– Mark Crichton
For many retailers and consumers, Black Friday marks the beginning of the holiday shopping season, that lasts all the way through to the January sales. This year, spending over Black Friday rose 12.5 per cent compared to 2018 according to Barclaycard, and in America, Black Friday shoppers spent a record $7.4 billion.
As spending skyrockets, so does the risk of fraud, as cyber-criminals look to take advantage of the spikes in transaction volume to try and evade fraud detection processes. Last year it was estimated that almost a quarter of UK customers faced attempts at fraud over Black Friday and Cyber Monday, and there’s no indication that 2019 will be any different.
Avoiding public Wi-Fi, understanding what a phishing email looks like, and only shopping with trusted brands are all ways consumers can stay protected over the holiday shopping season, but the responsibility to stay protected shouldn’t lie solely at their door. There’s also plenty that banks and financial institutions can do to protect customers from fraud. Here are 5 tips:
Stick to the script
It can be tempting for staff monitoring transactions to cut corners, as the volume of transactions being processed increases and they try and clear their workload. Unfortunately, this plays directly into the hands of cyber-criminals, who are looking to hide amongst the volume of traffic, and evade security measures that are in place for a reason.
Remind staff that it’s more important than ever to stick to the processes and procedures defined throughout the entire year. Security standards don’t need to slip, and extra attention should be paid to activity that seems a little out of the ordinary.
Watch out for mobile
Last Black Friday more than a third of purchases were made on mobile, and PWC estimated that more than three quarters of Black Friday transactions now take place online. For hackers, this shift has the potential to become a very lucrative business opportunity, as they look to take advantage of vulnerabilities in emerging channels that may be less secure than traditional channels.
One way banks and FIs can secure the mobile channel is by protecting their apps with mobile application shielding technology. This prevents attackers from injecting malicious code into an app, and it’s also context-aware, so that if a customer’s mobile is rooted or allows for side-loaded apps and is potentially infected with malware, the app itself it still protected.
Given the number of vulnerable apps that have been detected in Apple and Google’s app stores this year, it’s evident that banks and FIs can no longer rely on the two tech giants to provide security for their apps. By protecting their apps with mobile application shielding technology, their apps will be able to protect themselves in untrusted device environments, and consumers who accidentally download a malicious app won’t risk having their financial credentials stolen by criminals.
Implement MFA and transaction signing solutions
Multi-factor authentication and transaction signing solutions are technologies that can contribute significantly to fraud detection and prevention, so banks and FIs should make implementing these a priority.
However, not all authentication methods should be treated equally. There are some, such as SMS, that are known to be less secure than others, as one-time SMS codes can easily be intercepted by hackers. By adopting risk-based multi-factor authentication that takes into account data from a variety of sources, such as behavioural biometrics, biometrics, voice recognition, the trustworthiness of the device, geolocation and so on, ensures that the appropriate level of authentication is provided for the situation. This is also a great way for banks and FIs to ensure they’re providing robust security without compromising on the user experience.
Take advantage of AI and ML
The emergence of AI and ML has transformed how banks and FIs can detect and prevent fraud, as the algorithms are capable of analysing vast amounts of data from a variety of channels in near real-time. This is particularly important over the holiday shopping season when there’s likely to be a spike in transaction volume, and thus the amount of data being processed and analysed. By taking advantage of these technologies, banks and FIs can detect and prevent attempts at fraud before the damage is done, achieve regulatory compliance, and reduce false positives.
Communicate with customers
Finally, it’s important to communicate with customers, and let them know that you will never ask them for credentials via email, text or chat. Hackers can take advantage of the rise in communication between banks, retailers and customers, to try and convince customers to part with sensitive information.
It’s clear that there are steps banks and FIs can take to keep customers protected from fraud during the holiday shopping season. However, fraud is a yearlong threat, so it’s important that combatting it remains a top priority for banks and FIs all year round.
