As the lockdowns triggered by the COVID-19 pandemic intensify across the world, more and more cybercriminals are targeting average citizens who are working and shopping from home. Both customers and eCommerce vendors must be wary of online fraudsters exploiting this sudden increase in online shopping to steal identities, data, and customer accounts on eCommerce platforms. Customer data is especially sensitive at the moment.
According to a Federal Trade Commission report, the most common threats that customers and online vendors face are:
- Account takeover fraud or imposter scams
- Fake debt collection
- Identity theft
- Credit card fraud
In 2019, over 167,000 American citizens reported being victims of fake credit card hacks. New accounts on eCommerce platforms, online payment platforms, and other digital platforms were opened using their credit card information.
Most of these scams are opportunistic crimes. Customers and vendors who are ill-prepared to deal with identity fraud or account takeover are usually the main targets of fraudsters. This nature of the crime puts all Social Security number holders at risk. But, certain demographics are being targeted the most –
- Senior Citizens – Senior citizens are involved in most phishing or malware scams. Be it their unfamiliarity with the latest technology or their natural trusting nature – on average; senior citizens find it much harder to detect identity thieves or track their credit card activities.
- Children – Identity thieves target children who are active on eCommerce platforms because children are more likely to not spot discrepancies in their parents’ credit reports. They are also less likely to take immediate countermeasures against the hackers. Many hackers use children’s Social Security numbers to pass off as legitimate customers.
- Deployed Military Members – Military officers working overseas are often targeted by identity thieves as they’re less likely to notice discrepancies in their credit reports. A majority of military officers cannot access their phones when their accounts are affected by credit card fraud. According to the FTC, between 2017-18, reports of fraud by military officers increased by 85%
Account Takeover Fraud (ATO) – Another Form of Identity Theft
Account takeover fraud is another form of stealing private data for nefarious purposes. In account takeovers, the victim has their financial information stolen. The data is then used to gain access to eCommerce accounts and obtain products/services.
Then, the scammers engage in multiple fraudulent transactions. Before the victims notice, they are billed exorbitant amounts.
Phishing and malware attacks are also common tools used by fraudsters aiming to takeover eCommerce accounts. In 2019, ATO fraudsters caused customers and eCommerce vendors to lose $16.9 billion.
ATO fraud is an internet version of identity theft. Both involve the exploitation of vulnerable consumers and eCommerce networks. Some of the latest tricks used by fraudsters carrying out ATO fraud include –
- Malware Attacks – Cybercriminals use malware to steal consumer data and login credentials. They keep replaying the attacks, which leads to user devices becoming slower. Vendors experience odd increases in traffic.
- Social Engineering – Hackers impersonate contacts or trusted institutions to steal customer data. For instance, a fake customer support team may ask customers for private data. Reputable vendors are often the targets of these scams. Their customers start receiving deceitful communications from them.
- Credential Stuffing – Hackers use stolen login credentials to access as many websites and platforms as possible. Vendors experience increased traffic, multiple failed login attempts, upsurges in bounce rates, etc.
Account takeover fraud takes place in multiple steps:
- First, the user’s device is infected.
- Then, the cybercriminals steal login credentials and other financial data.
- The cybercriminals either sell the data or start carrying out fraudulent purchases themselves.
- During these attempts, they verify which stolen credentials are ideal for account takeover fraud.
- Most fraudsters first monitor their targets, waiting for them to be vulnerable.
- A series of duplicitous activities take place on user accounts. Fake orders, absurd payments, excessive billing, etc., follow.
Preventing Account Takeover Fraud
Here are some ways vendors can avoid scammers from targeting their customers:
- Inform customers and employees about the best password best practices – Since most scammers use bots and algorithms to hack accounts, passwords need to be more complex than ever. They also need to be changed frequently. Using password management tools is the safest option for consumers with multiple accounts on numerous platforms.
- Abide by the Payment Card Industry – The PCI and other government bodies mandate eCommerce vendors and payment service providers to abide by strict security standards.
- Deploy fraud prevention software – Investing in the latest account takeover prevention software is the best step that online vendors can take. These advanced software tools measure each online interaction, detecting the user’s device, ISP metadata, IP location, and behavior on the platform. Collecting this data enables vendors to provide consistent security services in the long run.
- Use two-factor authentication on payment gateways.
As cybercriminals become more cunning and technologically advanced, eCommerce vendors can’t afford to respond to their attacks at human speeds. Fraud prevention software that can anticipate and instantly detect the presence of these scammers is their best option moving forward.