Monday, November 29, 2021
Describing 2021 as a watershed year for global ecommerce, Livneh offered hopeful ecommerce guidance in Tis (Still) the Season to Be Jolly: Holiday Season Prep for a Disrupted eCommerce Market, published in October 2021 by Riskified. The report predicts ecommerce, especially digital gift cards, will be a primary holiday shopping channel for consumers and fraudsters alike.
"This year, thanks to supply chain issues causing physical product shortages, shoppers plan to boost spending on these digital gifts by [27 percent year-over-year] to about $270 per person," Livneh wrote, while urging merchants to upgrade from rules-based fraud detection to "adaptive" technology solutions to protect against gift card fraud.
Buy online, pick up in store (BOPIS) fraud also poses challenges to retailers due to agents not fully vetting customers when they fulfill orders; however, while it's wise to be aware of BOPIS risk, being overzealous can lead to false declines, Livneh noted. "Many good customers are choosing in-store fulfillment during the holiday season to avoid potential shipping delays, and turning them away is akin to sending them straight to the competition," he wrote.
Livneh also warned of risk associated with orders placed on mobile devices and picked up in stores, because a confirmation code is the only requirement for picking up an order at a store. "With mobile device takeovers sold as a service on the dark web, the barrier for entry for fraudsters is frighteningly low," he pointed out.
George McGregor, vice president of marketing at Approov, agreed that best practices can protect consumers and retailers against mobile app fraud. "Consumers should think twice about letting any app store your credit card," he said, urging customers to protect personal data and use additional protections offered by banks and mobile app service providers.
McGregor advised retailers, e-tailers and app owners to take a hard look at APIs to protect users from credential theft. "Chasing down vulnerabilities in your code can take time and doesn't solve the real issue, which is that genuine credentials and secrets are often stolen and then used directly to access the API," he said. "If you are an online business using a white-label app for your business, make sure you are asking the right questions about security."
In today's interoperable retail sphere, retailers need to fully vet ancillary service providers and understand the measures they use to protect from scripts and bots exploiting stolen credentials, McGregor noted. This includes ensuring that communications channels are fully encrypted and certificates pinned, and understanding how service providers track and eliminate threats in client devices being used and how quickly they update app security.
"The good news is that these risks are well known and can be mitigated," McGregor wrote. "There are shielding solutions [that] don't interfere with customer experience and can be deployed quickly. With the holiday season approaching you should carve out some resources and time to evaluate your defenses and ramp up the protection of your business."
Livneh advised merchants to share data with other retailers to mitigate risk and optimize the customer experience. "Acquiring and keeping new customers requires removing barriers for entry to eCommerce for non-digital natives," he wrote. "With older generations underrepresented among digital buyers (less than two-thirds of American Boomers make online purchases), keeping legitimate customers in the funnel requires reducing friction and simplifying the checkout process."
A full copy of the Riskified holiday report is available at: www.riskified.com/resources/report/holiday-report-2021/. 
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
