Securing your business during the holiday season

The holiday season is coming. With social media channels being flooded with ads and “best deals” attacking us - online shoppers - from each and every direction, holiday season fever is on, but don't get caught out by Black Friday sales scams! You’re getting your online store ready for the holiday season and have already planned everything - from extra server capacity to hiring seasonal workers ready to pack orders and send them straight away to the excited customers. You’re ready to see increasing bars of sales and revenues…

…but are you aware there’s something that can lower them? Answer:

Amidst the COVID-19 pandemic, online sales on Black Friday 2020 reached $9 Billion in the United States, which is almost 21.6% growth year-over-year! Cyber Monday was even more impressive, bringing in $10.8 Billion of revenue (a 15% increase on 2019). 2021 saw an improvement in sales figures across the US and UK, despite periodic lockdowns. Interestingly, brick-and-mortar shops saw a rise in footfall (perhaps people stretching their legs after lockdown fatigue), but the eCommerce and M-Commerce share of retail sales during Cyber week continued to rise - as is also forecast for 2022 and beyond.

This sales madness is probably what most retailers and eCommerce merchants are waiting for, but they have to remember - without proper prevention, Black Friday weekend may easily turn into a Black Fraudday weekend. All businesses and individuals need to be prepared for Cyber week scams and holiday scams in general.

Working closely with e-Commerce and Travel companies, we observe fraud seasonality, and the numbers seem to confirm it. Let’s take Great Britain as an example; according to TSB Bank, a staggering 24% of people who shopped online on Black Friday weekend experienced fraud attempts. Why are these rates so high? To better understand this phenomenon, we should consider three common aspects:

1. Firstly, criminals like crowds
   • it’s easier for them to hide their identity among thousands of faces. The same principle applies on the Internet; the more traffic and orders, the easier to hide.
2. Secondly, carding is a full-time job. Fraudsters don’t input single transactions manually; they use bots to get things done for them in a faster and more efficient way. As it has been observed, sometimes they test stolen cards by making small purchases before the peak, then conduct their massive attacks during the Black Friday weekend (or a similar occasion).
3. Last, but certainly not least; getting ready for the busiest days, merchants “loosen” their velocity rules to reduce the number of manual reviews and denials. This results in accepting more traffic, and in turn, an increase in fraudulent transactions.

However, the scale of card-not-present fraud isn’t glaringly obvious after the holiday season wraps up. Each year we see e-Commerce celebrate hitting new sales records, but the threat of fraud lurks in the shadow of this success. It will eventually come to light… But when?

The realm of cryptocurrencies can seem daunting even to internet savvy users, which is perfectly understandable. The unregulated nature of crypto can be offputting to many, and indeed, if people are swept off their feet by the crypto hype, there is a real chance to lose a lot of money (as well as make a lot it) through some easy to make, but fateful trading decisions. With cryptocurrency, fortunes have been made, while others have been lost. And all this without falling for cryptocurrency scams. But now, with the world becoming more mobile, it’s easier than ever before to make investments in cryptocurrencies within the palms of your hands.

Take the situation with the COVID-19 pandemic, which significantly boosted the percentage of eCommerce’s share of global retail sales. In the midst of merchants and shoppers increasingly going online, the convenience has spread to mobile devices, which allowed more people to shop, pay and transfer money with great ease and from the comfort of their sofas. The ease with which mobile apps have allowed people to engage in M-Commerce, digital banking and even dabble in cryptocurrency investments is staggering, but not surprising. What is a surprise to many is the pace these changes have taken place, which were originally forecast to reach current levels by 2025-2030. Amidst this growth in mobile users, fraudsters have seen an opportunity to target people, aiming to remain hidden in the huge increase in daily transactions

E-retailers admit they expect troubles with chargeback programs in the first quarter of the following year, as their chargeback rates increase sharply after holiday sales boost. For those who sell seasonal goods, it may be an especially dangerous situation – they get the most sales during the peak, but chargebacks are filed in the following, less lucrative months. This, combined with fines from the card issuers, may seriously threaten a loss of financial liquidity.

Securing online business during sales peaks, especially in terms of not killing the conversion, does not look like a piece of cake. Merchants need solutions that work in the background and screen customers in real-time; any additional action for users may result in an increased propensity toward cart abandonment.

As fraud is in a constant state of change, we observe new trends and tools. The market tries to respond to these trends, usually by creating new rules. Unfortunately, multiplying them leads to an inconsistency in the systems, which results in a very dangerous situation – an increasing number of false positives, in other words, blocking legitimate customers.

To address this issue, we propose using Machine Learning solutions, which can better estimate the risk of transactions without any friction for online shoppers. These solutions analyze over 5,000 attributes of user hardware, software, network intelligence, and last but not least, user behavior during the purchase process. The outcomes of said analysis let merchants better understand customers’ motives. Let’s use an example of online airline ticket sales, which uses a rule that automatically rejects people who purchase a ticket from a location that is over 1000 km from the departure airport.

The system automatically rejects around 60% of the traffic (dark grey area), but highlights an inherent issue; a number of fraudsters in the accepted traffic, and some legitimate users in the rejected traffic. How will the situation look when we use Machine Learning to solve this challenge?

The analysis will not only be based on distance, as the models will also investigate its correlation with the time to departure. Using advanced profiling tools, the solution will concurrently monitor additional user-specific attributes, i.e. if they use a VPN, try to fake their location, and how they use their keyboard and move their mouse. Why?

We observe many typical patterns and behaviours of fraudsters. They often buy tickets for flights with a very short time to departure, but the departure airport is quite distant from their physical location – they usually don’t use them but resell them on the Darknet. They try to misrepresent their true location (so the merchant’s system accepts the transaction) and use bots to fill out the forms to purchase the ticket (automation to make their work more efficient). The bots, however, behave differently than people, so a well-developed system can recognize it is a machine that “presses” the buttons, not a human. This scheme applies to all e-Commerce, not exclusive to the airline industry. For example, fraudsters seek out goods that can be shipped expediently, as they want the packages sent before the credit card owner reports the fraudulent transaction.

A proper Machine Learning solution can spot all these differences, nuances, unusual actions, patterns and correlations, and categorize website users into different risk buckets while they are going through the process of purchasing goods or services. Machine Learning can reveal even completely new or atypical fraud attempts. This solution is more proactive; securing business here and now, as opposed to relying on rules which are created long after the attacks, long after the damage has been done.

Are you seeking to prevent Black Friday sales scams from affecting your business? Are you interested to get more information? We're always happy to talk, so it's time for you to arrange a call with us.