man standing on a ledge over a deep ravine
As ecommerce sales volume grows, so do risks of cyber attacks. PHOTO: Matthew Sleeper

The holiday season is winding down, and for e-commerce outlets, it’s shaping up to be the largest sales season to date. 

According to eMarketer’s holiday sales preview forecast, retail e-commerce sales will jump to $94.71 billion this year, representing 10.7 percent of total holiday retail sales — the largest portion ever. 

More Sales, More Fraud

While these impressive sales figures bode well for fast growing e-commerce organizations, it's important to note fraudsters are also shifting their focus to online businesses.

That is especially true in the aftermath of this past October's nationwide EMV migration. (EMV, which stands for Europay, MasterCard and Visa, is a global standard for credit cards that uses computer chips to authenticate and secure chip-card transactions.)

Findings from our 2016 ThreatMetrix Cybercrime Report indicate a 52 percent increase in online security breaches compared to the first quarter of 2015.

More worrisome, the report shows, fraudsters are increasingly leveraging botnets to control vast networks of computers, many of which belong to unsuspecting consumers. In fact, there’s been a 35 percent growth in bot attacks over the already high levels seen in the same period a year ago.

Prevention Is Key

Proactive fraud prevention has never been more critical, however e-commerce organizations need to strike a balance and also work to minimize friction for trusted consumers to ensure low abandonment and/or defection rates.

This can be challenging due to ever-increasing automated bot attacks, higher-than-ever hourly transaction volumes and larger basket sizes. And with fraudsters behaving more and more like genuine customers, it can be difficult for online businesses to detect genuine transactions versus bad ones in the first place.

5 E-Commerce Trends

To help e-commerce organizations combat online fraud this holiday season and beyond, ThreatMetrix conducted research on cybercrime attacks between July and September. It detected breaches using real-time analysis and interdiction of fraudulent online payments, logins and new account applications.

Based on those findings, we identified five key trends e-commerce trends:

Mobile devices and app stores have changed how consumers interact with retailers. 

Consumers are increasingly entrusting their personal credentials and payment information to a handpicked group of key retailers, sometimes logging in daily to browse for new goods and services. We’re witnessing this trend in the high volume of login transactions for top retailers, and 50 percent of total e-commerce transactions are expected to come from mobile this year.

As digital transactions grow, so do attacks. 

This quarter saw the highest number of attacks on e-commerce businesses, with more than 76 million attacks, a 60 percent increase compared to 2015. What’s more, during the peak holiday shopping week this year, we expect there will be 50 million cybercrime attacks and 7 million daily bot attacks. Additionally, fraudsters will use the holiday shopping season to target high value items — items that are on average 70 percent higher than an average ticket size.

Attacks on payment and login transactions are on the rise. 

With increased e-commerce activity during the back-to-school and holiday seasons, payments resulted in 24 percent of online attacks, and login transactions were responsible for 75 percent. Fraudsters are clearly continuing to see the value of trying to take over existing accounts, as consumers are storing key credentials data with trusted retailers.

Payment and login transactions are the most vulnerable. 

Logins were attacked 30 percent more than last year and attacks on payment transactions increased by a whopping 70 percent. We expect this trend to continue through the 2016 holiday season, as cybercriminals continue to deploy a combination of techniques to attack online retailers.

Bot attacks are pervasive and widespread. 

Fraudsters are using the full spectrum of bot attacks to mass test and validate stolen identity data, with bot traffic occasionally exceeding good transaction traffic. Bot attack patterns and methods are constantly evolving in order to avoid detection, using tactics such as mimicking human behavior or using encryption to disguise traffic. Also, old botnets are often being updated with new technology to improve their attack success, meaning they can survive in the wild for several years. 

Leverage Existing Transaction Data 

Online businesses are under constant pressure to balance timely customer authentication with accurate fraud and risk management because failing to do so can result in billions of dollars in potential financial loss, as well as significant brand reputation damage.

To maintain online security while also reducing friction and improving user experiences, e-commerce organizations should leverage their existing transaction data to create unique, digital user identities.

By incorporating details beyond just device data — such as location information, anonymized identity data, global threat intelligence and online behavioral analytics — businesses can gain a more complete view of their trusted users and the intricacies of consumers’ online footprints. This will allow for even greater sales and a larger proportion of trusted, secure transactions.