Merchants were largely taken aback by the volume of consumers flocking to online channels during the early months of the pandemic.
Consumers turned to their mobile phones or social media apps to make unexpected amounts of purchases with their preferred eCommerce retailers. The anticipated value of social commerce alone is expected hit $89.4 billion by year end, according to PYMNTS research.
Even consumers belonging to older generations have started to make more of their purchases via digital channels. The same report found that 40.3 percent of baby boomers and seniors have turned to eCommerce over shopping in stores.
This migration to eCommerce over brick-and-mortar shopping has not gone unnoticed by fraudsters, who quickly moved to take advantage of this shift. These bad actors are employing a combination of old and new tricks, with trusty standbys like phishing attacks gaining popularity during the pandemic. One study found that the number of active phishing sites in the U.S. climbed to more than 500,000 by mid-March, up from 149,000 reported in January.
Other scams are targeting consumers’ payment information, including their debit card data. Card network Visa and other entities warned eCommerce players about emerging skimming attacks that can swipe consumers’ debit or credit information for fraud or identity theft. Attacks on contactless payments and digital wallets were connected more often than not to debit cards at the point of sale (POS), and such schemes are rising in frequency as touchless payments gain ubiquity for in-store purchases during the pandemic.
Merchants have always been required to protect consumers’ payment data, but the pandemic has placed new emphasis on doing so for those that want to keep their platforms secure and customers loyal. The following Deep Dive analyzes why eCommerce retailers need to improve defenses for debit payments in particular and details how changing commerce trends driven by the global health crisis have affected that need.
Fraudsters’ Climb to Reach Debit’s Peak
Debit cards remain a popular choice among consumers and are gaining more ground as a preferred form of payment as the pandemic continues. One study found that the value of debit transactions rose 18 percent year over year between June 29 and July 5. More consumers are also pairing their debit cards with mobile wallets or other contactless methods, with touchless payment adoption increasing by 69 percent since January. Card-not-present (CNP) debit transactions overall were already seeing growth prior to the pandemic, expanding 21.3 percent year over year in 2019.
This continued dominance — even as the pandemic changes where and how consumers shop — has placed debit cards’ data under siege by opportunistic fraudsters. Merchants are aware of this development. A June survey found that 57 percent of Australian retailers cited cyberattacks as the current biggest threat to their digital stores. The same survey found that one out of every four retailers had lost some “critical business data” at this time, and 60 percent noted they had no backup strategies for that information.
Fraudsters are employing a variety of techniques to steal data. Skimming payment details has been a popular fraud tactic for some time as it tends to be low risk and high reward. One attack on any individual site where a large number of credit or debit transactions are made can net hundreds, if not thousands, of card details. One retailer claimed that a 2019 eSkimming attack compromised 780 customers’ details, for example. Attempted skimming, malware attacks and phishing schemes have ramped up in recent months, with another report claiming that cybercriminals attacked 25 percent of all eCommerce transactions during the first half of this year.
The fact that more debit-related transactions leads to more debit-related fraud gives rise to security difficulties for merchants, especially because these entities need to simultaneously protect both the POS systems at their brick-and-mortar locations and their online or mobile websites. Doing so effectively may mean omnichannel merchants will need to rethink their debit-related cybersecurity strategies.
Finding the Seamless Security Middle Ground
Keeping up with new security needs without alienating customers who expect speedy payments is challenging for retailers. Some merchants choose to forgo certain security measures to keep their payments frictionless, especially those focusing on competing in a crowded digital space.
Merchants that integrate support for contactless payments can save time and money if they do not require consumers to enter their PINs. Doing so could collectively save merchants approximately $2 billion but would also remove one of debit’s traditional security layers, leaving it more susceptible to fraud attempts that usually target other less secure payment types.
Finding the balance in the new omnichannel normal may mean that retailers will need to rethink the ways they handle their security and data storage. Integrating new technologies, such as biometric authentication or the cloud, may put an extra barrier in front of fraudsters looking to skim payment details from their platforms. Other forms of verification that allow consumers to complete their transactions easily, such as those examining consumers’ keystrokes on their mobile phones, could also keep cybercriminals at bay.
It is clear that retailers must keep a careful eye on their current security measures, however, especially when it comes to how they secure payment information. Failing to do so could have dire consequences that could outlast the pandemic.