Many business owners look forward to the surge in sales that the holidays bring. Unfortunately, this can be matched by a spike in online fraud.

This year the risk is higher than usual. Our increased time at home due to COVID-19 restrictions has quickly changed spending habits of not only Albertans, but consumers around the globe. Interac reports that 64 per cent of Millenials and 58 per cent of Gen Z have increased the frequency of their use of digital payments during the pandemic.

According to Statistics Canada, retail e-commerce sales nearly doubled (+99.3%) from February to May of 2020. With such a profound shift to online sales, holiday shopping in 2020 is bound to come with a few unpleasant surprises for business owners.

The new and improved customer-focused fraud tactics

As a business owner, it’s important to understand the risks this holiday season beyond the traditional credit card fraud and have your finger on the pulse of the latest forms of online payment and e-commerce frauds, so they don’t catch you off guard:

P2P payment applications such as PayPal—PayPal customers can easily be targets of phishing campaigns. Fraudsters send notifications to customers to deposit funds or pay an outstanding balance via a link which is malicious.

Phishing campaigns—The COVID-19 theme to this year’s phishing campaigns was no surprise. These fraudulent emails create a sense of urgency and lure victims into providing personal and payment details. Victims may not even be aware they’ve been robbed until after the holidays. In many cases, fraud actors are hard at work during the hustle and bustle of the holiday season and don’t use stolen credentials until after the season.

Fake retailer websites—Sophisticated fraud threat groups can create web pages that look identical to yours. These fake websites can lure your customers in and offer items at discounted prices. Once the customer enters their payment details, they will be collected by the fraudsters and used at a later date for unauthorized purchases. The customer, on the other hand, will not receive any merchandise and the dispute will come directly to you. Google Alerts can help you detect any websites that mention your brand name online. This will help you discover any websites that have been created to spoof yours, with the purpose of stealing login credentials and payment information.

Identity theft—Targeting personal information such as name, address, credit card or account information allows fraud actors to conduct identity theft. After obtaining these details (likely through malware or phishing campaigns), unauthorized parties can order items online and even obtain credit or lending products.

Gift card fraud—Gift cards are desired by fraud actors due to their untraceable nature. Often, scams involve the victim purchasing large dollar-value cards and providing their serial numbers for the fraud actors to use or resell.

Business-focused fraud tactics

Of course, cyber criminals don’t only target customers. Many of their schemes seek to defraud businesses themselves. Here are some business-focused tactics they may use through the holiday season:

Breach of payment processor—Many small- and medium-sized businesses use third-party payment processors to collect payments. While this is convenient and cost-effective, if the third-party payment processor experiences an insider attack or data breach, your payment data may be at risk. This data could then be used by the thieves for fraudulent payments using your details and the details of all your clients.

Fraudulent purchases—Once payment details have been obtained, fraud actors or organized crime groups might use or sell these details on the deep dark web. These details will be used to purchase high-value items. When the victim notices the charge and submits a dispute, the merchant will suffer losses.

Fake charities and fake vendors or suppliers—In most cases, reputable businesses or suppliers will only ask for full payment once the services have been provided. Make sure you’re working with well known suppliers and ask for samples before you make full payment. For charities, ensure that they are found on the list of registered Canadian charities before you donate. This can be found through the Canada Revenue Agency.

How can you protect your business?

Apart from stocking up the hottest items of the season, is your online business thoroughly prepared for the holidays? Preparation should include a review of your current fraud prevention strategies. Here are a few strategies you can easily use to protect your business and personal information from fraud during this season.

1. Create and document a holiday fraud process. Create a clear plan and be sure to communicate it to the business. Processes include things like roles and responsibilities of individual team members, when to approve or decline an order, and how to spot suspicious transactions. If a team member has a question related to suspicious activity and what steps to take next, they should be able to refer to this document to find the answers.
2. Prepare to dispute chargebacks. With increased levels of transactions at this time of the year, there is bound to be a higher level of disputes coming your way. Ensure that you are prepared to fight these disputes by keeping a proper record of all transactions. If your business runs primarily online, you may want to consider services like Verified by Visa or Mastercard Identity Check. These services add an additional layer of security to transactions of higher value. Another way to prevent false disputes is to ensure that you have an accurate merchant descriptor on credit card statements, and a way for customers to get a hold of you if they do not recognize the transaction.
3. Limit the higher return volumes. Many businesses communicate a cutoff time frame for returns. Consider implementing the same for higher value items, in addition to restocking fees. These two factors combined can be a great formula to discourage fraudsters for using your online shop for fraudulent purchases.
4. Educate. Do your due diligence and stay on top of the top holiday scams expected in 2020. Use and share resources like the Canadian Bankers Association so that your team is ready to spot the red flags. In the same light, encourage your customers to set strong passwords and report any suspicious activity as soon as possible.
5. Continue monitoring. Many fraud actors will collect your data during the holidays, but won’t use or reuse these details until after the season has settled. Ensure that your fraud detection team is on alert even after the holiday season is over to pick up on any suspicious behaviour.

In general, your businesses should already have a fraud prevention process in place. This year, try to add an emphasis on common holiday fraud schemes. Equip your team with fraud knowledge and key tactics for identifying suspicious activity and pay close attention to unusual behaviour and high dollar value purchases.

It takes awareness, commitment and a team effort to defend your business from malware and cyber criminals. With the right education, awareness and documented protocols for addressing an attack, you can operate with confidence, and focus on your business.

For more information about protecting your business from fraud, visit the Canadian Anti-Fraud Centre, or contact our Business Solutions support team at ATBBusiness@atb.com or 1-877-363-4855. We’re here to help Alberta businesses thrive, wherever they operate.