by Brian Bullock
Cybersecurity Awareness Month
The Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) work together every October to spread the word about how important cybersecurity is to everyone, especially retail store owners. This year’s theme is “Do Your Part. #Be CyberSmart.”
In October, Retail Science featured two stories on cybersecurity. The first story looks at what types of cybercrime target retail businesses. The second story will offer independent business owners suggestions on how to combat the problems and run a successful and secure store.
E-commerce Fraud is Booming
Like it or not, the pandemic reshaped the retail landscape and spurred e-commerce growth like nothing before. The use of online sales spread faster than the virus and e-commerce fraud increased just as fast. Data shows that cybercrime cost the world more than $1 trillion in 2020. All this means is that retailers using both online and in-store sales are dealing with more fraud in more forms than ever.
Gone are the days when merchants only had to worry about counterfeit bills and bad checks. Nowadays, consumers can purchase items with a wave of their watch which is just one of an array of payment options that must be monitored.
Retail Dive reported that Juniper research found that e-commerce retailers could lose over $20 billion this year through new forms of online fraud. That’s an 18% increase over 2020 when the pandemic caused online sales to skyrocket reaching nearly $791 billion. That accounts for nearly 14% of all retail sales.
It’s not getting any better, either. Credit agency Transunion reported in August that suspected online fraud over the first four months of 2021 more than doubled the previous year.
Ransomware, identity theft, friendly fraud, account takeovers, and “pharming” are just a few of the dangers facing online shoppers and merchants this year and in the future. Some are new, some have just evolved with time.
The result has given birth to what has been labeled as a global Fraud Economy. So, increasing your awareness of the issue and your store’s network security budget might just protect your e-commerce growth and profits against e-commerce fraud.
Identity theft
To the average shopper, identity theft may seem like a consumer-focused hazard with fraudulent purchases made against their ill-gotten credit credentials. However, as merchants well know, the “purchased” merchandise is effectively stolen from stores.
Consumers aren’t typically liable for credit card fraud in cases of stolen identity. Often, once fraudulent purchases are made with stolen credentials, credit card companies cancel the old card and issue the consumer a new one.
Consumers have additional protection from the Fair Credit Billing Act, which limits their liability of a lost or stolen credit card to $50.
That leaves merchants or banks to foot the bill for fraudulent purchases depending on the nature of the transaction. Banks are usually responsible in cases of either stolen or forged credit cards being used to make purchases in stores.
Merchants are likely to be liable for fraudulent purchases made on older magnetic card swipe payment terminals. They’re also are often liable in “card-not-present” transactions which make up an increasingly large percentage of e-commerce transactions today. That’s when stores take credit card numbers either over the phone or on e-commerce sites for a purchase. So, when a merchant is a victim of this kind of fraud, they not only lose the sale money, but the item is also essentially stolen.
Friendly fraud
Friendly fraud is another name for chargeback in which a consumer deliberately steals from a merchant by making a purchase and then claiming to the bank or credit card company it was a fraudulent charge to their account.
In these cases, merchants can not only lose the merchandise, they can be hit with fees that can range from $20 to $100 per transaction. They can also be fined up to roughly $10,000 if the monthly chargeback rates exceed predetermined levels. Merchants can have their accounts terminated by credit card processors if their chargeback rates become problematic, too. This means they would be unable to process credit or debit purchases and would essentially be limited to cash-and-carry sales.
Pharming is growing
By now, pretty much everybody has heard of “phishing” – the practice of sending out bogus emails to gain information or access to websites or business networks. Well, now we have “pharming,” a much more evolved form of phishing that involves the redirection of website traffic from a legitimate site, like your e-commerce website, to fake sites. These sites can be used to steal usernames, passwords and other personal information, or load malware onto the operator’s computer.
Pharmers most often target websites of banks, online payment platforms, or retail e-commerce sites.
Retail in the crosshairs
The Verizon 020 Data Breach Investigations Report says 43% of cyberattacks target small businesses. Accenture Security adds that only 14% of small businesses are equipped to deal with an attack.
Pharmers and other cyber fraudsters are prevalent in retail today because, thanks to e-commerce growth during the pandemic, many merchants are new to online sales and not sophisticated in their operations or vulnerabilities. This inexperience led to fraudsters increasing their take in 2020. As internet traffic surged and the amount of money spent online nearly doubled, the average value of attempted fraudulent purchases rose 69% in 2019.
eMarketer predicts that e-commerce growth in the U.S. will reach nearly 14% in 2021. While that’s less than the 18% growth of 2020, its cumulative effect means e-commerce will be roughly 30% over two years and it will account for more than 15% of the $5.8 trillion in retail sales forecast for 2021.
“E-commerce volume increasing from $600 billion to $800 billion means there’s a lot larger surface area of risky transactions,” he said. says Johnny Ayers, CEO of Socure, a digital identity verification company.
Digital payments are expected to grow to $11.3 trillion by 2026.
The lodging industry was hardest hit with fraud in 2020 with a 71% year-over-year increase. Professional marketplaces – like Etsy and eBay – saw a 67% increase. Omnichannel retail was a not-too-distant third with a 50% bump over 2019.
e-Commerce continues to soar
Despite all the additional e-commerce red flags, people are still shopping and selling online more than ever. In May, Amazon reported its best first quarter ever with a net revenue increase of 44% to $108.5 billion.
“As the pandemic continues to push more brick-and-mortar businesses online, merchants should expect the high traffic there will drive a rise in several risk areas,” said Jason Cheung, fraud product manager at Digital River, an integrated solution provider.
New merchant programs associated with e-commerce spurred the growth. Buy Online Pick Up In-Store (BOPIS), Curbside pickup, Click-and-Collect, and Buy Online Return In-Store (BORIS) all added to online shopping. Which added to the potential for both online and in-store fraud.
Data from eMarketer shows that U.S. click-and-collect sales more than doubled from 2019 to 2020. And which it represented just 9.1% of e-commerce sales during this period, it was responsible for 20% of domestic e-commerce growth.
Takeaway
As e-commerce continues to grow and more brick-and-mortar stores incorporate it into their regular sales processes, protecting valuable digital information and systems will become increasingly important.
The second part of this series will offer suggestions on how to ensure your stores operate as efficiently and safely as possible.