Consumer behaviors and cyber risks of holiday shopping in 2020

While consumers are aware of increased risks and scams via the internet, they still plan to do more shopping online – and earlier – this holiday season, McAfee reveals.

holiday shopping cyber risks

Thirty-six percent of Americans note they are hitting the digital links to give gifts and cheer this year, despite 60% feeling that cyber scams become more prevalent during the holiday season.

While more than 124 million consumers shopped in-store during the 2019 Black Friday to Cyber Monday holiday weekend, the survey indicates consumers have shifted direction due to global events this year, opening their risk to online threats as they live, work, play, and buy all through their devices.

The survey shows shopping activity in general has increased, with 49% stating they are buying online more since the onset of COVID-19. 18% of consumers are even shopping online daily, while 34% shop online 3-5 days a week.

Online cybercrime continues to increase

The research team recently found evidence that online cybercrime continues to increase, observing 419 threats per minute in Q2 2020, an increase of almost 12% over the previous quarter.

With activity set to rise from both consumers and criminals, there is an added concern of whether consumers are taking security threats as seriously as they should – with key differences seen across generational groups:

  • 79% of those 65+ in age believe there is a greater cyber risk due to COVID-19 while 70% of those 18-24 state the same
  • 27% of respondents ages 18-24 report checking if emailed or text messaged discounts and deals sent to them are authentic

“Many are wondering what this year’s holiday season will look like as consumer shopping behaviors continue to evolve and adapt to the challenges faced throughout 2020,” said Judith Bitterli, VP of Consumer Marketing, McAfee.

“With results showing the growing prevalence of online shopping, consumers need to be aware of how cybercriminals are looking to take advantage and take the necessary steps to protect themselves- and their loved ones- this holiday season.”

This juxtaposition of increased online activity from both consumers and cybercriminals serves as the perfect catalyst for misdeeds, especially as 36% of consumers note that while they are aware of risks, they plan to increase their holiday online shopping. This less-than-cautious approach is further seen when respondents are offered deals or discounts, with 43% checking to see if Black Friday or Cyber Monday emails and text messages sent are authentic and trustworthy.

Consumers purchasing more online gift cards this year

Additionally, as the National Retail Federation (NRF) reports 54% of consumers wish to receive gift cards this holiday season, the survey proved that 35% of respondents plan to fulfill this request by purchasing more online gift cards this year.

With this alignment set to occur, there are potentially negative implications as 25% of respondents automatically assume gift card links are safe and don’t always take the necessary steps to ensure legitimacy.

In order to stay safe this holiday season, it is advised to:

  • Employ multi-factor authentication to double check the authenticity of digital users and add an additional layer of security to protect personal data and information.
  • Browse with caution and added security using a tool to block malware and phishing sites via malicious links.
  • Protect your identity and important personal and financial details using an identity theft protection tool, which also includes recovery tools should your identity be compromised.

Identity fraud: Protecting your customers from the new kids in town

It’s one thing to have your credit card stolen, but your identity is a whole other ball game. The worst thing is, it’s a lot more common than you’d think. Identity fraud affects around one in 15 people in the US and has never been higher in the UK. The fraudsters have built their own subculture as new tools and channels lower the bar for entry. It’s time to strap in, because the challenge will only grow in the next few years.

identity fraud

When a customer calls to say their account has been hijacked, their confidence in you and your security measures is shot. How you respond is vital, but it would’ve been far better if it had never happened in the first place.

While it seems surprising, there is a way to turn identity fraud into a positive customer experience. However, it all depends on your ability to detect and prevent the fraud before it can do any damage. For this, you need an intelligent screening process and the right joined-up systems in place.

Culture shock

Fraud is nearly as old as money itself. The reason we haven’t managed to put a stop to it is because fraudsters have been able to adapt. When we clamp down on one form, the fraudsters have moved to another. In the US, while we were busy tackling cheque fraud, the fraudsters were starting to create synthetic IDs.

To combat fraud effectively, financial companies need to know what they’re up against. Fraud has changed in recent years, and it continues to evolve. Organizations don’t just face isolated lone wolves and criminal outfits, they’re taking on an entire online subculture of fraudsters.

Social media has created countless online communities, some good and some bad. But what we’re seeing now is the rise of the new kids on the block – the next generation of tech-enabled fraudsters. This crowdsourced community is truly international, able to share techniques, tools, warnings and opportunities online. Rap artist Teejayx6 has even been able to hide fraud lessons in his song lyrics, turning him into a fraud folk hero.

What’s happening is that fraud is being democratized. Where resources and experience used to be key to success, anyone with an internet connection can access the dark web tools they need to pull it off. For organizations, this means fraud attacks will be coming from every direction and across every channel non-stop.

The only way to protect yourself and your customers from these new fraud attacks is by having technology in place that lets you adapt. Systems should be integrated and agile, and your methods for fraud detection should be intelligent and dynamic to change.

Knowledge is power

As financial companies have moved online, so have the fraudsters. A criminal doesn’t have to search through garbage bags for bank statements to steal a person’s identity – they can now get all the info they need on social media or even a phone call.

The customer is always the weakest link when it comes to security. It’s no accident that 70% of successful fraud attacks begin on the telephone, and 10% through direct email. Fraudsters will target them relentlessly, tricking them into sharing personal info, passwords and account numbers. They may go as far as stealing victims’ personal devices.

The first line of defense will fail: fraudsters will get what they need from their target and can start and exploiting their online accounts. It’s here that a company has to step in to protect the customer.

To do this, you need a truly intelligent, insight-driven screening process for every channel. Have a way to accurately identify and verify each customer interaction, to ensure the user is who they say they are. Data is the most important thing, but so many authentication systems only make use of a fraction of what’s available.

A secure and efficient verification system needs to assess a lot of different typologies. Only confirming that a user is using a familiar device doesn’t mean they are being honest. You should check them against multiple typologies – like experiential information, user behavior and public records – before you give them access.

Organizations don’t have to check for every data type, but they do need to be exact. Identity fraudsters build entire synthetic identities on top of their victim’s – they’ll change personal details, addresses and public information to make their identity more believable. If you check for more factors, you’re more likely to catch them out.

If the user passes these checks, they can safely be let in. If they don’t, it’s time to give the customer a call, either for further authentication or to tell them their identity is in danger. When you have the data-driven insight to warn a customer about fraud before it happens, you turn it into a positive customer experience. They’ll be sure that their identity and business is safe with you.