Security experts are warning that retailers should brace for impact because the best estimates are that there could be as many as fifty million fraud-based attacks between those spectacularly busy shopping days.
The estimate is higher than it’s ever been, and is driven in large part by the sheer number of high profile data breeches that have occurred over the last twelve months.
Account data for hundreds of millions of users flooded the Dark Web on the heels of those attacks. The scammers happily stocked up on them and are more than ready for the holiday season.
According to details provided by ThreatMetrix, the attack will shake out something like this:
• In advance of Black Friday, the scammers will use bots to test the stolen credentials they’ve purchased, tossing the ones that no longer work, and keeping the ones that are still active.
• Once they’ve culled their lists, they’ll spend a bit of time conducting a few million test attacks.
• After they successfully test their software with the valid IDs, they’ll launch large-scale fraud attacks with new user account registrations and attempted fraudulent payments.
According to security researcher Vanita Pandey:
“Many e-commerce merchants choose to accept a greater degree of risk on these key days in order to accept more transactions and reduce the chance that good customers experience friction when placing orders….fraudsters see peak shopping days as the opportunity to make larger purchases/attempt to redeem bigger basket sizes, which are less likely to be flagged as suspicious in among the sea of other high value purchases being made by good customers.”
The long and the short of it is that if you expect to see a spike in sales during the Black Friday – Cyber Monday shopping weekend, brace for a big spike in fraud attempts, too.