Bruno Farinelli
Sometimes the more things change, the more things remain the same. Even as technology continues to evolve at a breakneck pace, online retailers find they are battling the same old cybersecurity threats — but now with new twists, increased frequency and higher price tags.
With fraud attack rates expected to continue to increase in 2019 and the possibility of a major global cyberattack triggering $53 billion of economic losses, e-commerce merchants can’t rely on their 2018 strategies to protect them in the year ahead. We’ve picked four of the top cyberthreats e-commerce merchants can expect to face as they ring in the new year and offer solutions to help protect merchants and customers.
1. Phishing
A form of social engineering and identity theft, phishing remains one of the simplest ways fraudsters trick individuals into revealing personal information. Fraudsters often use actual company logos and realistic-looking links in their communications to “spoof” unsuspecting customers into providing sensitive data. Although they’re common, these attacks still work: 30% of phishing emails get opened.
But phishing attacks can do more than trick unsuspecting users into revealing sensitive data. These attacks can also install malicious software on computers, infect computers with viruses or even steal personal information off of computers.
Phishing attacks continue to increase in frequency: The Kaspersky Lab Anti-Phishing system was triggered nearly 250 million times in 2017, a rate 59% higher than 2016’s rate. Even more concerning is that these attacks have begun targeting organizations rather than individuals, which means e-commerce merchants must be prepared to defend themselves against this cybersecurity threat.
2. Ransomware
When a cybercriminal launches ransomware, their goal is to infiltrate and commandeer its technology systems, rendering all the files on the affected system useless until the victim pays a ransom to the hackers. In extreme cases, the cybercriminals can even shut down an e-commerce business’s operations and delete business-critical files if the ransom isn’t paid.
Ransomware can be cheaply deployed through email and can offer a huge payoff for criminals — one South Korean business paid $1 million in exchange for unencrypting their files.
Although the number of ransomware families dropped 71% in 2017, this doesn’t mean e-commerce merchants can let their guard down. The number of variants increased 46% last year — a number that’s expected to continue to grow. Researchers also predicted a triple-digit increase in ransomware attacks in 2018, with the global damage from ransomware attacks projected to exceed $11 billion by 2019.
The reason for its explosive growth is simple: Any individual or business who is connected to the internet is at risk for these attacks. No matter the size of an e-commerce business or the industry it serves, online merchants can be a target for a crippling ransomware attack, so they must ensure their files are backed up and stored securely.
3. Data Breaches
The data breaches just keep coming. This time, it’s Marriott International that’s reporting that the personal information of up to 500 million Starwood guests — including names, addresses, phone numbers, passport numbers, reservation information and payment card numbers — was exposed between 2014 and September 2018.
But data breaches affect more than individuals. They can also affect an e-commerce merchant’s business.
Breached information frequently finds its way to the dark web — a marketplace filled with sellers offering the products and services that make it easier for cybercriminals to assume new identities and use them to defraud online businesses. And if you think you know your customers are legitimate, you might want to think again: Between 80%-90% of the people who log into e-commerce sites are actually hackers using stolen data.
In 2019, experts like Experian believe cybercriminals will find new ways to compromise personal data, including biometric hacking and targeting the online gaming community.
4. Two-Factor Authentication
While two-factor authentication (2FA) has been touted as a secure way to confirm a customer’s identity and authenticate accounts, it’s not as infallible as previously believed. Fraudsters are increasingly finding ways to install malware on smartphones that let them intercept authentication SMS messages and codes.
In 2018, California-based communications firm Voxox’s unprotected database resulted in tens of millions of text messages, security codes, password reset links, two-factor codes, and shipping notifications being made available to cybercriminals.
Thanks to consumers’ increased tendency to synchronize multiple devices, phone-based 2FA is being rendered almost useless. If a cybercriminal can hack into a user’s computer, they can also compromise the linked smartphone and bypass the security mechanism — letting cybercriminals capture secure personal data and defraud businesses and consumers.
Protecting Your Business With Technology
As fast as technology is changing, hackers remain close behind, developing and executing advanced forms of fraud that challenge even the most tech-savvy cybersecurity teams. That means e-commerce merchants must be constantly monitoring the threats to their business and customers.
Smart merchants are leveraging technology themselves to identify and disarm cyberthreats before they have a chance to do real damage to consumers’ identities and their business’s reputation.
At ClearSale, we’ve combined the best of artificial intelligence and trained human analysts to offer our clients the highest level of fraud protection available. Not sure if it’s the right choice for your business? Download our free “Fraud Protection Buyer’s Guide” today. It walks you through everything you need to know — and every question you need to ask — to make an educated fraud prevention purchasing decision.
