Online retail will grow in 2024, but security is crucial. Last year’s holiday season saw a 3.7% increase in online spending and a 12.7% increase in Buy Now, Pay Later (BNPL) methods, expanding the cyber threat landscape. As online transactions become more frequent and varied, security concerns are increasing as they attract more attention from cybercriminals.
With a 237% increase in phishing emails during Black Friday in 2023, it is essential that we revisit outdated views that blame consumer negligence and consider how business leaders can protect digital infrastructure and websites to keep up with increasingly sophisticated attack techniques.
Emerging threats in online retail and consumer safety
Global losses from e-commerce fraud were estimated to exceed $48 billion last year, a frightening increase from $41 billion in 2022. Importantly, threat actors are using increasingly complex methods to perpetrate this fraud.
Most notably, my team and I have tracked multiple malvertising campaigns exploiting retail and e-commerce websites. Malvertising refers to the use of online advertising to spread malware, allowing malicious links to appear on legitimate websites through ad networks, often exploiting vulnerabilities in web browsers or plugins to send malicious code to a user’s computer or device.
We have seen a notable increase in these attacks in 2023; One major campaign we tracked exploited Amazon through Google search, directing users to scam and phishing tech support pages. Scammers used cloaking techniques to evade detection; Such sophisticated methods are difficult to spot for the untrained eye, highlighting the dangers posed to users attempting to shop on popular shopping sites.
The BNPL (Buy Now Pay Later) sector increases the risk of online fraud. It is a prime target due to its rapid growth and lax security controls compared to traditional systems. BNPL systems have less stringent controls, making it easier for cybercriminals to hijack accounts or create new accounts with stolen or synthetic identities, combining real and fake data for unauthorized purchases.
Senior Director of Threat Intelligence at Malwarebytes Threatdown Labs.
A three-step action plan for retailers
A convergence of sophisticated fraud tactics, new payment gateways that lack sufficient guardrails, and a general increase in e-commerce activity are creating a dangerous online environment for consumers. Minimizing fraud in the retail space starts with revamping retail security strategies to prioritize consumer safety, but it’s less intimidating than some business leaders might think:
1) Appoint a dedicated person or team
Having a team dedicated to cybersecurity is critical. This team is responsible for keeping software and security measures up to date, monitoring and responding to security breaches, and reviewing logs for suspicious activity. Outsourcing to specialists is an especially viable option for smaller retailers who cannot have an in-house team.
80% of experts believe that advanced detection systems such as Managed Detection and Response (MDR) using AI play a crucial role in minimizing payment fraud. For example, AI systems can examine various data sets to identify trends, creating fraud propensity scores that are crucial for predicting and preventing inappropriate activity.
2) Password key support –– no passwords
The prevalence of weak password choices, reuse, and continued use has perpetuated scams in the e-commerce world, with more than 80% of breaches attributed to stolen credentials. Supporting the use of password keys, on the other hand, transforms the authentication process by relying on public and private keys, effectively relieving users of the burden associated with password management.
Password keys use public key cryptography, which is not susceptible to common attacks such as phishing, replay attacks, or credential stuffing because the private key used for authentication is never stored on a server or sent over the Internet. The power of cryptography in protecting sensitive information is already backed by the major ‘big tech’ players, with Google implementing it into users’ accounts last year. Passkeys also offer retailers a 40% speed increase compared to passwords, improving both security and conversion rates – that’s a no-brainer for 2024. This increasingly popular consumer security method should be fully supported by retailers who embrace the authentication want to strengthen and their starting point.
3) Calculate business risks and inform security investments
Understanding the full cost of a breach is crucial as the first step to becoming a cyber-resilient company. The costs of fraud and security breaches extend far beyond direct financial losses. Statistics show that every $1 in fraud now costs retailers and e-commerce companies $3.75, with the costs in damaged reputation and customer trust even greater and harder to quantify. As many as 44% of data breach victims would tell family and friends to avoid the brand, and 30% would express their displeasure on social media.
Retailers must take a proactive approach to calculating business risk and informing their security investments. This may include implementing a comprehensive risk assessment strategy that evaluates all implications of potential breaches and minimizes the threats customers face.
Securing the digital cash register
Prioritizing cybersecurity for consumers should become a standard practice for retailers. Cybersecurity has become a crucial aspect of business strategy across all industries, and due to the threat that persists in the online retail space, it’s a surprise that it isn’t yet the norm.
The responsibility now falls squarely on retailers to make cybersecurity the must-have accessory for success in 2024 – because in this digital age, protecting consumers is not just a trend, but the only way forward.
We’ve listed the best patch management software.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro