Why Online Retailers Must Prepare For Barrage Of Cybercrime This Christmas

UK retailers need to prepare for more cyberattacks this Christmas, according to digital identity company ThreatMetrix.

ThreatMetrix’s Q3 Cybercrime Report indicates that 2015 is likely to be known as the biggest ‘Cybercriminal Christmas’ so far. The study also reveals the latest trends across the global threat landscape and is created from data and analysis from the ThreatMetrix Digital Identity Network, which currently analyses more than a billion transactions across the globe every month.

Retailers targeted

Over the past 90 days, ThreatMetrix detected 45 million attempted attacks specifically targeting online retailers, representing a 25 percent leap from the previous quarter. This data strongly indicates that the final quarter of the year, in the run up to the festive period, is likely to see more attacks on online business than ever before.

The major shopping days between now and Christmas, including Black Friday on November 27 through to Cyber Monday on November 30, are expected to become a particular target for online criminals. According to analysts at IMRG, Black Friday will become the first ever £1bn shopping day in the UK (compared with £810m last year) with consumers spending £12,384 every second. The pressure on retailers is likely to continue right up to the January sales. Last year, ThreatMetrix saw 11.4 million fraudulent transaction attempts during the peak holiday shopping period and this year it is expected to be double the volume driven by the continued growth of digital commerce and the aftermath of the numerous breaches. This would represent millions in potential losses for UK business.

Vanita Pandey, senior director, strategy and product marketing at ThreatMetrix, said: “Generally, the third quarter is a slower time for businesses as consumers anticipate spending money during the Christmas and New Year shopping season, but this year it yielded record numbers in attack attempts. The size, complexity and frequency of the attacks targeting businesses is growing driven by the multiple data breaches that have compromised the traditional identity sources, including the TalkTalk and Carphone Warehouse both being huge hacks that were widely covered in the UK.

“The ultimate victims are the consumers whose digital identities are increasingly compromised with each subsequent breaches. Cybercriminals don’t sleep when it comes to attacks – the majority of the attempts we saw were in the e-commerce space and retailers must stay on their toes when it comes to protecting digital identities during what is sure to be the largest digital season to date for online and mobile transactions.”

These attacks were detected during real-time analysis and interdiction of fraudulent online payments, logins and new account registrations. E-commerce transactions consist of the following percentages and risks:

· 78 percent of transactions were account logins, with 5 percent high risk
· 21 percent of transactions were payments, with 3.2 percent high risk
· 1 percent of transactions were account creations, with nearly 7 percent high risk

In terms of cybercrime techniques, fraudsters are using bots and botnets to run massive identity testing sessions in order to penetrate fraud defenses.

Pandey said: “Botnets are the new data breach threat, as opposed to Advanced Persistent Threats (APT), which attack the network from the inside out; botnet breaches are targeting the outside-in via digital identities.

“We see very high daily traffic at leading retailers due to low frequency attacks using botnets designed to evade rate and security control measures and thus detection.”

Mobile usage has also increased at particularly a rather high rate in the recent months – more than 50 percent from this time last year. This trend is only expected to continue as devices become more widespread and smartphones more prolific.

Pandey explained: “As consumers increasingly turn to mobile devices often to make purchases on the move, they’re leaving digital footprints for the cybercriminals to exploit.

“The main concern we stress with our society’s mobile-dependence is being aware of your online persona – how much information you share online and where you share it – as seemingly unrelated data can provide very important insight into a person’s digital identity.”

How much do you know about 2015’s biggest data breaches? Try our quiz!