Securing the Digital World

Ready, Set, Shop: Practical Tips To Avoid Cyber Monday Fraud

Nov 14, 2017 | by Yael Gour |

Online shopping grew over 20% Y/Y, and this coming Cyber Monday will no doubt mark another peak.

This peak in online shopping brings lots of opportunities for organizations to grow their revenue, but it also imposes many risks. Whether a bank, credit card issuer, or online merchant, here are some simple tips to ensure your organization is prepared:

  1. Avoid downtime. Review your environment's capacity and make sure it can support expected peaks in online activities. The last thing you want is downtime during peak shopping times that drive your customers to a competitor's website.
  2. Fraud prevention. Make sure your organization has the right fraud detection and prevention capabilities to protect your consumers and brand. There is no bulletproof solution, and a layered approach is recommended:
    • Anti-phishing. Holiday shopping is a prime season for phishers, and spikes in phishing activity are common with a phishing attack identified about every 30 seconds. Whether you manage the process internally or engage an anti-phishing service to identify and shut down attacks targeting your organization, your internal fraud staff should be on high alert and be prepared to act quickly.
    • Visibility. You should strive for full visibility to what is happening across your web and mobile applications at any given time, how genuine users typically navigate on the website and what anomalies are observed. Such visibility will help you to distinguish genuine buyers vs. fraudsters attempting to take advantage of loopholes in your website to fraudulently gain rewards points, stack coupons and test credit cards.
    • Transaction risk analysis. With the expected spike in transactions, especially more traffic coming from mobile devices, your risk scoring models must be highly accurate with low false positives. Ensure risk policies are aligned with risk scoring to minimize the friction on genuine users. If additional authentication is required to validate a user's identity, offering a variety of authentication options as no "one size fits all" when it comes to consumer authentication.
    • Anti-malware. Web injections are almost standard in most of today's banking malware. This allows fraudsters to manipulate the amount and details of a transaction and/or the receiver account. Transaction signing is recommended to ensure the authenticity of high value transaction.
  3. Review your policies. While this sounds like a no brainer, many organizations fail to align their business goals and risk tolerance, especially during peak times such as Cyber Monday. Translating business goals into rules that account for the level of risk that your organization is willing to accept is critical. Establishing even simple KPIs such as revenue goals, abandonment rates, customer intervention, fraud detection rates or fraud loss prevention is a start.
  4. Educate your consumers. Be the "trusted advisor" for your customers when it comes to online security. For example, consider providing safety tips to customers on the home page of your website or in promotional emails which offer an easy process for them to report suspicious emails or offers. Demonstrating to customers that you care about their online safety helps to build brand loyalty.

    With overall fraud rates expected to increase in number and value during this busy time, make sure to secure your organization and your consumers in the upcoming shopping season.

So, are you, your consumers and your organization Ready? Set? Shop!!

Ready? Set? Shop!

With overall fraud rates expected to increase in number and value during this busy time, make sure your organization and your consumers are secure in the upcoming shopping season. For ideas on practical metrics you can use to measure fraud prevention success during Cyber Monday and throughout the year, download our white paper, "Business-Driven Fraud Management."

Keep up to date on all things related to fraud. Follow us on Twitter @RSAFraud.