While most consumers are still basking in the summer sun, that doesn’t mean they haven’t already started thinking about holiday shopping. Of course, consumers still enjoy the steals and deals associated with traditional shopping days such as Black Friday and Cyber Monday, but gone are the days when they wait until November and December to begin holiday shopping sprees.
With retailers offering compelling deals and promotions online and in-store year round, consumers often kick their holiday shopping into gear during the summer months (or even sooner).
Total holiday retail sales from November and December 2014 showed a four percent increase from 2013. If these sales continue to grow at a similar or greater rate during the 2015 season, cybercriminals will determine new strategies to cash in on the profits.
During the heightened holiday shopping season, retailers do not have the time to manually review transactions for fraud. They also do not want to risk incorrectly labeling trusted customers as fraudulent and either reject their transaction add additional steps to the transaction, which will turn customers away due to inconvenience.
One strategy to provide the safest and most efficient holiday shopping season is for retailers to share threat information across a global network, ensuring suspicious transactions and activities are blocked without adding friction for authentic and returning customers.
There are several holiday shopping trends ecommerce merchants should be aware of to ensure fraudsters don’t disrupt customers’ holiday cheer. These include:
Increase in mobile usage
Today, consumers constantly have their smartphones and tablets on hand and often do not hesitate to make purchases via mobile devices. During the 2014 Cyber Week, from Thanksgiving Day through Cyber Monday, mobile accounted for 39 percent of all transactions across the ThreatMetrix network. For the 2015 holiday season, ThreatMetrix predicts this number will surpass 50 percent.
Additionally, the height of the holiday shopping season will immediately follow the Europay-MasterCard-Visa (EMV) deadline of October 1, which will increase mobile transactions, as EMV terminals are equipped to accept mobile payments. Consumers are far more comfortable shopping on mobile devices than they were even a year ago and often overlook security risks, and that trust will continue to grow.
Major shopping holidays prior to Black Friday
High volume shopping days are now taking place well in advance of Black Friday and Cyber Monday. For example, this year, Amazon launched Prime Day in July, which saw record breaking sales, with consumers ordering over 34.4 million items, shattering that of Amazon’s biggest U.S. Black Friday to date in 2014. In competition, Walmart upped sales by offering over 2,000 rollback deals which will run a 90-day course as opposed to just one day.
Another significant shopping day early on is Alibaba’s Singles Day, which takes place on November 11 each year in China and, like Prime Day, surpassed Black Friday in 2014 with more than $9 billion in sales. With these new shopping opportunities, holiday shopping occurs far before the Thanksgiving to Christmas season – which also means fraudsters develop and executive cybercrime strategies early on.
Generally, as ecommerce merchants prepare for the holiday season, they tend to put off ramping up fraud prevention until it’s too close to the holidays. However, given the new (and early) shopping days, new cybersecurity strategies should be put in place in July or August to be prepared as soon as possible and work out any kinks in fraud prevention systems.
Given the latest holiday shopping trends, how can retailers best prepare their cybersecurity strategies now, rather than waiting until November or December?
Profile existing customer base
Retailers should consider how well they know their customers and their associated behavior. In doing so, they can identify good transactions as opposed to bad ones so risks can be recognized and mitigated as they arise.
Ecommerce merchants should also get a handle on profiling the good customers and raise the threshold for them to order online in a safe, secure and convenient manner. This can be done by leveraging a digital identity network, brings together all aspects of a person’s online devices and behavior into one unique digital identity – including email addresses, geo-locations, devices and both personal and business personas. The unique identity combines the specific device and persona each individual is using at any given time, at any place to accurately authenticate users in real time.
Review 2014 holiday season
Holiday shopping in 2014 saw an uptick in ecommerce sales and with that the greater potential for fraud. Retailers should understand that initial reviews and recommended security strategies from last year don’t necessarily get taken into account right away. Now is the perfect time to take a look at last year and to use those practices to prepare for this upcoming holiday season before the shopping rush begins.
Create a custom holiday strategy
During the holiday season, transactions will be significantly higher than the rest of the year (as will cybercrime attempts), so ecommerce merchants should make their fraud analysis as close to real-time as possible, rather than reviewing a few times a day or week.
Retailers should also go beyond viewing each individual event and instead look at trends in particular areas, such as mobile. Identifying trends in real time enables retailers to take immediate, preventative action if necessary during the holiday season, without wasting time or resources via manual reviews.
Tighten up existing security
It’s never a bad idea to check for loose nuts and bolts to see what parts of your security platform can be ramped up. Retailers should proactively identify new cybersecurity functionalities released in the past twelve months that can be added to existing portfolios. This might include new types of functionality or new rules that can be built upon to improve performance and prevent fraud.
Andreas Baumhof is the Chief Technology Officer at ThreatMetrix.