With the online shopping season around the corner, fueled by Singles’ Day shopping in Asia, Black Friday and Cyber Monday sales in Western markets, it could be hunting season for hackers as well.

According to data analytics from Adobe, US online sales for the 2019 holiday season are expected to increase by 14.1%, totaling up to USD$143.7 billion, while total retail shopping (offline and online), will rise by 4%. 1 out of 5 dollars this holiday season will be spent during Cyber Week – between Thanksgiving Day and Cyber Monday – generating $29 billion (or 20%) of total online revenue this season.

Adobe predicts Cyber Monday to set new records as the largest and fastest-growing online shopping day of the year, with $9.4 billion in sales, an 18.9% increase year over year.

In Asia, the same – maybe even more – can be said for 11.11 or Singles’ Day 2019. According to Forrester’s senior analyst Xiaofeng Wang, since 2013, Singles’ Day event founder Alibaba has generated more online gross merchandise volume (GMV) than all US retailers put together on Black Friday and Cyber Monday combined.

“While eye-popping GMV numbers have become routine, we expect Singles’ Day to become grander than ever in terms of scale and reach, innovations, and social responsibility,” said Wang.

Judith Loh, Head of Relationship Management, Wirecard APAC, observed that Singles’ Day has evolved from online sales to an annual event that provides a glimpse into the shopping experience of the future.

“It has spurred new thinking in the retail sector, as brands compete to draw customers into exciting new experiences,” said Loh. “Core to this transformation is a shift towards Unified Commerce – a flexible, continuous and consistent approach to bridge online and offline for a superior shopping experience.”

Going ‘phygital’

Already, retailers are tapping into new technologies like location-based mobile services, VR, AR and the use of entertainment to engage with consumers across all touchpoints. The ‘retail rebound’ will see more ‘click-and-mortar’ customer experience combining innovative physical and digital – or ‘phygital’ – experiences.  

Said Loh: “We will see more seamless phygital integration, including the use of new innovations like ‘smart mirrors’, allowing consumers to get personalized recommendations and shop online while in-store.”

All of this will push payments to the forefront, she added. “Not only do retailers need to cater for incredible payments volumes, but they must cater for a wide variety of different payment preferences – from online shopping, to in-store shopping, through to the likes of mobile wallets. We can also expect to see new ways of payments such as the use of biometrics, become more popular and widely adopted in the future.”

Shoppers beware

With e-payment at the forefront, Clement Lee, Principal Consulting Security Architect, Asia Pacific at Check Point, warned: “This is a great opportunity for both shoppers and hackers to get a great deal. Any means of communication can be easily masqueraded as any legitimate retailer and could scam the public to fall for their trap.” 

It is especially during this frenzy period that shoppers should be mindful about clicking on any links – or even any part of the message – sent through any digital communication means. They should validate directly with the actual retailer (or website).

“This will be harder when it comes to spear phishing attacks (i.e. personalized, time limited for offers),” said Lee. “Please exercise caution and discretion when tempted to interact with such means of communications.”

His advice: “The golden rule always applies – if a deal is too good to be true, it is most likely a scam. Extra precaution is highly encouraged to prevent one from being part of a hacker’s ‘great deal’. Happy shopping!”

Online credit card skimming is another danger. Tim Mackey, Principal Security Strategist, Synopsys Software Integrity Group, explained: “Online credit card skimming differs from the physical skimming practices most people have heard about in that there isn’t an obvious way the average person will be able to identify if or when a website has been compromised.”

The only potential tell-tale sign might be that the website itself doesn’t look quite right, although more sophisticated attacks can make differentiating between a fake site and a legitimate one challenging.

So, with the absence of tell-tale signs of compromise, Mackey’s advice is that consumers should invest in protections for how they manage their credit cards rather than looking at the websites themselves. From recent history, we know that companies as well recognized as Forbes, British Airways, MyPillow and many hundreds of others aren’t immune from attack.

Tips for the season

According to Mackey, shoppers wishing to protect themselves from such attacks should think about:

  • Not storing their credit card information on any website. That’s because if the website could be hacked to install skimming software, it can probably be hacked to collect credit card information other ways
  • Using a third party one-time use payment method such as Apple Pay, Google Wallet or PayPal – however, they should confirm that the prompt from the webpage presented by their chosen payment method looks and behaves normally. That’s because if the website could be hacked to install skimmers, then it likely can be hacked to redirect users to a fake payment portal
  • Enabling purchase alerts on all credit cards. This allows for immediate monitoring of purchases and helps shorten the length of time malicious actors can use a stolen card
  • Disabling international purchases for all credit cards. This not only limits the ability for malicious actors to profit from the card, but also enables law enforcement to better prosecute perpetrators
  • Only making purchases at home or when connected to your cellular provider’s network. While coffee shops or other free WiFi locations are convenient, they carry the risk that someone has poisoned the DNS settings and can divert users to fake sites.