Preventing payment fraud this holiday season
Christmas conjures up cozy images of twinkling lights, presents under the tree and time spent with family and friends enjoying the festive cheer. But for retailers, the holiday season is often a time for increased stress and worry induced by the burden of boosting security. Whether it’s implementing measures in-store to prevent the physical theft of goods, or online and over the phone to avoid the use of fraudulent payment cards and keeping sensitive customer information out of the hands of hackers, retailers have their work cut out for them in the time between Black Friday and Christmas.
With the holiday season right around the corner, retailers are gearing up for the two most lucrative months of the year. According to the National Retail Federation (NRF), holiday sales growth is returning to pre-pandemic levels. In fact, spending is expected to reach record levels during the next two months and will grow between 3% and 4% from last year to reach between $957.3 billion and $966.6 billion. Yet, despite the good cheer these sales numbers will bring, not everything is merry and bright, especially for the retail sector – ‘tis the season for retail fraud!
Fraud facts
Online shopping has been one of the biggest shifts in consumer behavior since the COVID-19 pandemic, and as peak holiday season approaches, millions of consumers will be buying gifts and festive food and drink online.
In fact, ACI Worldwide predicts global eCommerce transactions will rise by 14% from October through December 2023 compared to the same period last year. At the same time, it forecasts that fraud attempts will grow to 3% of all transactions and so-called ‘friendly fraud’ (when a customer places an order and then raises a dispute to recoup the cost while keeping the item or returning it used) will account for 20% of all fraud threats.
The issue of card payment fraud is set to grow. According to the Nilsen Report, by 2031, global fraud losses are expected to total $47.22 billion on total card volume of $73.86 trillion. And in the US alone, fraud losses will reach $19.24 billion by 2031, against a whopping total volume of $19.38 trillion.
With the increasing number of channels available for making transactions, retailers (and consumers) face a growing risk of fraud. While offering convenience and flexibility, online platforms, mobile apps, in-app payments and contactless payments also open doors to potential vulnerabilities and fraud attempts.
Cybercriminals are constantly investigating new ways to exploit weaknesses in these channels, such as identity theft, stolen payment card information, or unauthorized access to accounts. It not only puts customers' sensitive data at risk but also threatens businesses’ reputation and financial stability.
Digital payment wallets have emerged as a powerful tool in combating fraud across various payment channels. These wallets securely store payment card information or digital currency utilizing encryption and tokenization techniques to protect payment information and allow consumers to make quick and secure transactions without the risk of exposing their sensitive data.
Payment Card Industry Data Security Standard (PCI DSS) compliance is vital for businesses handling payment card information. It provides a comprehensive framework to protect cardholder data and prevent data breaches. However, according to Verizon's latest findings, only 27.9% of organizations maintain full compliance with the PCI DSS requirements during their annual assessment. This reflects the global scenario, proving that most organizations struggle to achieve and maintain full PCI DSS compliance. It emphasizes the need for continuous efforts to improve security practices and increase compliance rates across industries worldwide. As Verizon itself has said: “We have never investigated a payment card security data breach for a PCI DSS compliant organization. Compliance works!"
Data breaches on the rise
Already in 2023, Verizon’s Data Breach Investigations Report reveals there has been 406 data breaches affecting the retail industry alone, and 193 of these cases involved data loss. System intrusion, social engineering, and basic web application attacks accounted for 88% of these incursions. 37% of the data that thieves made off with was payment information, 35% was listed as ‘credentials’, 32% was ‘other’, and 23% was personal information. The report also reveals that close to 75% of all attacks are carried out by organized criminals and concludes “online retailers are lucrative targets for cybercriminals.” Clearly, organizations need to use more sophisticated digital identity verification solutions to take that extra precaution, particularly during the holiday season.
The sheer volume of information generated by each purchase is huge. And with more data and more channels to improve customers’ payment journeys and reduce friction comes the need for increased security. This responsibility falls upon everyone within an organization, but where to begin?
Actionable steps for preventing fraud during the holidays
No one wants to be held responsible for the latest data breach, so it’s understandable that many IT staff feel the pressure when it comes to protecting customer details, especially when you consider the enormous reputational and financial damage a data breach can have on a company. And though it is easy for many to blame the IT department, much of that blame goes beyond their control. In fact, despite the IT department being able to implement industry-leading email security solutions, the 2023 Verizon Data Breach Investigations Report cites user error as a significant factor contributing to data breaches. Some 74% of all breaches include the human element — mistakes, such as falling victim to phishing attacks, clicking on malicious links, or mishandling sensitive data, can all lead to serious security incidents and data breaches.
This blame is undoubtedly misdirected when placed solely on the IT department; it’s up to senior management to alleviate some pressure for the IT staff and make it the responsibility of every team member, along with the business itself, to ensure data is kept safe and secure.
Considering that more people are avoiding the bricks-and-mortar stores and buying gifts either over the phone, online or via social channels and other digital platforms, it’s best to begin the fight against fraud by starting with the contact center – often considered the most vulnerable channel. Contact center risk is especially high during the holidays, as major retailers bring on thousands of temporary, seasonal, and outsourced employees. For instance, Amazon has announced plans to hire 250,000 workers for the holiday season, higher than the 150,000 it planned to bring in last year.
To help safeguard your contact center payments and make sure your security practices can withstand even the busiest of holiday rushes, we’ve compiled a few tips that are simple to implement, and can make all the difference:
1. Educate staff to be wary of suspicious or unusual emails.
Keeping staff informed is vital. A security-savvy team member is far less likely to click on a suspicious link in an email. Make sure they understand the current IT security threats facing the business and all the ways cybercriminals may try to hack into internal IT systems, such as phishing attacks, malware and even insider threats.
2. Use a password vault to store all your passwords.
This will mean no website login has to use the same password, enhancing online security and simplifying password management. You can use the password manager's built-in password generator to create strong and complex passwords for each online account. Whenever possible, two-factor authentication for accounts should be added for an extra layer of security.
3. Review your data security standards.
The first step to being secure is knowing where your risks lie. From a payments standpoint, following the PCI DSS will provide comprehensive protection from payment fraud and will go a long way in helping to prevent a data breach from occurring. Beyond that, the US government has outlined the NIST Cybersecurity Framework that highlights many helpful, common-sense best practices for mitigating cybersecurity threats.
4. Keep your software up to date.
Updating to the latest version of security software is crucial in keeping the highest level of protection against emerging threats and vulnerabilities. Ensure you enable automatic updates for your security software whenever possible and if prompted, install updates at the earliest opportunity. And after successfully updating to the latest version, uninstall any old or redundant versions of your security software to prevent conflicts which may impact the effectiveness of your protection.
5. Keep sensitive data outside of your contact center.
As we like to say, they can’t hack what you don’t hold! The best protection is to keep sensitive payment data from ever entering your business infrastructure in the first place. Sycurio’s suite of secure, PCI DSS compliant payment solutions do just that, while enabling a more seamless customer experience for all your holiday shoppers, regardless of the channels they’re using.
Follow these simple points to make sure that you and all your staff have a happy (and secure!) holiday season.