At the end of 2021, the eCommerce sector lost some $20 billion to fraud. This was a significant increase from the year before and is pegged to increased numbers of online shoppers over the last two years. Looking at the data and considering the growth of online shopping over in-person shopping, we can estimate that such trends will continue. This means it is up to retailers to help their customers avoid or at least limit the chance of them being exposed to fraud.
Account takeover on the rise
One of the most significant issues facing retailers in 2022 is the rise of account takeover fraud. This is where a criminal gains access to an existing online account that is not theirs and then changes key data to take it over. For example, this could include changing the email and password but retaining payment information. This makes it easy for criminals to defraud the account holder, and it also makes it hard for them to regain control again. Access to accounts can be through various means, including brute force and using stolen credentials.
Many cases, however, are down to people not using strong passwords. Instead of picking unique and hard-to-guess passwords, often users will opt for easy-to-remember words, as evidenced by this blog highlighting all the popular passwords by country. Easy to remember also means easy to guess, meaning the task of cybercriminals becomes much more accessible. For example, in the UK it is ‘password’ while in Germany it is ‘passwort’ and in Italy, ‘Juventus’.
Other risks include hackers attempting to extract information from sites, including card details, ID documents, and the personal information of users. This can be done in a variety of ways, including phishing attacks, buying stolen data, or using viruses to hijack systems until a ransom is paid.
How to fight back
There are various ways that online retailers can help customers fight back against fraud. For example, they can insist that passwords are a certain length and contain a certain number of other characters and numbers. Additionally, they can promote the use of unique passwords and send prompts for users to change them regularly. It is also up to retailers and online merchants to use end-to-end encryption and make sure they have systems in place to mitigate risks relating to hacking and breaches.
Other measures that can be rolled out include using artificial intelligence to monitor all systems. This technology can identify any breaches or suspicious activity in the first instance and take appropriate action. In addition, it can also analyse user behaviour to identify account takeovers or usage that is outside the realms of what is normal.
Simply put, online fraud is not going to decrease, nor is the number of online users. Therefore, it is up to the industry to figure out how best to prevent their platforms, programmes and services from being used fraudulently, or other risks associated with them. As competition increases, companies will continue to fight for customer engagement, and being trustworthy and secure is set to be a big draw.