The Grinch of Christmas Shopping: Preventing Cybercriminals from Hijacking Online Retail

It is that time of the year again.

The holidays are swiftly approaching, and people are scrambling to hunt down the best deals online taking advantage of retailers offering extreme discounts and bargain deals – or the appearance of such – on goods and services. In this time, crowds of consumers are goaded by ads and marketing campaigns to spare no time making buying decisions; and most do not, for fear that they may never see such reductions again. 

In years past, the season would begin with Black Friday, crowds stampeding into stores and altercations unfolding at the till over the last flatscreen TV. This year, however, is likely to be quite different. Our everyday lives have been upended with the outbreak of Covid-19, not least in the way we shop. Unsurprisingly, Entersekt’s State of Online Shopping Report, found that over a quarter of UK consumers are now shopping less in-store. In fact, 14% confirmed that they would no longer visit a store during the pre-holiday sales. This will inevitably result in a surge of internet traffic, in an already rapidly growing e-commerce space. Even those who may have previously resisted the digital transformation are being compelled to adapt. For instance, 38% of consumers aged 55 and older are now using less cash than before the pandemic, suggesting a shift in shopping habits among this demographic. 

Unfortunately, cybercriminals will be lurking in the shadows to take advantage of individuals in this period of change. In fact, we have already seen an amplification in fraudulent attacks. NuData Security, a Mastercard-owned provider of behavioural biometrics, has reported that between March and June of this year, one in two accounts were created that presented a high-risk, be it for fraudulent purchases, to write fake reviews or abuse sign-up offers. Chances are, bad actors will also take a page out of the marketeer’s book, and play on the urgency of deals to lure individuals into clicking their malicious links. This is a particularly concerning threat as more than one in five individuals in the UK, shop through links found in articles, email marketing campaigns or social media ads. 

It is clear that financial institutions face some new challenges in this regard and will want to up their security game, not only to protect themselves, but their customers, too. They need to do this intelligently. While Entersekt’s report has shown that the majority of consumers rate security as the most important aspect of the online checkout experience, as many as 25% of people feel annoyed, confused or suspicious of unexpected security measures, which can lead to cart abandonment issues. As such, there needs to be a balance between maintaining security and ensuring a smooth and efficient checkout experience for this holiday season and beyond. 

In order to achieve this, financial institutions should implement robust authentication techniques by way of banking apps or browsers. Through this, they can bind customer identities to their devices and uniquely identify them. Individuals can then authorise transactions in real time by responding to ‘yes’ or ‘no’ questions with one tap or click and receive alerts of any suspicious activity in the instant that they occur. In this way, financial institutions can help simplify the process for consumers who may otherwise find the security process to be laborious and complicated. By incorporating background risk assessments into the process, additional security measures involving the user only have to be brought in when the system flags transactions as unusual. By doing so, consumers will face just the right amount of friction to know that their bank is looking out for them, without becoming cumbersome.

Bad actors will continue to innovate and concoct creative schemes and scams to fool banking customers and online shoppers. Institutions need to do their research and be the first to hear about these so that the appropriate measures can be taken to manage the threat. It is critical that financial institutions are proactive about their own security posture, identifying vulnerabilities and reassessing security processes where necessary. In tandem, they should also make an effort to educate their customers and employees. Once informed, these individuals will hopefully think twice before clicking the link or downloading the attachment. 

As the voice of authority and one that consumers trust, banks must ensure that this is not compromised by bad actors either. That is, institutions would be wise to maintain brand consistency, from tone of messaging and brand colours, to communication platform. You will want to be clear about what you do and do not do. For example, clarifying to customers that passwords or PINs will never be requested via email or over the phone. Even if this customer education is already in place, now is the time to ramp up those reminders and warnings. Once again, the most efficient way of doing so is through banking apps, as opposed to email or text messaging, both of which are commonly exploited today – and all too often ignored. With a banking app, messages can be delivered securely and tailored to cut through the noise at just the right moment. 

Finally, institutions should stay available and responsive to customer concerns. Ensuring security is a two-way street. Financial institutions cannot simply bark orders; willingness to listen will help them help their customers, to mutual benefit. 

While 2020 has been a challenging year for the vast majority, this upcoming holiday season is a time to temporarily immerse ourselves in the magic of this festive season. The last thing anyone needs is to be duped by a cybercriminal, so let us all do our part to keep online shopping safe.


Frans Labuschagne is UK & Ireland country manager at Entersekt. Entersekt is an innovator of mobile-first fintech solutions. Financial services providers and other enterprises rely on its patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel.

Featured image: ©seventyfourimages

Copy link