Consumers, cybercriminals prepare for Amazon Prime Day

Mid-July has traditionally been a slow time for retailers, but Amazon changed all that, borrowing a page from Alibaba Group Holding Ltd. with an annual one-day event designed to blow up ecommerce. Last year, Alibaba Group netted $25.3 billion in gross sales on Singles Day, an achievement that the company’s CEO Daniel Zhang described as more than just a sales figure. “It represents the aspiration for quality consumption of the Chinese consumer, and it reflects how merchants and consumers alike have now fully embraced the integration of online and offline retail,” he stated in a November 2017 interview with Retail Tech Innovation editors.

CNBC reported that 2017’s Amazon Prime Day achieved a 60 percent increase in sales over the previous year, with $2.4 billion in sales. Financial analysts speculated that the event caused billions in lost revenues worldwide, as employees and staff snuck away from their jobs to shop.

“You know that with such a sale, not everyone was waiting until they got home to shop on Amazon Prime Day,” wrote Peter Zaballos, senior vice president and chief marketing executive at SPS Commerce. “When some Prime members were surveyed, 78 percent said they’d consider shopping on Prime Day while at their desks. And when you think of the millions who were shopping over those two days, you know a lot of them had to be at work.”

Security analysts have observed spikes in cybercrime during high-traffic ecommerce events such as Black Friday, CyberMonday and Amazon Prime Day, the last being a 36-hour event that began at 3 p.m. Eastern Standard Time on July 16, 2018.

“It's that time of year when we're reconnecting with friends and family, both for summer fun and to surprise someone with a gift you got at a killer price during Amazon Prime Day,” said Samuel Bakken, senior product marketing manager at OneSpan. “Many of us will be making purchases from mobile devices and according to Statistica, more than 198 million Americans now do so.”

Robert Capps, vice president of business development at NuData Security, a Mastercard company, added, “It’s worth remembering that 40 percent of all online purchases tracked by NuData Security in June 2018 were bought through mobile, either on phones or tablets. It can be tempting to take shortcuts when making mobile purchases, especially if a good deal is only available for a limited time and the clock’s ticking.”

Be safe out there

Bakken said it’s especially important for mobile consumers to protect their identities and payment data. He offered the following tips for shopping safely during Prime Day and beyond:

• Beware of doppelganger Wi-Fi connections: Change the default settings on connected devices to block automatic connections to open, public Wi-Fi networks. Make sure you know the name of the legitimate Wi-Fi network you’re trying to connect to and proceed accordingly. Connecting to an unknown network could expose your login credentials and sensitive data to thieves.

• Secure connected devices with a PIN or password: In the event your mobile device is lost or stolen, prevent someone from scrolling through any open apps and making purchases. Protect yourself against this scenario by enabling a PIN or pass-phrase on your device (or even better with biometric authentication such as fingerprint if available).

• Protect your login: If an online retailer offers the option of enabling multi-factor authentication, take advantage of this great security enhancement. Amazon allows multifactor authentication via SMS code or an authenticator app. Strong multi-factor authentication can prevent account takeovers, such as the recent ones we’ve seen in the Macy’s and Timehop breaches.

• Mobile mindfully:Don’t click on unexpected or suspicious links sent via SMS or other channels; only download applications from official app stores. Attackers download new and trending games and apps, insert malicious code and repackage them, then distribute the doctored apps through unofficial channels. Apps that appear to be legitimate may be imposter apps with malicious code designed to steal personal information and banking credentials. Malicious apps still make their way onto official app stores, but Apple and Google do apply some screening to stop some of them.

• Be sure the web address begins with https, not http, on any page where you input data. The https signifies a more secure website, ensuring your data is submitted via encrypted pages and that the environment you’re shopping in is safe – both physically and digitally. If you’re not on a trusted and secured network, consider yourself in an unsafe digital territory. And don’t log on to any online site when you are on an open Wi-Fi connection.

Capps offered the following additional tips for protecting online activities:

• Monitor social media: Ensure that data such as birthdays, education, family, friends, pets, home address, etc. is not available to the general public. Prevent non-friends from posting to or seeing what you’ve posted. Review which services and sites you have given permission to access your social media accounts and remove those that are no longer needed or used.

• Activate security alerts: Consider activating alerts with credit bureaus, banks and credit cards. Most banks and credit card companies offer security alerts as a free service. Consider purchasing credit and identity protection services that continuously monitor your account and send you notifications should anything go amiss.

• Stay vigilant: Monitor your bank and credit statements regularly and be on the lookout for any anomalies – including as small as $1 or even a penny. Likewise, if you experience a problem logging into your credit card or banking account, call the institution immediately.

  Editor's Note:

  The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

  Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.