Don't Give a Holiday Gift to Cyber Thieves

Dec. 12, 2019

By David M. Kimble

Between now and year-end, online merchants may earn as much as 30% of their 2019 revenue1. But they aren’t the only ones hoping for a productive fourth quarter. So are cybercrooks. Online fraud attempts increase drastically during the holiday shopping season, starting with Halloween and continuing through Christmas.

The good news is that introduction of chip cards, mobile payments and advanced ID authentication methods has slashed the overall rate of fraud per thousand transactions. On the downside, the volume of fraud attempts has gone up, backed by such organized assaults as a six-week cybercrime course charging a base fee of 45,000 rubles2. (Yes, for real. Only Russian speakers need apply.)

As our agent bank partners know, our industry is innovating quickly to meet this challenge. To improve customer experience, TCM Bank not only has in-house fraud monitoring, but also works closely with its credit card processor when it comes to real-time fraud monitoring, when each transaction is put through a decisioning mechanism. Such real-time systems can identify suspicious behavior and stop fraudulent transactions in real time or near-real time before losses mount. TCM proactively analyzes it’s portfolio for common points of purchase, which allows identifying compromised accounts before alerts from card networks are received.

But to combat the crime gangs’ growing level of sophistication, all of us involved in e-commerce need to rely on more than just the latest technology. Our multilayered defense also has to engage cardholders, who are the “last mile” in crime prevention. Consider encouraging our mutual customers to share ownership of the solution by adopting these holiday shopping practices:

1. Cardholders should keep a close eye on their credit card account. They can enroll in text and email alerts that notify cardholders if a transaction has been made or a preset balance limit reached. They should monitor their account history daily, if possible. Fraud Prevention

2. Unfamiliar merchant? Cardholders should consider using mobile payments. Mobile payment methods like Apple Pay™ and Google Pay™ are secure because they use a unique, one-time token to complete each purchase. Card numbers are never shared with the merchant.

3. Don’t divulge data to phishers. Professional cyber thieves learn social engineering to manipulate people into giving up a password, PIN or other data. Two common techniques are aggression (“This is the IRS . . .”) and charitable appeals (“A big donor will match all contributions, but the offer ends today . . .”). Don’t be stampeded. Insist that any “payment due” notification or charitable request be sent to you by U.S. mail.

4. Cardholders should make sure they’re at the right digital store. By accidentally keying in (or clicking on) a wrongly spelled merchant name, a cardholder could end up at a fake website that looks like the real thing – but will take their payment info and run. Be sure the URL starts with https://.

5. Cardholders should be wary of storing payment card data on a merchant site. Reputable merchants protect stored payment information with heavy-duty safeguards; others, not so much. If a cardholder’s site password is stolen or guessed, a bad guy might log in and use their stored payment method to buy items and access loyalty program benefits.

6. Last-minute e-shoppers: allow time before store pickup. Merchants are becoming aware of thieves who sit in the parking lot, order an item online, then dash in to pick it up before frazzled store employees realize the payment information was stolen. For security reasons, some stores may start requiring an interval between “click” and “collect.”

7. Keep package tracking information private. A phishing email might ask a cardholder to “Click here” if expecting a delivery from a certain retailer. Their innocent click sets up a tracking link that reroutes the retailer’s legitimate delivery notifications to a crook, who then swoops in to grab the package as soon as it hits their doorstep.

As consumers recognize the importance of being able to trust the online payment process, we’re seeing a shift in attitude from, “not my problem,” to, “OK, I’ll accept a two-factor ID process,” Working together like this, we can deploy multiple layers of defense against online fraud. That will lead to what we all want: secure e-commerce with minimal transactional friction.

1 National Retail Foundation, quoted by Dan Alaimo in “The holidays mean higher sales – and more fraud,” Retail Dive, Oct. 25, 2018 (https://www.

2 “Digital Shadows Lifts the Lid on Credit Card Fraud Gangs Cashing in on $24 Billion a Year,” Business Wire, July 19, 2017 (https://www.businesswire. com/news/home/20170719005958/en/Digital-Shadows-Lifts-Lid-Credit-Card-Fraud/) (Editor’s Note: 45K rubles are worth a little over $700 today.)