Black Friday is upon us and with it a new season of bargain hunting. UK retailers are expecting to pull in as much as £5.6 billion on Black Friday and Cyber Monday purchases alone this year, but this isn’t just peak season for retailers. The popularity of the event combined with the rise of one-touch mobile transactions is also giving cybercriminals and identity thieves a perfect opportunity to take advantage of eager shoppers.
Gone are the in-store queues and fumbling around with cash at the till. Demand for convenience has shifted the entire shopping experience online and onto mobile. These days more than three quarters of retail transactions are done online and payments are made with a simple tap of a button. But while retailers and consumers alike have embraced mobile shopping it has also exposed them to a dramatic growth of internet fraud.
According to a recent report by Cybersecurity firm Check Point, Black Friday 2018 saw a significant rise in phishing emails, where the sender pretends to be someone else in order to obtain sensitive data such as login details to bank accounts, compared to the previous year. When the firm’s 2019 report was prepared in mid-November this year, two weeks before Black Friday, the researchers witnessed that the use of retail phishing URLs was up by 233% and is still expected to increase much further over the coming days.
What does this mean for consumers? Primarily, to be careful and apply common sense. Many phishing emails are amateurish and can easily be spotted, and if a high-end electronic device is advertised at 80% below its original price, this should automatically set off alarm bells.
But consumers are not in this fight alone. The future Government is likely to lend a hand in protecting consumers. In their General Election manifesto, the Labour party said they would overhaul cybersecurity and create a “modern, technologically advanced police service that has the capacity and skills to combat online crime, supported by a new national strategy on cybercrime and fraud.” In a similar vein, the Tory manifesto states that the party will “legislate to make the UK the safest place in the world to be online”, and that it will empower the police to “safely use new technologies like biometrics and artificial intelligence” to fight cybercrime.
Already we are seeing new requirements for securing and reducing fraud in online payments being phased in, known as Strong Customer Authentication (SCA). SCA is a key element of the EU’s new Payment Services Directive (PSD2) and became legally binding in September 2019. It is expected to be fully enforced by the end of 2020.
SCA introduces additional security authentications for online and mobile transactions over €30 and it means consumers will need to double authenticate to checkout. This will come in the form of something that the consumer knows (a pin or password), something they have (a smartphone) or something they are (fingerprint or facial recognition). As e-commerce continues to grow, initiatives like SCA are pragmatic and important steps in combating fraud and should be welcomed. We need e-commerce to simply work and its needs to be secure as well as convenient, but the onus is on retailers to understand SCA and make sure that it doesn’t disrupt the seamless shopping experience we’ve come to expect. Ultimately only time will tell if SCA turns out to be an asset or an obstacle and Black Friday serves as its first litmus test.