In 2024, online retail will grow, but security is crucial. Last year's holiday season saw a 3.7% increase in online spending and a 12.7% increase in Buy Now Pay Later (BNPL) methods, widening the cyber threat landscape. . With more frequent and variable online transactions, security concerns are increasing as they attract more attention from cybercriminals.
With a 237% increase in phishing emails during Black Friday 2023, it is essential that we review outdated attitudes that blame consumer negligence and consider how business leaders can safeguard digital infrastructure and websites to keep pace with increasingly sophisticated attack techniques.
Emerging Threats in Online Retail and Consumer Security
Global e-commerce fraud losses by 2023 are estimated to have exceeded $48 billion last year, an alarming increase from $41 billion in 2022. Importantly, threat actors are using increasingly complex methods to commit this fraud.
In particular, my team and I tracked multiple malvertising campaigns exploiting retail and e-commerce websites. Malvertising refers to the use of online advertising to spread malware, whereby harmful links can appear on legitimate websites through advertising networks, often exploiting vulnerabilities in web browsers or plug-ins to deliver malicious code to the computer or device. of a user.
We see a notable increase in these attacks in 2023; One major campaign we tracked exploited Amazon through Google search, leading users to tech support scams and phishing pages. Scammers used cloaking techniques to evade detection; These advanced methods are difficult to detect to the untrained eye, highlighting the dangers they pose to users attempting to purchase from popular retail sites.
The BNPL (Buy Now Pay Later) industry increases the risks of online fraud. It is a prime target due to rapid growth and lax security controls compared to traditional systems. BNPL systems have less strict controls, making it easier for cybercriminals to hijack accounts or create new ones with stolen or synthetic identities, combining real and fake details for unauthorized purchases.
Senior Director of Threat Intelligence at Malwarebytes Threatdown Labs.
A three-step action plan for retailers
A combination of advanced fraud tactics, new payment gateways that lack sufficient security barriers, and a general increase in e-commerce activity is creating a dangerous online environment for consumers. Minimizing retail fraud starts with revamping retail security strategies to prioritize consumer safety, but it's less daunting than some business leaders might think:
1) Designate a dedicated person or team
Having a team dedicated to cybersecurity is crucial. This team is responsible for keeping software and security measures up to date, monitoring and responding to security breaches, and reviewing logs for suspicious activity. Specialist outsourcing is an especially viable option for smaller retailers who cannot maintain an in-house team.
80% of experts believe that advanced detection systems, such as Managed Detection and Response (MDR), using AI, play a critical role in minimizing payment fraud. For example, AI systems can examine diverse data sets to identify trends, creating fraud propensity scores crucial to forecasting and preventing inappropriate activity.
2) Support passkeys, not passwords
The prevalence of weak password options, reuse, and continued use has perpetuated scams in the e-commerce space, with over 80% of breaches attributed to stolen credentials. In contrast, supporting the use of passkeys transforms the authentication process by relying on public and private keys, effectively relieving users of the burden associated with password management.
Access keys use public key cryptography, which is not susceptible to common attacks such as phishing, replay attacks, or credential stuffing, since the private key used for authentication is never stored on a server or transmitted over the Internet. . The power of cryptography to protect sensitive information has already been endorsed by major “big tech” players, and Google implemented it in user accounts last year. Passcodes also offer retailers a 40% increase in speed compared to passwords, improving both security and conversion rates; is a no-brainer for 2024. This increasingly popular security method for consumers should be fully supported by retailers as they look to strengthen authentication and boost their bottom line.
3) Calculate business risk and report security investments.
Understanding the full cost of a breach is crucial as the first step to becoming a cyber-resilient company. The cost of fraud and security breaches goes far beyond immediate financial losses. Statistics reveal that every dollar of fraud now costs retailers and e-commerce merchants $3.75, and the cost in damaged reputation and customer trust is even more significant and harder to quantify. Up to 44% of data breach victims would tell family and friends to avoid the brand, and 30% would express their displeasure on social media.
Retailers must take a proactive approach to calculating business risk and reporting their security investments. This could involve implementing a comprehensive risk assessment strategy that evaluates all the implications of potential breaches and minimizes the threats customers face.
Secure the digital box
Prioritizing consumer cybersecurity should become standard practice for retailers. Cybersecurity has become a critical aspect of business strategy across industries, and given the level of threat that persists in the online retail space, it is a surprise that it is not yet the norm.
It is now squarely up to retailers to make cybersecurity the must-have accessory for success in 2024, because in this digital age, protecting consumers is not just a trend, it is the only way forward.
We have listed the best patch management software.
This article was produced as part of TechRadarPro's Expert Insights channel, where we feature the best and brightest minds in today's tech industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here:
