Security & Fraud

Luxury Retail, Luxury Fraud: How Neiman Marcus Is Battling Fraudsters

Retailers are increasingly using new tools to differentiate between legit and fraudulent transactions. In the latest Digital Fraud Tracker, Neiman Marcus’ Chief Information Security Officer Shamoun Siddiqui tells PYMNTS how AI tech helped the retailer stay a step ahead of the crooks this holiday season.

Retailers raked in more than $850 billion during the 2018 holiday season, marking the fastest holiday retail sales growth seen in the past six years. This growth is reflected across all areas of retail as online shopping becomes more popular with consumers, forcing even more traditional retailers — such as those that sell luxury products — to craft an online experience.

Luxury retailers have been slower to move online than some other retailers, but the impact of online sales in this industry can already be seen. By 2025, online luxury sales are expected to triple, leading to an anticipated $91 billion in sales, one report noted.

Stopping fraudsters can feel a bit like playing Whac-A-Mole for luxury retailers who want to protect customers and data, and no one wants to be the next retailer to experience a data breach or high-volume fraud attack.

To beat fraudsters at their own game, retailers must change the technology they are relying on and do so in a way that doesn’t add friction to the user experience, said Shamoun Siddiqui, chief information security officer for luxury department store chain Neiman Marcus. PYMNTS recently spoke with Siddiqui as well as Kyle Ciborowski — director of security architecture — on the ways in which the retailer is fighting fraud.

“Luxury retailers typically operate in a high-touch environment [that’s] designed to be as friction-free for the customer as possible,” Siddiqui said. “Any measure of security introduces friction, so the challenge is to make security as transparent as possible while still protecting the customer’s personal information.”

How Omnichannel Is Changing The Way Luxury Retailers Respond To Fraud

For luxury retailers like Neiman Marcus, fraud is a constant battle — and one that’s continuing to grow in an omnichannel environment. However, what these retailers aim to protect remains the same both online and in store.

“An omnichannel environment increases the potential fraud footprint dramatically. However, the challenge continues to be the same … detecting a valid transaction from an invalid one,” Siddiqui said. This includes fighting fraud at every level, including the back office, where it’s essential to be able to distinguish between legitimate and fraudulent transactions.

As they craft their omnichannel strategies, most luxury retailers are using a variety of fraud detection programs to counteract increasingly devious methods. Ciborowski emphasized the importance of one technology in particular that Neiman Marcus uses in its omnichannel environment: device fingerprinting.

“With our current fraud detection system, we are utilizing device fingerprinting,” Ciborowski said. “The technology looks at all aspects of the browser and [determines] whether that device is a true human device or whether it’s an automated device.”

According to Siddiqui, this technology has become so integral for Neiman Marcus’ fraud detection system that the company will be making upgrades to it in the near future.

The large number of data breaches that occurred in 2018 gave fraudsters access to a vast library of stolen information, from email addresses to Social Security numbers. Undoubtedly, Siddiqui added, account takeovers have emerged as the biggest threat for luxury retailers, especially during the holiday season.

“We did see a lot of holiday fraud related to account takeovers, which means that criminals were using aggregated identities to impersonate legitimate customers and trying to place orders,” Siddiqui said. “In our case, because of the way our controls have been architected and [the way our] process has been instituted, we were able to mitigate most of the risk and most of the fraud.”

This is especially true as data breaches grow more common as eCommerce sales grow.

“The Social Security numbers compromised in one breach, the names and email addresses compromised in another and the passwords lost in yet another … are all aggregated by criminal enterprises to construct [full] identities,” Siddiqui said. “With the level of sophistication that we have seen from criminals, it is a challenge to stay one step ahead.”

The Importance Of AI

With data breaches providing fraudsters with a seemingly endless supply of the information needed to create false identities, the constant challenge for Neiman Marcus is  to make sure that its fraud detection system are as complex and sophisticated as the attacks it encounters.

“We are investing heavily in fraud detection systems that [use] machine learning and artificial intelligence to differentiate between normal patterns of customer behavior and potentially fraudulent ones,” Siddiqui said of the brand’s approach to identity theft and other types of fraud. “These are patterns that would not be visible to the naked eye.”

As fraudsters continue to make their attacks more sophisticated and implement advanced tools to move past the measures retailers put into place, seeking out those patterns becomes necessary. Retailers like Neiman Marcus are experiencing a flood of automated or botnet attacks that actively mimic the way humans shop, something that can make fraud “increasingly difficult” to protect against, Ciborowski said.

“[These bots] navigate the website in the ways you would expect from a real user and then perform their attacks. … If we did not utilize AI, we would not be able to keep up with their ability to attack and overcome any obstacle we put in their place,” he added.

AI isn’t the only way that fraudsters are slipping past retailers’ defenses — after all, fraudsters are experts at changing their behaviors in just a matter of hours. As an example, Siddiqui pointed to mouse movement — or the movement of the pointer on a computer screen — which Neiman Marcus started to look at to better separate automated and human transactions.

“For a short while we were successful in stopping the attacks. However, within hours, the hackers had figured out what we were doing and had introduced mouse movements into their automated botnet attacks and were able to get past some of [our] defenses,” he said.

This is just one example of the many methods that fraudsters use to get past a retailer’s digital defenses, but it’s by no means the only point of attack. Fraudsters are trying out everything, from online automated bot attacks to traditional counterfeiting, and brands like Neiman Marcus need to be able to counter all of them.

As more luxury retailers move online, creating a secure, omnichannel environment is essential, as is  keeping the customer experience as seamless and luxurious as the traditional brick-and-mortar experience. They’ll just have to be able to hold the fraudsters back first.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.