Opinions expressed by Entrepreneur contributors are their own.
Key Takeaways
- Although you’re under pressure to boost conversions during peak season, you must resist the temptation to lower security standards.
- Thoroughly vet third-party suppliers, as these relationships introduce potential security risks.
- As the year winds down, brand impersonation ramps up. You must monitor and protect your online brand name usage.
- Prepare for AI-enhanced social engineering, and be sure to regularly back up your key files.
The last quarter of every year is the peak season for ecommerce retailers and cybercriminals alike. Recent analysis found that 4.6% of attempted ecommerce transactions globally were suspected to be digital fraud during the 2024 Black Friday period. In the UK alone, consumers lost over £11.5 million to fraud last holiday season. During the brief window from November 2023 to January 2024, a staggering 16,000 reports were filed, alerting authorities to instances of online shopping fraud.
Meanwhile, as many as 75% of merchants surveyed in a 2024 study reported feeling overwhelmed by the scale of policy abuse, and 84% agreed that it is becoming harder to detect fraudulent activity.
Thus, here are five tips and considerations on how to protect yourself, your brand and your customers during peak ecommerce season.
Related: The 7 Types of Ecommerce Fraud Schemes You Should Know About
1. Resist the temptation to lower security standards
When peak season rolls around, retailers are under pressure to boost conversions and hit end-of-year goals. In attempting to do so, however, many are tempted to cut corners on security: The number of authentication steps is reduced, the checkout process is simplified, and every transaction, no matter how questionable, is approved.
This is a very unwise strategy. Any gains made in December with this approach will be lost during a deluge of chargebacks in January. One analysis shows that 64% of U.S. consumers were “moderately,” “very” or “extremely” concerned about digital fraud during the holiday shopping season.
In other words, consumers value a rigorous approach to security. Thus, merchants who resist the temptation to chase short-term gains and continue to prioritize security may be more competitive, not less, especially in the longer term.
2. Thoroughly vet third-party suppliers
Every third-party relationship — be it with a payment processor, software provider or logistics partner — introduces potential security risks. The seriousness of this is underlined by a 2024 Global Ransomware Survey, which found that over 60% of the businesses questioned experienced a ransomware attack originating from a supply chain partner.
Clearly, surface-level vetting is not sufficient. To mitigate the risk from third-party suppliers, retailers should:
Verify that all certification dates remain current
When in doubt, inspect credentials directly with issuing organizations
Compare security standards against industry benchmarks
Request comprehensive documentation of data handling procedures, incident response protocols and breach notification processes
The sophistication of modern supply chain attacks can only be countered by equally sophisticated vetting.
Related: 7 Ways Ecommerce Businesses Can Prevent Holiday Fraud
3. Monitor and protect your online brand name usage
As the year winds down, brand impersonation ramps up. In August-October of 2024, digital security experts recorded a 110% increase in domains hosting fake stores. Another study found 198,000+ spam messages containing the term “Black Friday” in the first two weeks of November alone. In all of these messages, the cybercriminals pretended to be a bank, a payment system or an e-shop.
The first defense for merchants is to deploy automated tools to track unauthorized use of trademarks, logos and product descriptions across websites, social media and marketplaces. Setting up Google Alerts for brand mentions might be a good, readily accessible starting point. Comprehensive monitoring, especially as the business is growing, will require more advanced services or solutions.
Registering common domain variations is the main way to prevent domain squatting. Of course, catching and preventing all domain fraud opportunities in advance is unlikely. Thus, it is crucial to establish rapid takedown procedures.
4. Prepare for AI-enhanced social engineering
AI advances, especially with LLMs, have made sophisticated fraud techniques accessible to everyone. This includes targeting bargain hunters with authentic-looking storefronts and duping shoppers with convincing phishing emails in perfect English. Lately, fraudsters have even become proficient in generating realistic customer service scripts and increasingly convincing urgency narratives.
To head off the seasonal scam wave, start preparing early. The most important activity is to train employees so they understand how AI helps fraudsters make successful impersonation attempts, create realistic fake documentation and generate plausible pretexts for information requests.
Finally, merchants should ensure they have a clear escalation path that employees can actually use upon detecting suspicious communications.
Related: Here’s How Your Business Can Stop Fraud in Its Tracks
5. Back up key files
About 59% of all cyberattacks faced by organizations are ransomware attacks, in which companies are locked out of their most important files or forced to pay hefty ransoms just to keep their businesses running. During peak ecommerce season, the pressure to pay is, of course, higher, which can lead to rash decisions or higher payouts. The solution is to regularly make backups.
Simple data replication is a good starting point, but it has its limits. When possible, it is better to follow the so-called 3-2-1 rule: Maintain at least three copies of critical data, store two copies at separate locations and keep one copy offline.
For extra peace of mind, retailers can also set up a schedule for testing restoration procedures and store all copies using the “write once, read many” (WORM) format. This makes it impossible for anyone to modify, encrypt or delete these copies for a specific period, while enabling businesses to restore their data even if their primary systems have been compromised.
Robust security during the holiday shopping season is not a needless expense or a barrier to sales, but an enabler of sustainable growth. While some short-term sales opportunities may indeed be missed, it is important to remember that these opportunities could well cost far more in the long run. Following the advice outlined in this article can help merchants make the most of this year’s holiday season without the dark cloud of online fraud hanging over them.
Key Takeaways
- Although you’re under pressure to boost conversions during peak season, you must resist the temptation to lower security standards.
- Thoroughly vet third-party suppliers, as these relationships introduce potential security risks.
- As the year winds down, brand impersonation ramps up. You must monitor and protect your online brand name usage.
- Prepare for AI-enhanced social engineering, and be sure to regularly back up your key files.
The last quarter of every year is the peak season for ecommerce retailers and cybercriminals alike. Recent analysis found that 4.6% of attempted ecommerce transactions globally were suspected to be digital fraud during the 2024 Black Friday period. In the UK alone, consumers lost over £11.5 million to fraud last holiday season. During the brief window from November 2023 to January 2024, a staggering 16,000 reports were filed, alerting authorities to instances of online shopping fraud.
Meanwhile, as many as 75% of merchants surveyed in a 2024 study reported feeling overwhelmed by the scale of policy abuse, and 84% agreed that it is becoming harder to detect fraudulent activity.
The rest of this article is locked.
Join Entrepreneur+ today for access.