How can financial institutions prevent shopping season fraud?
Black Friday and Cyber Monday are two of the years’ busiest shopping days. For consumers and retailers alike, it marks the beginning of the winter holiday shopping season, as well as a time when organizations have to do their best to prevent shopping season fraud.
It’s also a busy time for hackers, who look to capitalize on seasonal spikes in transaction volume to try and evade fraud detection processes and con innocent customers out of pocket. In 2018, almost a quarter of UK consumers experienced attempts at fraud over the Black Friday and Cyber Monday weekend.
While there are several steps consumers can take to stay protected this Black Friday, the onus to avoid fraud shouldn’t be on their shoulders alone. Banks and financial institutions also need to take responsibility to prevent shopping season fraud.
Communicate with customers
It’s difficult to avoid Black Friday and Cyber Monday, as retailers take advantage of all channels to push their deals front and centre. For hackers, it’s an opportunity to mimic these communications and pose as a legitimate brand, with the aim of convincing customers to part with sensitive, often financial, information.
While retailers need to be on their guard, banks need to be wary too. Just a few months ago, hackers took advantage of the increase in communication around the Strong Customer Authentication (SCA) and created very realistic, fake, emails in an attempt to steal credentials. As we kick-off the holiday shopping period there’s every chance that this tactic will be repeated.
That’s why it’s important to let your customers know that your brand will never ask them for credentials via email, text or chat.
Prevent shopping season fraud: Stick to the processes
As the volume of transactions being processed increases, it can be tempting for staff monitoring them to cut corners as they try and clear their workload. However, this only provides hackers with an easier route around security measures that are in place for a reason.
Remind your staff that security standards don’t need to slip, and that it’s more important than ever that they pay attention to those requests that seem a little out of the ordinary. Encourage them to stick to the processes and procedures defined throughout the entire year.
Protect mobile apps
The way customers are engaging with retailers is changing. Over the years there’s been a greater push towards online and mobile shopping, as consumers look to avoid the crowds, and take advantage of shopping from the convenience of their own homes. Research from PWC found that 77% of Black Friday transactions are now predominantly online, and last year more than a third of purchases occurred on mobile.
However, it’s well known that hackers look to take advantage of vulnerabilities in new channels where security may not be as robust. Furthermore, it’s become overwhelmingly clear from the number of vulnerable apps detected in Apple and Google’s app stores that we can no longer rely on them to keep us secure. That’s why it’s essential that banks and financial institutions secure their apps with mobile application shielding technology so that they’re able to protect themselves in untrusted device environments.
This prevents attackers from injecting malicious code into an app and repackaging it for distribution in unofficial marketplaces or websites. It is also context-aware so that if a customer’s mobile device is rooted or allows for side-loaded apps and is potentially infected with malware, the app itself is still protected.
As a result, consumers who accidentally download a malicious app, thinking it’s genuine, won’t risk having their financial credentials stolen by criminals.
Implement multi-factor authentication and transaction signing solutions
Multi-factor authentication and transaction signing solutions can play a significant role in helping prevent transaction fraud, so it’s important that banks and FIs implement these within their security infrastructure.
However, there are certain authentication methods, such as SMS, that have proven to be less secure than others. Therefore, banks should adopt risk-based multi-factor authentication, that takes into account a range of data from various sources, such as behavioral biometrics, voice recognition, geolocation and so on, to ensure that they provide the appropriate level of authentication for the situation.
Take advantage of AI and ML
The most effective solutions to prevent shopping season fraud are those powered by AI and machine learning. This is because the algorithms are capable of analyzing large volumes of disparate data in real-time, enabling banks to detect and prevent cyberattacks, reduce false positives, and achieve regulatory compliance. This is particularly important over the holiday shopping season when there’s likely to be a significant surge in the amount of data being processed.
Evidently, there’s plenty of steps banks and FIs can take to ensure their customers are protected from fraud this Black Friday. However, it’s important that fighting fraud doesn’t drop from the agenda as soon as the holiday shopping season ends. While hackers can capitalize on the increase in transaction volume of the next month, they certainly don’t rest at other times of the year. Fraud is an ongoing, global problem that can have a significant impact on finances and livelihoods, which is why it’s important that combatting it remains front and centre for banks and FIs all year round.