The fourth-quarter holiday shopping season may be a big present in the form of more sales for retailers, but it may also bring with it a lump of coal in the form of amped-up cyberattacks and fraud attempts.
Two of the most beneficial measures retailers can take to secure their payments environments is to keep their software up-to-date with the latest patches and to not put their security patching on hold during the holiday season, says Brian Dhatt, chief technology officer at BigCommerce Pty. Ltd., an Austin, Texas-based e-commerce platform.
“The major breaches out there over the last few years have provided a lot of everything from credit card lists to identity lists to very sophisticated fraudsters to attack all sorts of merchants,” Dhatt tells Digital Transactions News. “The most interesting thing about the holiday season is retailers get busy, their systems get busy.” That means with more consumers using their e-commerce sites, retailers have even greater need to ensure their systems—including fraud-prevention measures—stay apace with the transaction volume.
Dhatt says criminals know this and want to take advantage of retailers that may not be able to vet each transaction as thoroughly as they might at other times of the year. “To me, the fourth quarter is actually the most dangerous for retailers when it comes to fraudsters,” he says.
But, all it not lost. There are steps they can take. One is to go into the holiday shopping season with software patches in place and systems that can accommodate the increased sales volume.
For example, that may include using a fraud-prevention vendor that feeds off of many different signals, like device identifiers and geolocation, among many others, to produce a risk assessment for a transaction, Dhatt says. BigCommerce, for example, uses a vendor that can access data from the BigCommerce platform that extends beyond the basics of the transaction, he says.
Card brands are at work to make this easier, too, though their versions of 3-D Secure 2.0, a security standard from EMVCo, the international EMV standards body, won’t be ready in time for this year’s holiday rush. This technology should help provide more data to help issuers and merchants better asses a transaction’s riskiness. American Express Co. has said it will release SafeKey 2.0, its version, next April. It will analyze shipping addresses, email addresses, purchase data and time, and scores of other data to help issuers make real-time decisions about a potential transaction.
“SafeKey 2.0 is a part of American Express’s broader suite of tools and services designed to help merchants, issuers, and card members fight fraud,” an AmEx spokesman says.
Another step is to ensure patches and updates are not delayed just because of the holiday season. Criminals will flock to any unpatched vulnerabilities to exploit them. Part of that effort is ensuring there are enough trained personnel to handle the influx of transactions, especially those that might be slated for manual review.
“Really understand how much time you and your payment or fraud-prevention provider will spend validating orders during the holiday season,” Dhatt says.” A retailer’s business might grow five times or more, he says. Retailers must make sure they have the human capacity to deal with order exceptions. If not, they need an automated solution, Dhatt says.