Cybercrooks Aim At Gift Cards, Online Purchases During Holidays, Expert Warns


PaymentsSource, November 30, 2011

Black Friday and Cyber Monday were robust for retailers, which could translate into a profitable start to the holidays for cyber criminals as well, a data security expert suggests.

Merchants contend with an increase in "friendly fraud" and cyber attacks on gift cards and loyalty programs during the holidays, Jeff Liesendahl, CEO of Accertify Inc, a Chicago-based fraud-prevention and risk-management provider, tells PaymentsSource.

Friendly fraud, which typically involves dishonest charge-backs, increasingly occurs with purchases of physical or digital products during the holidays, Liesendahl says.

It happens when a fraudster purchases a product online and has it delivered to a residence. The crook then claims he did not receive it, leaving the merchant to deal with charge-back costs, Liesendahl explains.

A false claim that the consumer did not receive a digital product, such as virtual coupons or gift cards, is more difficult for merchants to track because no shipping information is available to check, he adds.

Loyalty card programs become prime targets during the holidays as fraudsters seek access to rewards points to obtain merchandise, Liesendahl notes. "Criminals hack into third-party accounts to redeem and spend members' points, many times with the victim not even knowing," Liesendahl says.

Virtual gift cards are not immune from attack, he adds. "Fraudsters use stolen credit card numbers to purchase online gift cards, which often goes unnoticed because the entire transaction takes place online," Liesendahl says.

Industry reports fluctuate annually, but U.S. merchants are losing hundreds of millions of dollars each holiday season to unauthorized transactions and fees associated with charge-backs, Liesendahl notes.

The increase in transactions during the holidays should spawn an increase in fraud protection, he contends.

"It is vital that merchants have a comprehensive solution in place to identify, track and flag fraudulent behavior automatically as well as the ability to process more transactions," Liesendahl says.

Accertify, a wholly owned subsidiary of American Express Co., provides fraud-protection that merchants can update for increased fraud screening as transaction flow increases, he adds.

"Fraudsters ramp up their efforts during the holiday season because they know that many existing internal fraud-prevention efforts, which can be manual, cannot handle the surge in volume of sales," Liesendahl contends.

The holidays represent the worst time of year for merchants to ease up on fraud-prevention rules or company policies, he says.

"They might loosen their policies and ship merchandise to names and addresses that don't match those of credit cardholders, opening the door to more fraud," he suggests.

Julie Conroy McNelley, senior analyst and fraud expert with Boston-based Aite Group, agrees merchants must increase fraud-prevention diligence during the holidays, but she suggests consumers stick to the time-tested notion of "buyer beware."

"Malware phishing during the holidays also increases dramatically," McNelley says. Fraudsters develop malware, or malicious software, to infiltrate computer systems and obtain consumer information, most often credit card or other private data.

Consumers focusing on holiday deals often do not take the time to carefully assess an email offer to ensure it is authentic, she adds.

"Someone pretending to be Amazon could catch a consumer totally unaware," McNelley says.