A study by the Association of Certified Fraud Examiners (ACFE), claimed as the world’s largest anti-fraud organization, has noted that the increased in fraud during the holiday season can reach an estimated 20% uptick for the U.S. The increase in seasonal financial pressure is believed to be the single biggest contributing factor for fraud occurrence as this can be the busiest shopping period of the year.
The most noticeable trend observed by the Cytegic DyTA was that hackers focus on the special sale days such as ‘Black-Friday’, Cyber-Monday and ‘New Year sales’. However, the most active cyber-attacks against retailers of the holiday season usually takes place the week before Christmas. As such, this can be the most threatened time for retailers in the whole year, and they should be on their highest alert during this period.
Highly-publicised cyber-hack at Target which occurred between November 27th and December 15th 2013 was due to the Black Friday weekend sales, which saw at least 40 million credit cards compromised. Security experts believed that hackers had access to the point-of-sale data, which means they either accessed the terminals where customers swiped credit cards or collected data as it moved from Target to credit card processors.
Retail giant Walmart has also noted that more than 70% of their traffic on their Walmart website were from mobile devices, and almost half of its orders since this year’s Thanksgiving until December 1st (the time the article was published) were placed through mobile alone. Seeing that Walmart boasts of successfully serving nearly 260 million customers in a week, this flow of online shoppers could be an early Christmas gift for cyber-hackers on the prowl during this peak season.
Would you care if your data was stolen during retail data breaches? The answer is most likely a resounding “Yes”. But would you retreat from online shopping to avoid using your credit or debit card? Probably not. Hence, this seems to be the case for most online shoppers as half of Americans claim they try to avoid shopping at stores hit by hackers, but most retailers out there continue to see online sales gaining strength and expanding even by double digits. Although the holiday season should be a heightened alert time for hackers, shoppers are seemingly not deterred in their shopping habits, and with more than half stating they would still prefer to swipe their debit and credit cards over using cash.
Here are a few reason why cyber-criminals take no holidays during the holiday season:
1. Shop till you drop.
Source: Jack Flacco
More shopping, be it in-store or online, means a greater opportunity for bank card fraud. As the number of transactions increases, so does the opportunity to steal card data. As stated by the National Retail Federation (NRF), the average American will spend $700 on holiday gifts this year, and total national Christmas spending is expected to amount to more than $616.9 billion.
2. Employees are in the holiday spirit.
There is a general slowdown in working activity when most employees are getting side-tracked by the season’s festivities. While most employees are most likely already on their vacation out of office, the fewer and less vigilant staff on hand give a greater chance for hackers to attack corporate computers and get away with it.
3. Retailers goals are $$$, not security
It’s the most wonderful time of the year. For retailers and hackers. Albeit retailers set revenue as their main priority especially during this period, hackers will exploit this advantage as well. If retailers can make money at Christmas, then hackers can do the same. If senior management focused on security as much as on profits, then they may need to worry less about any data breaches due to their lack of security preparations.
4. More holiday adverts, more phishing emails
Amidst all the holiday adverts, Christmas promotions and bombardment of marketing materials from retailers, it is difficult to spot the phishing emails among the other stuff. Phishing emails sent on Christmas day can increase up to 60% in volume, as analysed by the HSBC fraud team. Some of these phishing emails have turned so believable that they can look virtually identical to the real thing. Shoppers who are eagerly searching for deals online are more likely to fall for scam emails while opening holiday spam.
5. Jumping onto any free WiFi
While away from home, free WiFi can be seen as a lifeline for many travellers. Most of us know that it is extremely easy to hack a public WiFi connection, whether at the airport, hotel, or coffee shop. Yet we would jump onto them anyway although we know we are discouraged from surfing the web from public WiFi hotspots. Besides, it is hard to resist sharing our travel plans on social media, yet social media users consistently overshare every detail of their travel trips on Facebook, Instagram or Snapchat. (hands up if you’ve checked into at least one travel location or shared an airport/boarding ticket shot!)
To help deal with the rush of business during the holiday season and with employees taking annual leaves, many retailers hire temporary seasonal employees, who however tend to lack the proper training as the permanent staff do. Companies and retailers should take on new hires and conduct sufficient due diligence. New employees should be given training in fraud detection and prevention, especially considering the increased number of customers.
In the same ACFE study mentioned earlier in the article, shockingly fewer than 7% of respondents said their organizations had increased their level of resources committed to fraud prevention or detection during the holidays. In fact, most said that the level of security still remains the same (56.7%), while more than 9% of companies said that the level actually decreased.
For companies, do not cause your own data breach. Be sure to educate your employees. Your consumers are relying on you to provide safe transactions. A data breach is the last thing customers want the horror of facing during this joyful season. Learn from Target’s mistake, who was often seen as having “failed to employ reasonable and appropriate security measures to protect personal information” and said to be victims due to their own lack of security procedures and practices.
Remind your staff of these simple steps:
In the course of your shopping frenzies, do not forget to think before you click. As tempting as that social media promotion or email offer sounds for that knock-off on that hoverboard or Pebble time watch you’ve been eyeing, the safest way to shop is by purchasing goods directly from the merchant’s website.
Try to update the operating systems and software on your devices to its latest versions and stay on top with your security updates. Additionally, all your devices should use some sort of ad-blocking software or plug-in to protect against the threat of malvertising, especially rampant on illegitimate websites and false holiday deals.
If you must use a public WiFi while you travel, stay safe by installing a VPN which can also be used on your mobile device. A VPN will help encrypt your online activity, making it difficult for a hacker to steal your information.
Safe shopping this holiday season, Bolehians!
 Association of Certified Fraud Examiners
 CNN Money
 IT Governance USA
 Huffington Post