraud.
Thoughtlessly beefing up anti-fraud security across the board can lead to false positives that can alienate legitimate customers. Finding the right balance between being secure and being customer-friendly is key, and the right balancing point will vary greatly from merchant to merchant.
Why Do Fraudsters Strike on Black Friday and Cyber Monday?
It’s always easier to get away with fraud when your victims aren’t paying close enough attention, and the massive spike in sales volume and customer activity makes the early holiday shopping season chaotic enough to cover up unusual activity that might raise red flags in quieter times.
It’s also a time when defenses are down among merchants and customers alike—merchants are trying to make as many sales as they can, customers are hunting for great deals, and fraudsters prey on them by telling them just what they want to hear.
Offers that would seem too good to be true at any other time can sound plausible enough in the context of hyped-up holiday sales, and people get taken in by phishing attacks and social engineering exploits.
Fraudsters also know that merchants have an incentive to lower their risk thresholds during the holiday season in order to maximize their sales, so they choose this time to make more fraudulent credit card purchases. The standard software-based approach for fighting credit card fraud is to scan the transaction and customer data for any possible indicators of fraud.
These signs are tallied and scored, and transactions with a score that exceeds a certain threshold are blocked or diverted for manual review. Merchants generally have control over these score thresholds and how “sensitive” the software is at picking up signs of fraud. Software configured to have a low threshold and high sensitivity will misidentify a higher number of legitimate orders as fraud and block them, and vice versa.
Merchants may try to rationalize this lapse in security by anticipating higher sales making up for revenue lost to fraud chargebacks, but this fails to take into account the fact that the true danger of chargebacks isn’t just the lost revenue they represent.
Merchants carry a chargeback ratio that is monitored by the banks and card networks, and an excessive ratio can carry significant penalties. Carelessness during the high-volume holiday season can easily push a merchant from safe territory into the danger zone.
What Types of Attacks are Frequently Seen on Black Friday and Cyber Monday?
The short answer is that you can expect to see the same kinds of fraud you’d see at any other time of year, just lots more of it. However, attacks that involve a persuasive component, like phishing emails, will often reference Black Friday sales, incredible deals, and other holiday-themed enticements.
The holidays are a boom time for merchant fraud. Fake e-commerce websites often go up in time for Cyber Monday, with copycat URLs and layouts designed to resemble real sites. Sometimes these sites sell counterfeit goods or engage in some form of triangulation fraud, but often they’re just there to steal credit card numbers from unsuspecting shoppers.
The hazards may be less intense in the card-present sector, where EMV chip technology has gone a long way toward reducing credit card fraud during in-person transactions, but merchants and customers should still be mindfully cautious.
Fraudsters are known to hijack point-of-sale systems with malware and card skimmers during busy shopping seasons, when people are less likely to spend time questioning the minor technical glitches that might clue them in that something is amiss.
What merchants are most likely to encounter is credit card fraud and account takeover fraud. Even after the initial breach, the holidays give cover to the fraudsters, as customers are often too busy to notice unusual transactions or account activity until after the holidays, when they have time to review their statements in detail.
Conclusion
For retail merchants, no time of year is more critical than the period between Thanksgiving and Christmas. In these weeks when customer interest spikes, competition heats up, and you're feeling the pressure to close out the year with a happy balance sheet, it can be tempting to take risks and shortcuts that maximize revenue opportunities—but that's just what fraudsters and cybercriminals are hoping for.
Excessive exposure to fraud, chargebacks, and avoidable disputes can quickly roll back much of the earnings you've worked so hard for during the holiday shopping season. By planning ahead of time to anticipate a rise in attacks and implement proven, cost-effective solutions for defending against them, you can get through Black Friday and Cyber Monday with confidence.
Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions, or requests for advice to: win@chargebackgurus.com
