In the world of tech and commerce, everybody wants to be like Amazon.
That’s particularly true in the B2B eCommerce space, as the online shopping habits of consumers spill into their professional lives when making purchases for a company, and as B2B eCommerce solution providers vow to offer an “Amazon-like” experience fit for the corporate world.
But recent cybersecurity and fraud incidents connected to Amazon could serve as warnings to the B2B commerce ecosystem: If Amazon can fall victim to a hack, anyone can.
As this month’s PYMNTS Digital Fraud Tracker highlighted, Amazon revealed in May that it was hit by an “extensive” fraud in which hackers are suspected of using phishing attacks on Amazon sellers to steal company money. Reports in Bloomberg, citing a U.K. legal document, detailed how Amazon uncovered what it described as a “serious” cyberattack between May 2018 and October 2018.
The incident, which remains under investigation by Amazon, targeted accounts on its Seller Central platform. Via phishing emails, hackers were likely able to trick Amazon sellers into providing login credentials with which the criminals could access Seller Central accounts and change bank account information. Doing so allowed them to siphon funds from sellers’ sales or loans (provided by Amazon Capital Services U.K.) into their own personal accounts, reports said.
“The case highlights how the world’s largest online retail platform – designed to be automated with minimal human input – can be misused, and how difficult it is for Amazon to find perpetrators,” Bloomberg said in its report.
It’s only the latest cybersecurity headache for Amazon. As the Digital Fraud Tracker outlined, the company also experienced a data breach last year that led to customer names and emails being exposed to the public, which reports in CNBC warned could be used to perpetuate more phishing attempts against Amazon customers.
But the most recent revelations of fraud shine a light on how phishers and cyberattackers are going after corporate funds, using eCommerce portals to infiltrate company bank accounts and back-office portals to steal business’ money.
As the B2B eCommerce industry embraces Amazon, either by using the platform directly or as a business model to develop additional B2B eCommerce platforms, the fraud incidents at Amazon reveal the vulnerabilities of an eCommerce industry that is increasingly including business-to-business commerce and payments.
The Amazon-Like B2B eCommerce Experience
Amazon itself has embraced adoption in the B2B space with investment in its Amazon Business unit. Last year, the company expanded Amazon Business into Italy and Spain after launching in the U.K. and India in 2017.
Amid that push, Amazon released stats on its B2B operations last year, noting that Amazon Business is growing faster than its retail operations. The company is also investing significantly in the public sector by working with local and state governments to allow public departments to procure goods via Amazon.
At the same time, new FinTechs are stepping into the market, with firms like Dropee, Inxeption, and Deskera all recently securing investment from backers supporting their efforts to disrupt B2B eCommerce and propel it into the age of Amazon.
Yet with Amazon’s recent warning about fraud, it’s clear that both the industry giants and new FinTech players must have cybersecurity in their crosshairs for B2B eCommerce – because if Amazon can fall victim to data breaches and phishing campaigns, anyone can.