E-Commerce Security: 5 Keys to Avoid Getting Hacked During the 2020 Holidays

The pandemic has been marked by a growing frequency of cybersecurity incidents. 

As the majority of our transactions (both personal and professional) move online, there are more opportunities for hackers to find vulnerabilities. One of the most prominent areas of exploitation is e-commerce. Analysts at MarketWatchOpens a new window calculated the total loss resulting from COVID-19-related e-commerce fraud – and the number stands at a staggering $59 million (in the U.S. alone). 

As the holiday season approaches, the e-commerce industry is on high alert for possible fraud and scams, which could cross even last year’s 15%Opens a new window share of all sales. 

Learn More: Rise in Phishing Scams Emphasize a Need for AI in Email Security 

Are We Headed for a High-Risk Holiday Season?

Right now, in October of 2020, the answer seems to be YES. 

Deloitte’s annual holiday retail forecastOpens a new window predicts that e-commerce sales could increase by up to 35%, generating between $182-$196 billion. When you put this number together with the growing frequency of cybersecurity incidents across this year, there is a clear problem on our hands. Hackers could take advantage of an atmosphere of uncertainty on the one hand, and the push towards digital on the other to take advantage of customers. 

This is compounded by the fact that a massive number of shoppers have refrained from indulging themselves all year, and plan on going all out via digital during the holiday season. Take a look at what cybersecurity company Sift’s recent reportOpens a new window uncovered on this issue: 

• Account takeover rates spiked by 282% between Q2 2019 and Q2 2020. 
• 52% of consumers are worried about becoming victims of this type of attack, yet 66% don’t use a password manager to secure account details. 
• A worrying 1 in 4 customers has had their accounts hacked at least once. 

It is critical to stay aware, watching out for the most common risks as we enter the holiday season (and, consequently, the peak shopping period) in 2020. 

Learn More: 5 Ways Hackers Can Get Around Your MFA Solution 

5 Top E-Commerce Security Threats to Watch Out For

Some of the most popular tactics employed by hackers to defraud online shoppers include: 

1. Account takeover (ATO) attacks 

Account takeover attacks (ATO) are inarguably the most common threat you’re likely to face during e-commerce transactions. A hacker obtains your account credentials and makes transactions on your behalf. Often, they will purchase high-value gift cards in place of shifting funds in cash. Sift’s report found that ATO rates have jumped 378% for e-commerce since the start of the pandemic. 

The easiest way to protect against ATO is by staying vigilant. A strong password, a secure password manager, and regularly changing your login details can protect online shoppers from ATOs. 

2. Phishing emails and calls

A lot has been said about phishing, and it continues to be a problem for e-commerce in particular. Online shoppers will have a high open-rate, making them vulnerable to fraudulent emails that promise sales, discounts, and gift vouchers. Once you click on the hyperlink, you are redirected to a fraudulent website that looks like the original but is designed to extract your personally identifiable information (PII). 

A seemingly innocuous email, but the sender is [email protected]Opens a new window ,
not [email protected]Opens a new window

Anti-phishing best practices like double-checking the sender’s email ID, avoiding new/unfamiliar e-commerce portals in the peak holiday season, and being selective about offers/promotions are some of the ways you can stave off phishing attacks. 

Also, be wary of voice-phishing or vishing where a fraudulent entity calls and asks for your PII, citing reasons such as “need to credit a refund” or “for upgrading you to an Elite account.” It is also the retailer’s responsibility to warn shoppers against illegitimate communication on their behalf. 

3. Online credit card skimming

Online skimming is a sophisticated tactic wherein hackers target e-commerce websites with malicious code. This results in payment information being skimmed, during a transaction, without the customer or the retailer knowing about it. 

“Any small merchants or online exchanges that do not have effective security controls in place are potentially vulnerable. Small businesses are no exception and might even be more at risk because they are especially vulnerable during the COVID-19 crisis. Many small merchants rely on payment security third-parties, some of whom have been demonstrated to be susceptible to this attack,” saidOpens a new window Christopher D. Roberti, Senior Vice President, Cyber, Intelligence and Security Policy & Chief of Staff of the U.S. Chamber of Commerce.

It is recommended that retailers analyze their IT landscape for malware and keep cybersecurity systems up to date. Strong authentication mechanisms, least privilege access, and secure relationships with third-parties are some other areas to remember. 

4. Malware and adware

Malware is a persistent problem on digital platforms, and e-commerce is no different. Malware could intercept data when moving from the customer to the retailer, gaining access to user credentials. It could also modify online content, displaying “clickbaity” links to fraudulent websites and preying upon the user’s purchase-readiness. 

You also have the more harmless – but still fraudulent – adware that sits in your systems and constantly shows unwanted ads. The peak holiday season means that ads around Black Friday, Cyber Monday, Singles Day, etc. would gain more traction. A basic anti-malware software and regular checks on your systems’ vital signs (memory, CPU utilization, and so on) will alert you to malware and help remove them. 

5. Insider threats

While not very common, insider threats can have severe consequences for online retailers. Recently, e-commerce giant, Shopify revealed that two rogue employees had stolen merchant and customer data from its platform. The incident plunged Shopify stocks by 3.5%, reflecting a significant dip in customer trust. And this isn’t an isolated incident – in 2018, Amazon conductedOpens a new window an investigation into insider threats, as companies of this scale own huge repositories of customer data. 

Companies should watch out for the employee types that are most likely to steal data. It is also a good idea to invest in insider threat management platforms to catch anomalous employee behavior on time. 

Learn More: Don’t Let Account Takeover Attacks Put Your Company at Risk 

Preparing for the Wave: How to Raise the Bar on E-Commerce Fraud Prevention in 2020 

A secure shopping experience is essential for the retail industry (and small businesses in particular) to survive during these challenging times. Customers also need to stay on track with their purchase requirements, without compromising on security. Here are a few common best practices that can go a long way in securing this holiday season: 

• Plan your purchases, so that you can flag if a fraudulent entity calls you regarding a product you haven’t purchased. 
• Use different credentials for each e-commerce account so that vulnerabilities do not spread. 
• Always follow multi-factor authentication (MFA) protocols, which – despite its shortcomings – remains a strong protection mechanism. 
• Stick to a handful of tried and tested payment gateways, even if a new service provider offers a discount/joining incentive. 
• Do your due diligence before purchasing from a new e-commerce portal, and always limit your first purchase to a small amount. 

Finally, e-commerce providers must double-down on IT investments during this critical period. The holiday season is no time to operate with a skeleton crew – instead, partner with a proven industry expert (even if on a short-term basis) to audit your security landscape, close loopholes, and standby for regular support. 

What are your cybersecurity predictions about the first-ever online shopping season of this scale? Comment below or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!