Online fraudsters relish these times when retailers are busy during holidays or shoppers need additional cash to buy food and gifts, and the holy month of Ramadan is no different.
Two cybersecurity experts share their data on the pressures and risks faced by retailers and consumers during Ramadan.
Retailer attacks
Emad Fahmy, Systems Engineering Manager Middle East at NETSCOUT addressed the evolution of attacks from last year, and what is expected this year, especially for retailers.
He said the Ramadan retail sales in the Middle East and North Africa (MENA) region are set to hit $66 billion this year, which represents a five percent rise from last year, according to a recent report by RedSeer. Regional consumers are increasingly turning to online stores to take advantage of large discounts and purchase necessities and gifts for their loved ones in time for the Eid holidays.
During the month of Ramadan, it is important to remember the security risks faced by eCommerce companies and their customers. During the Ramadan shopping season, cybercriminals will do their utmost to defraud unsuspecting consumers and gain access to vital website information, including personal and financial data, much to the dismay of retailers.
Read: Six global cyber extortion trends observed around the world
Cybercriminals are profiting from the increase in online shopping and digital transactions, which puts enormous pressure on online retailers. One of the most common forms of attack is the Distributed Denial of Service (DDoS) attack, in which attackers attempt to disrupt normal traffic to extort money from businesses.
This year, it is likely that newer forms of DDoS will come into play – including adaptive DDoS. In an adaptive DDoS attack, adversaries perform extensive pre-attack reconnaissance to identify specific pieces of the service delivery chain to target. They are increasingly employing botnet nodes and reflectors/amplifiers that are closer to the victim. This reduces the number of boundaries that DDoS attack traffic must traverse, resulting in fewer possibilities to detect and counteract the assault.
According to Gartner, the average cost of IT downtime is $5,600 per minute. A DDoS attack may cost a company up to $336,000 per hour of downtime.
Today, DDoS attacks are inevitable, and successful attempts can cause expensive disruption and long-lasting reputational harm. Online retailers should invest in a powerful DDoS mitigation system to defend themselves, because doing so would effectively eliminate concerns around public-facing services in the event of a DDoS attack. The availability of sophisticated tools to protect infrastructure in the worst-case scenario offers retailers hope that the consequences of an attack can be contained.
Ramadan – BNPL focus
Saeed Ahmad, Managing Director, Middle East and North Africa, Callsign said that BNPL transactions are expected to grow in popularity as online sales surge during the Ramadan shopping season. However, as the BNPL industry develops and providers improve their capabilities, it is expected to become a more attractive target for fraudsters.
One of the most common fraud attack vectors used is the creation of a fake BNPL account using stolen card details and identities. Since consumers aren’t billed right away, it may take some time for the victim to realize they’ve been targeted. Fraudsters also commit account takeover, in which they hack into a legitimate user’s account and purchase goods using an existing account.
The risks are heightened for retailers because they are typically liable for BNPL fraud. The fraudster gets an item but never pays for it, while the retailers are liable for fraud management, cost of goods, and damage to their brand if they are associated with BNPL provider fraud.
To avoid BNPL fraud this Ramadan shopping season, consumers should be wary of responding to SMS text messages or emails purporting to be from their favorite stores. They may contain links that entice them to reveal confidential information.
When it comes to BNPL and other forms of fraud, these ‘Phishing’ attacks are frequently the first weapon in a fraudster’s toolbox. Consumers who use the same password for all their BNPL accounts are more susceptible to BNPL fraud. Consequently, to reduce the possibility of ATO fraud, consumers should use different passwords for their BNPL services.
There is demand for BNPL among consumers but, retailers and BNPL service suppliers must address the occurrence of fraud. Along with increasing customer awareness of security best practices, BNPL providers must improve their understanding of each user interaction’s associated identification and how much trust can be placed in it. Approaches like device fingerprinting, behavioral biometrics, and location analysis help to create a complete picture of each user’s risk level. With a better understanding of users’ digital identities, BNPL providers can make more informed and accurate choices during onboarding, login, and payment. Aside from avoiding fraud, this can also help decrease false decline rates.
For more on Cyber matters, click here.