sb-eu logo
Story image

Black Friday fraud: Who foots the bill?

Banks will have to foot the bill when it comes to the majority of fraud committed during Black Friday and Cyber Monday weekend, according to Sarah Whipp, head of go to market strategy at Callsign.

"With the Black Friday/Cyber Monday weekend upon us and with it myriad warnings to consumers to be vigilant of potential fraud attempts are broadcast, less thought is given to the security of the retailers who are actually selling the discounted products," Whipp says. 

"Yet last year, according to industry specialist GBG, over 18,000 fraud attempts were made against each UK retailer on average during the period between Black Friday and the January sales."

Whipp argues that during busy periods such as Black Friday and Cyber Monday, businesses are under pressure to balance the fraud with customer experience, but they must be careful not to let the latter slip. 

"At the same time, banks have to foot the bill when it comes to a majority of this type of fraud, so they have a vested interest to not let their retail customers to get complacent when it comes to security," she says.

“Given the incredibly high volume of transactions over the coming weekend, and indeed the whole festive period, often merchants will accept that fraud will be higher than usual. However, they are often willing to take the hit because it will be worth it for the extra business as long as there is no long lasting reputational damage," explains Whipp. 

"Indeed, the financial costs of fraud are now borne by banks as well as merchants and Black Friday fraud is a growing challenge for financial institutions," she says.  

Whipp says this is set to change next year. 

"With Secure Customer Authentication (SCA) coming in for merchants in 2021 they may be well advised to make hay now with a lower security bar. In the future they will need to make sure they have trusted merchant status and that they manage their pricing to take into account of SCA exemptions to have a premium user experience," she says.

"Next year, merchants need to partner closely with issuers (banks) to manage this situation."

According to Whipp, 3D Secure could throw another spanner in the works for banks whose customers are online retailers that use it to avoid chargebacks.

"It can massively complicate treatment strategy as the payments are verified by the likes of Visa, Mastercard Secure Pay and Amex Safekey, therefore the liability is mainly with the card issuers and banks," she says.

“To deal with the issue, merchants should use agile IT systems to their advantage. For example, if a retailer’s system has the functionality to modify fraud appetite policy dynamically (including adding in extra fraud checks), then they may want to lower the bar initially to gain the maximum number of sales," Whipp explains. 

"Then, if they were to spot a high degree of fraud attempts they could ramp up prevention measures on the fly. Of course, the impact on the customer and the risk of possible reputational damage needs to be kept at front of mind at all times.”

Story image
DDoS attacks surge, becoming more sophisticated
After doubling from Q1 to Q2, the total number of network layer attacks observed in Q3 doubled again — resulting in a 4x increase in number compared to the pre-COVID levels in the first quarter. More
Story image
Securing the 'next normal' — Check Point's cybersecurity predictions for 2021
“One of the few predictable things about cyber-security is that threat actors will always seek to take advantage of major events or changes – such as COVID-19, or the introduction of 5G – for their own gain."More
Story image
2020's most wanted malware: Trickbot and Emotet trojans driving spike in ransomware attacks
"We've seen ransomware attacks increasing since the start of the coronavirus pandemic, to try and take advantage of security gaps as organisations scrambled to support remote workforces."More
Story image
New CompTIA cybersecurity skills certification available worldwide
Private sector business and defense organisations alike rely on CompTIA Security+ to build cybersecurity skills among their frontline cyber defenders.More
Story image
Forescout expands integrations with partner solutions
Expanded partnerships and integrations with Splunk, CrowdStrike and CyberArk allow for better IT and OT security posture for joint customers.More
Story image
Video: 10 Minute IT Jams - SonicWall VP on the benefits of Boundless Cybersecurity
Today's interviewee will discuss the ins and outs of the company's Boundless Cybersecurity solution and how it can help APAC organisations adjust to the new normal, as well as explaining the 'cybersecurity business gap'.More