Most everyone looks forward to the holidays. Unfortunately, it also seems to be the “most wonderful time of the year” for fraudsters to steal from consumers and businesses. Merchants can expect a big jump in omnichannel fraud, which has risen 60% over four years, during the holiday shopping season.
The attempted fraud average ticket value also tends to increase yearly – by nine dollars in 2019 – as fraudsters target pricier items. Because they like immediacy, buying online, picking up in store, and next-day shipment are popular methods for fraud attacks.
When do fraudsters launch holiday attacks?
Research from Riskified suggests that online shopping fraud attempts are highest on December 24 and 25. The fraud prevention technology company explains that on these two days, fraudsters focus on phone and chat orders that require human assistance, knowing that customer service teams are exhausted by late December.
A 2020 Experian survey revealed that 21% of consumers experienced fraud while shopping online during the holidays. Of those shoppers, 15% said the fraud happened on Cyber Monday.
Mobile commerce — widely known as “m-commerce” — also peaks during the holidays. Just under half of holiday global e-commerce sales are placed via mobile device, with the strongest mobile shopping day of the year being Christmas Day.
Fraud comes in many packages.
Criminals use a variety of schemes to steal during the holidays. Deception and diversion are common practices.
Digital gift card fraud is highest in the Christmas and post-Christmas period. Criminals like gift cards because they are hard to trace. Sometimes they’ll even target physical merchants with “mixed cart” fraud, where they’ll order and send a few physical goods using the victim’s shipping address, then add a digital gift card sent to the fraudster’s own email address.
Returns abuse U.S. retailers lose more than $17 billion to returns abuse every year and it’s especially popular during post-holiday months. An example is “friendly fraud,” such as chargebacks for merchandise that customers purchase online, receive a refund for, but do not actually return.
Fraudsters will sometimes recreate an entire website, hoping that consumers will provide login, payment, or other details. With stolen data, these fake websites can be embedded into spoofed emails and sent
directly to your customers.
Package theft, in which criminals help themselves to unattended parcels after delivery, is an offshoot of cyber crime. Fifty-five percent of consumers were hit by “porch pirates” during the 2019 holiday season. This can be costly for retailers as 73% of victims receive refunds for stolen items, at an average cost of $109. Additionally, 42% of consumers will reduce the amount spent on purchases during the holidays due to fear of theft.
The holidays are a perfect time for unmerry mayhem.
Criminologist Donald Cressey describes the factors that cause people to commit fraud as a “Fraud Triangle.” Together, these three components — perceived opportunity, financial need, and rationalization — lead to fraudulent behavior. The pressure of these factors is usually heightened during the holidays.
Opportunity. Retailers and consumers are especially busy and distracted during the holidays. Retailers may have more goods on display than usual, and consumers may be unaware of package arrivals, giving thieves more opportunity to take what they want.
Financial need. Normally law-abiding citizens may be motivated to commit crimes because they are desperate for cash during the holidays. Given the ongoing financial stress of the pandemic, more fraud is likely in 2021.
Rationalization. Similarly, in stressful times, people can more easily adjust their self-perceptions, rationalizing fraud as the “right circumstances.”
Awareness is key to protecting your business during the holidays and always.
Assessing the risk for cybercrime, theft and occupational fraud reveals weak spots and vulnerabilities, and allows you to create systems and processes to protect assets. Of course, different channels require different solutions, and layers of solutions often work best.
You don’t have to be a victim. There are several best practices to consider.
Immediately report suspicious activity.
If you experience application pop-ups, error messages, unfamiliar login screens, suspicious emails, or other unusual activity, report them to your security team right away. Do not click on suspicious links. The FBI hosts a comprehensive cybercrime site, where you’ll find tips to protect your business, news, and instructions for reporting a claim if you believe you’ve been a victim.
If you have brick-and-mortar locations, be sure you are staffed at an appropriate level to pay attention to what’s going on in the store. In addition, you might deter theft by limiting the number of customers in the store at any one time due to distancing requirements.
For online retailers, staffing up your customer service team can alleviate holiday fatigue and make it easier to deter fraudsters using chat and phone channels.
No matter how you do business, ensure that your employees are properly trained to quickly identify, escalate, and mitigate fraud attempts.
Establish consistent processes.
Consistency shines a light on abnormalities. If your team follows the same processes every time, with every transaction, the result is that unexpected, non-standard actions stand out.
Insist on training that drives home standardized practices, despite holiday chaos. Regardless of channel, your team needs to take uniform actions so that they’re more likely to recognize the inconsistencies that point toward fraud and cost you money.
Stay on top of technology.
Fraudsters are innovative. It is their business to steal from yours. For this reason, they change their techniques and technologies often, seeking new vulnerabilities to exploit your systems and processes.
If you connect it, protect it. You can’t keep up using outdated methodologies. Old school “if-then” logic programs recognize patterns that are already identifiable. Newer technologies with machine learning recognize data associated with fraud patterns and automatically react to new outcomes and patterns via a feedback loop.
Ask for help.
Every industry has unique fraud challenges. Seek the advice of professional advisors who can help you identify and reduce fraud risk for your specific business circumstances.
Balance the customer experience.
Whatever fraud mitigation steps you take, keep in mind that you don’t want to create additional “friction” that will make your customer experience slower or unpleasant. For example, regarding retail returns, Forter recommends looking at metrics and
analytics to differentiate a returns abuser from a legitimate customer who needs to make several returns in a short period of time.
Beware — and be aware
Fraudsters can steal profits from businesses at a time when many are counting on their biggest sales of the year. With so much at stake, companies can’t afford to neglect holiday fraud. Beware of fraudsters — and be aware of the steps you can take to thwart their schemes.
Synovus is on your side in the fight against holiday fraud. Let us help you protect your business. For more information, contact Synovus Treasury and Payment Solutions, your Treasury Consultant, or Relationship Manager.
This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.
You are about to leave the Synovus web site for a third-party site
Third-party sites aren't under our control, and we are not responsible for any of the content or additional links they contain. We don't endorse to guarantee the goods or information provided by third-party sites, and we're not responsible for any failures or inaccuracies. Third-party sites may contain less security and may have different privacy policies from ours.