Guest Column | December 6, 2018

‘Tis The Season To Be A Cyber Criminal: Why 2018 Might Be The Most Dangerous Holiday Shopping Season Yet

By Monica Pal, 4iQ

Stopping Cyber Threats

As millions of consumers prepare for the upcoming holiday shopping season, cyber criminals are simultaneously preparing for what could be their biggest breach season yet. Just removed from Cyber Monday, data breaches have escalated to record highs in the retail industry, and with the holidays right around the corner, retailers and their consumers are at major risk.

Retailers face many challenges when it comes to implementing data security, with one of the main difficulties being customer satisfaction. In an age where making a purchase is as easy as tapping a screen, forcing consumers to jump through hoops or go through multiple verifications to protect their information is a major sales risk. The longer time it takes between making first contact with a product and purchasing it, the greater risk the business has in losing the sale.

At the expense of security, some retailers are foregoing necessary precautions in order to streamline the sales process. The longer retailers wait to make necessary changes to their data security programs, the more time they are giving cyber criminals to execute attacks and the more customers grow concerned. Since Cyber Monday became an American phenomenon, instances of online fraud have risen, along with the revenue significance of online shopping. Last year’s holiday season was acknowledged industrywide as the worst ever in terms of account takeover, and this year is expected to top that, according to Julio Casal, 4iQ Founder & Chief Technology Officer.

With the increased amount of marketing and promotional emails being sent during the holiday season, it is extremely difficult for consumers to determine which emails are legitimate marketing efforts and which are imposters designed as a phishing attempt trap. The sheer amount of email messages saturating shoppers’ inboxes create the perfect environment for cyber criminals to take advantage of unsuspecting buyers. Additionally, loyalty programs, particularly those that offer additional discounts and special purchasing mechanisms, give cyber criminals further avenues for breaching retailers. These loyalty programs are designed to generate repeat customers, a crucial element in the burgeoning realm of online sales. Unfortunately, loyalty rewards points can be compromised by cyber criminals for their own spending, or more dangerously, to uncover linked credit and debit cards. Identity protection can be quickly compromised when information on rewards accounts becomes hacker-knowledge, providing them with names, addresses, telephone numbers, and shopping habits.

To combat this, companies should regularly monitor their domains throughout the holiday season in order to proactively find breached credential evidence associated with their customer account. When a breach does occur, consumers need to be made aware of the range of protections available to them. The retailers that proactively and honestly communicate with their customers in the aftermath of a breach give themselves the greatest chance of maintaining their trust and future business. Online retailers should be using an alerting service, such as the free version 4iQ Breach Watch, taking the necessary precautions during a vulnerable time of the year.

Some retail organizations have invested millions in their efforts around online security, locking down their infrastructures to avoid breaches. Ironically and disconcertingly, it can be some other organization’s breach and a relatively non-technical criminal that opens their own organizations up to fraud. Due to rampant consumer password re-use, other retailers’ past breaches create the risk for otherwise secure retailers’ sites on Cyber Monday and other peak shopping periods. In a 4iQ password and credential security survey, data shows that three-fourths of respondents do not change their password unless it is suggested or forced upon them. Furthermore, 79 percent of passwords used are either weak or re-used, meaning individuals are putting themselves, their companies, and their industries at risk.

In the absence of proper protection, consumers should also do their part to protect themselves. Use unique, complex passwords for each platform to insure yourself against a breach exposing more of your online identity. While it may be a pain, change your passwords often, not just when breached companies ask you to. Secure password manager applications can relieve you of the stress of memorizing them all. Finally, research and sign up for identity protection services that can help strengthen your personal identity security. In addition to credit monitoring, identity theft protection services also offer dark web monitoring, real-time alerts as well as reimbursement, insurance, and other crucial protections.

With such an astonishing amount of data breaches within just the last two years affecting virtually every sector of the economy, the retail industry is one of the largest targets for cyber criminals. The 2018 4iQ Identity Breach Report found that e-commerce suffered the third most breaches by any industry, and the dangers only worsen during peak business periods, making the holiday season particularly threatening.

About The Author

Monica Pal is the CEO of 4iQ, a Silicon Valley cyber intelligence and identity theft organization.