Cybersecurity threats are looming large to get the advantage of homebound shoppers, who are mainly relying on virtual shopping this holiday season to prevent coronavirus spread. From great shopping days to Black Friday sale, every year, the entire December and January month help retailers generate huge revenues and buyers getting deep discounts.
This year, there is a reason for e-retailers to be more vigilant against cybercriminals who could take advantage of the massive human traffic on their sites to conduct fraudulent online transactions.
According to the latest security report on the 2020 Holiday Season from McAfee, a global computer security software company, there were 419 threats per minute in Q2 2020, increasing almost 12 percent over the previous quarter. It notes that the ongoing COVID-19 pandemic has compelled more people to opt for online shopping this year. Over 68 percent of Indians have increased their shopping activity this year. These threats are likely to scale new heights during the ongoing holiday season.
The spike in web traffic can be a source of joy for many e-retailers who have been hit hard due to the pandemic’s driven economic instability. However, it has also expanded threatening surfaces that could lead to cybersecurity disasters.(See: How COVID-19 has changed cybersecurity focus for 2021 and Combating cyber threats in the new normal)
Threats in the era of new behavior
It is evident that with increased e-commerce operations during the COVID-19 pandemic, the retail sector has become very lucrative for cybercriminals. This is primarily because these sites retain sensitive customer information such as name, contact details, and credit card/ debit card numbers.
According to findings by cybersecurity firm Imperva Research Labs, the volume of attacks on retailers’ APIs has far exceeded average levels this year. While the majority of the attacks occurred from bot activity, leading attack vectors for retail API attacks in 2020 to include cross-site scripting (XSS) (42%) and SQL injection (40%).
DDoS attacks, phishing, and emailer frauds have also peaked at new scales this year. Imperva observed an average of eight-layer attacks per month against retail sites, with a significant peak in April 2020 as lockdown measures led to an increase in demand for online shopping. It is, therefore, essential for e-retailers to devise a robust strategy to address these cybersecurity threats.
In April this year, Japanese multinational consumer electronics and video game company, Nintendo, suffered a massive cyberattack on its official website, leading to data theft of over 300,000 Nintendo customers.
Many of these accounts were put in jeopardy and used as unsolicited purchases. Cybercriminals also leaked sensitive customer data such as name, password, date of birth, and payment information on the Dark Web, making a loss of brand reputation and goodwill of the Kyoto-based society. With the number of transactions witnessing a steep hike, both consumers and organizations are seeing the rise of holiday cybersecurity threats and need extra surveillance in order to stay secure.
Fraud prevention strategy
Regardless of what many industry observers say, e-retailers continue to hurt most by cybersecurity threats. For them, the only way out of cybercriminals’ grip is by employing the best class identification solutions that can fully secure their cloud infrastructure without impacting convenience.
E-retailers need to keep their cloud infrastructure up to date and proactively explore intelligent cybersecurity solutions to prevent their websites from hijacking.
Some of the best cybersecurity practices that e-retailers can espouse through advanced security solutions:
Address verification service (AVS): One of the most prevalent measures to keep fraudsters at bay is AVS. It’s an automated mechanism that matches the billing address with the payment instrument’s address, say, a credit card, to identify suspicious transaction activity.
Location monitoring: Those transactions where the shipping, billing, and the IP address are in proximity are usually safer transactions. If there is a significant remoteness between those addresses, the account or transaction must be supervised more closely. Various solutions are supported by advanced AI and analytics technologies available today that can help e-retailers monitor transactions on their sites and check for suspicious behavior.
IP address legitimacy: Fraudsters often mask their IP address to place orders with online retailers to avoid being tracked. Using cutting-edge technologies such as zero-trust and cryptographic network protocols, online retailers can prevent and mitigate such spoofing attacks. (See: Covid-19: Reimagining work with a zero-trust lens)
Multifactor authentication: A robust multifactor authentication protocol ensures digital users’ authenticity and provides secure access.
Keep your users informed: All e-retailers must keep their customers up-to-date on the latest cyberattacks and measures to navigate with caution. Information about how to keep a strong password and secure their information should be communicated frequently to customers.
There are many other modern-day tools available that can help e-retailers secure their networks from holiday cybersecurity threats. They should consult with their cybersecurity partner to ensure a secure online retail experience and prevent cybercriminals from taking unassailable advantage.