Watch out for e-commerce scammers and online fraud during this Black Friday and other sales bonanzas!
11.11 may be over but the holiday shopping season isn’t. Businesses and consumers alike need to be on the alert for e-commerce scams and online fraud this coming Black Friday and the year-end festive shopping season.
Now that the COVID-19 pandemic has accustomed consumers of all ages to ‘warp’ online for their shopping needs, what can we learn from this online shopping experience, 11.11 and other events in 2021, and what should businesses watch out for during this ‘black alert’?
INFOGRAPHIC: Impact of pandemic on 2021 holiday shopping season
CybersecAsia discussed the likely fraud risks and strategies with Subashish Bose, Senior Director, Fraud and Security Line of Business, FICO:
The growth in online shopping and e-commerce has also attracted a rise in online scams. What are some of the trends you’ve observed in 2021?
Bose: Scammers are improving their methods to look increasingly legitimate. For example, one of the scams that has really boomed in 2021 is fraudulent postal and shipping, a con where criminals try to extract personal information or infect computers with malware. This type of scam has seen more than 60% of Britons receiving at least one such text in the past year.
- Fake listings of goods on e-commerce sites is also popular in the region, where customers end up paying for goods and services which are never delivered.
- Another popular tactic among scammers is posing as puppy breeders to swindle funds from eager holiday gifters looking to purchase pets for their loved ones. In fact, Australians lost an astounding $2.5 million to pet scams just this year.
- Outside of e-commerce, another common one is remittance fraud. Victims typically receive very legitimate-looking messages from a school mate or someone in their social circle on messaging apps like Facebook or WhatsApp. The name, photo and phone number displayed can all look genuine and the scammer might even name drop a common friend to establish his credibility. He then reveals a medical emergency with a family member facing financial difficulty and the need to remit money to them ASAP from overseas. He would eventually try and trap the person into believing his plight and agreeing to send the money.
- Other types making the rounds are scams disguised as a phone call, email, or SMS from a business establishment like banks or e-commerce platforms citing a security problem with the account and asking the victim to perform some steps for remediation or to call a number.
- Opportunists are even taking advantage of the pandemic, or related welfare packages provided by governments, which can also come in the form of a message disguised to be from a government agency, in particular the health or tax department.
How can consumers better protect themselves from payment fraud, especially when shopping online?
Bose: To avoid falling prey to fraud, consumers should take preventive steps to protect themselves:
- Revisit password habits
Make passwords long, complex and unique across various accounts – bank, email, shopping sites – and track it using a password manager. It is also important to use trusted browsers – most safe browsers like Safari and Chrome recommended passwords are great as they are very difficult to crack and are available across multiple devices. - Think before you click
Check websites to ensure they are genuine before making purchases. In particular, consumers should pay attention to misspelled URLs or any changes in the way they log in to the site. Consumers should also only store payment card information on trusted, secure e-commerce sites starting with https://. If the e-commerce provider is compromised, there’s a high chance that the card will be used fraudulently. - Don’t act in haste
Scammers will often coerce customers to make payments immediately. When faced with pressure to seal the deal – especially when payment has to be transferred directly from the customer’s bank account – it might very likely be a scam. - Be skeptical of amazing deals
If the price seems too good to be true, it probably is. In fact, research indicates that price was the key reason behind scam purchases. - Communicate directly with your bank
Be careful if you receive any unusual messages from friends, contacts, social media connections or business and government establishments. The identity of the person could have been compromised or it could be a scam disguised as an official message. Even with seemingly legitimate fraud alerts or links sent via emails or text messages from establishments like e-commerce websites or banks, consumers shouldn’t assume that it’s genuine. They should always contact their banks directly when in doubt.
What are some common challenges faced by FIs in combating online fraud and e-commerce scams?
Bose: Some common challenges FIs face include:
- Being able to deploy real time contextual analytics on customer data, payments, authentication data, device, and geolocation data as well as blacklisted data from third party data providers at scale in a quick and efficient manner
- Being able to identify behavior anomalies with respect to the way consumers interact with digital channels and their payments in a big data context
- Consumers adopting weak security practices such as using easy-to-remember passwords; handing out personal information to strangers disguised as a bank call center/helpdesk; and falling victim to phishing and malware
What role can financial institutions (FIs) play in mitigating consumer risks?
Bose: First and foremost, ramping up customer education on the safe use of payment cards and digital banking credentials will be critical. Fraudsters have historically targeted bank services and new product launches, so if customers do not take necessary steps to safeguard their financial information, that’s something FIs should address.
FIs should also establish robust communication channels with their customers, through chatbots, online messages, phone calls or even face to face interactions. This can act as a good safeguard against some types of scams such as investment and dating scams where customers authorize the payments as they genuinely believe in the scheme.
How about government and industry regulations? Do they help?
Bose: Government regulations help in educating the public about scams as well as a basic level of protection for victims.
Increasingly, we also see industry bodies such as central banks playing a big role in setting up the industry standard for fraud control and security by specifying controls and systems that all FIs will need to adopt. Data privacy regulations like GDPR and those set forth by individual countries help to safeguard personal and payments data.
In addition, industry standards like the FIDO alliance for security and OWASP can be viewed as the gold standard for information security.