Cyber Monday: How to Protect Consumers - and Your Institution - from Fraud

Economic Conditions Are Ripe for Heightened Season's Thievings
Cyber Monday: How to Protect Consumers - and Your Institution - from Fraud
The holidays are here and the "Black Friday" of the online shopping world -- "Cyber Monday" -- is December 1. The Monday after Thanksgiving is one of the biggest online shopping days of the year. According to the 2008 eHoliday Study by Shop.org, cost-conscious shoppers are making their way online, and retailers expect e-commerce holiday sales to increase at least 15% over last year.

The additional financial stress consumers are shouldering this year could lead to an increase in fraud this holiday season, warns Identity Theft Resource Center's Anne Wallace. Institutions should be proactively advising their customers about the need to take extra measures to protect their personal data while shopping online.

"Consumers should be listening to their 'inner Scrooge' and be stingy giving out personal information," says ITAC's Wallace. Recent events around the country point to an increase in fraudulent activities targeting online banking customers and a dramatic increase in reports of identity theft in economically stressed areas. Consider: Fairhaven, MA, where 25 cases of identity theft were reported in the last two months compared, versus just 9 for the entire 2007. Fairhaven's police chief says the economy has a lot to do with the recent spike in identity thefts.

Wallace warns institutions to be proactive on this issue. "Times are tough right now, and the last thing consumers need is to deal with identity theft, especially during the holidays." ITAC has already helped more than 45,000 consumers recover from identity theft. ITAC's role as a nonprofit coalition of financial services companies offers identity theft recovery services.

Institutions Face Added Losses
While consumers worry about personal identity theft, financial institutions also face the added burden of fraud losses on credit and debit card transactions, as well as loss of reputation. Information security experts see cybercriminals shifting their efforts into high gear, and they expect cybercriminal activity to hit an all-time high this weekend and to remain high throughout the holiday season.

Tracking the threat during last year's holiday season, security vendor PC Tools analyzed threats to more than 500,000 computer users. It found an increase in cyber attacks beginning in mid-October, peaking the Monday after Thanksgiving. Should this pattern remain, things will be very treacherous for consumers shopping online this year. .

Three Forces Merge
The perfect storm of cybercrime and opportunity will hit the nation this holiday, says Paul Kocher, President and Chief Scientist of Cryptography Research.

"This holiday season in general will be worse than others before it because there will be three forces coming together at the same time," Kocher notes. Retailers will hold sales, meaning criminals will be looking to perpetrate fraud, and fraud will be a bigger percentage of sales. Because there are more people out of work, this will increase the number of people looking for bargains.

"With 1.2 million people laid off, they won't have the money they had before to pay," he notes. Historically in past downturns, Kocher explains, "Fraud skyrocketed when people can't buy what they want."

The third leg of the triad is that retailers will be trying to make their quarter. "So they will be more willing to accept dicey transactions, especially toward the end of the quarter, where the fraud rates won't show up until the next quarter." From December 1, Cyber Monday, Kocher estimates it will take about 45 days for any fraudulent activity to hit the cardholder's statement. This is when the institution becomes involved and the transaction gets unwound.

Awareness and Education Important
In light of those three merging forces it is more important than ever to have awareness tips in front of the consumer and employees. "Education on a few simple tips can help businesses and financial institutions protect themselves and their customers against fraud," says Debra Geister, director of Fraud Prevention & Compliance Solutions with LexisNexis.

Reminders about identity theft and its threat go a long way in making customers (and employees) think twice about clicking on the final transaction, says Kocher. The need for awareness is because employees are facing a massive crush of orders online, "Right after a weekend of brick and mortar shopping where everyone is exhausted."

The institutions that have automated risk management systems will be fine handling the volume. "But any manually-handled transactions, there will be problems detecting when a transaction is fraudulent. Banks will end up with less time to investigate suspicious transactions, and it will be even harder for the retailers -- they will have this surge in transaction volume, and they're just trying to handle that, and also to be as diligent on fraud checks will be pretty difficult," Kocher observes. On the retailer side, the already struggling smaller online merchants will suffer more losses because they don't have in place the sophisticated risk management programs in place like the Amazons or Wal-Marts do. "It also is telling when you compare the smaller merchant's expertise against the larger retailers," Kocher says.

Changing Customer Mindset
For all financial institutions, whether they issue credit cards or not, they should be giving the standard advice about safe online shopping habits to their customers. However, once past that, one of the challenges that institutions face is that consumers aren't liable for charges they didn't make past the standard $50. "It is actually the consumer who decides how much risk the bank will be exposed to when they're out there shopping online. They don't have too much skin in the game; they're thinking the bank will eat the loss," says Kocher.

Customers need to be reminded that identity theft is also a possibility when fraudulent charges are made on their card. Institutions also need to remind their customers to call immediately if they see any suspicious activity on their cards or accounts.

New Attack Vectors
Financial institutions should be prepared to fight fraud from a growing number of areas. One place where banks are going to see fraud growing over the next year is in ATM networks. "At the same time traditional fraud is being caught, ATM fraud is growing," Kocher explains. The ability to do risk management is significantly less on an ATM network than online transactions because the ATM delivers the goods (money) to the consumer immediately, he adds. "This is exactly what fraudsters want, the cash, rather than a large ticket item that they have to turn around and fence."

See: 10 Tips for Cyber Monday Safety


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.