Security & Fraud

Holiday Plans? Fraudsters Have Them, Too

Yes, you’re catching a train, plane or automobile to get to, or away from, your relatives. But as the holiday season kicks into full gear and eCommerce heats up, cybercriminals are looking to go shopping, too — on everyone else’s dime. Forter CEO Michael Reitblat spoke with PYMNTS’ Karen Webster and offered his take on the fraud-Grinches that are certainly not going to be going on vacation this year.

They’re the worst sort of uninvited guests — the ones who take your valuables and money.

No, we’re not talking about klepto Aunt Edna. We’re talking about online fraudsters, the ones who cause calamity for consumers and merchants alike. And in a far-ranging conversation about technology-driven fraud that lies far beyond the reach of simple stolen credit card data, Forter CEO Michael Reitblat told PYMNTS’ Karen Webster that the holidays are simply a demarcation of timing and opportunity on the calendar for a rising trend of eCommerce malfeasance.

“We’ve been talking about this regardless of the holiday season, about fraudsters automating the retrieval of the stolen data, the execution of the fraud and the selling of the goods that they acquire. And there is no better time to do that than the holiday season,” he added, “because everything scales up.”

“One thing that is important to know,” said Reitblat. “Fraud grows, but sales grow faster.” This means that the dollar amount of fraud may grow, and yet, the percentage of transactions that fall victim to malfeasance may not keep pace.

Webster noted that the patterns of fraud are mirroring consumers’ buying patterns. And she expressed concern about how fake apps get into the system in the first place. “The whole purpose of the fake app,” said Reitblat, “is for the fraudster to get identity information … whether it’s your credit data … or your name, address … and when the marketplace tests the app, they have no way to tell whether there is a legitimate merchant behind it. There will only be the test as to whether the app will cause security problems on the phone, creating a bad reputation for whatever that marketplace is.”

The focus here is the consumer experienceand the threat of latent breaches — not whether you are selling the actual goods.

The fraudsters can use this to know when you are out of the house — or where your house is — and perhaps even if you are on vacation. “Some apps are just interactions,” said Reitblat, “between the fraudster and you, without you realizing that, of course — or, in a more high-tech setting — you are interacting with a fraudulent chatbot that is collecting all of your information.”

Again, he cautioned, this is a general trend that is not necessarily holiday-specific. And as a larger trend, the fake apps also give fraudsters a conduit through which they can offload their stolen goods, said Reitblat.

“If you see an app that looks like a merchant you know … say, for example, Macy’s, and then, you download that app, and they offer you a bunch of products and say, ‘Hey, we do not have a lot of products, but this is the special promotion that we have,’ … then they sell you stuff that is $0.50 on the dollar, when Macy’s can sell it for $0.30 on the dollar. [The fraudsters] will go to the access site and steal the goods for zero cents on the dollar, and then, they fulfill it in a back-to-back order,” he said.

In terms of this activity, Forter has seen this fraud more often with fake merchants than with apps, and the impact is felt across all industries. In one hypothetical example discussed during the interview — ordering pizza for delivery — the buyer buys, pays, the pizza shop gets the order and delivers, but the fraudster has intercepted the payment, rendering the merchant out of one pizza’s revenues and eating the costs of production and delivery in the process.

“The level of attraction,” said Reitblat, “is that this process can be automated … We have to give fraudsters credit for creativity and skill, not so much on morals,” he joked.

As eCommerce grows and retailers become better at marketing for the holiday season, “they can’t implement the same fraud prevention processes as they do on a regular basis.” When merchants have triple or even greater multiples of orders than is seen at other times during the year, he added, buyer behavior changes as well.

For example, people buy items but then ship them to the locations where they will be spending the holidays. Shipping thus becomes cross-country or even international. With greater volumes, said Reitblat, fraudsters come armed with greater appetites. This translates into a holiday season of sorts across fraudsters, along with, ironically enough, their own promotional activity. They know there will be a need for the tools used to commit fraud, and so, stolen credit cards become cheaper to buy online as well.

Against this backdrop, said Reitblat, the need becomes paramount for merchants to adopt automated solutions to deal with fraud attempts (setting the stage for brisk business at firms like Forter, with millions of dollars spent annually on fraud prevention research and development activities, letting merchants focus on generating sales). “Retailers have to make faster decisions on a higher scale,” he said.

What’s next in the evolution of fraudster trickery? Fraud rates are likely to boost by at least 50 percent year over year, said Reitblat. “People are unaware that people use the same data for everything … and hackers will just go and try this data across” several sites. That sets the stage for account takeover situations, said the executive.

And in the wake of the massive Yahoo data breach, where hundreds of millions of accounts were compromised, said Webster, “it seems like everyone’s data is out there.” The question becomes one of “what do you do?”

Recommended Reitblat: If you are consumer, change your passwords in the midst of the holiday season just to be safe. “Stop using the same password every day … contain the problem.” The best security questions are the ones that users make themselves. “Be more vigilant in checking your credit card statements.”



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.

Click to comment