Keep this Black Friday fraud free

For businesses across the UK, the run up to Christmas marks a shopping extravaganza. Once an American celebration, Black Friday has travelled across the Atlantic Ocean and become one of the largest shopping events in the UK calendar.

Although, shoppers will be purchasing gifts for their loved ones a little differently this year. With ongoing lockdown restrictions preventing customers from shopping in store, retailers are gearing up for a digital Black Friday.

According to McAfee, nearly a third of consumers plan to spend more time online over the festive season as a result of Covid-19 restrictions.

Retailers must prepare for an influx of orders, by ensuring each part of the shopping experience is not only a seamless customer experience, but a safe one too.

Figures from Action Fraud show that fraudsters conned 17,407 shoppers out of nearly £13.5 million over the Christmas period last year, an increase over 20% when compared to the same period in 2018.

From protecting customer data to ensuring rigorous fraud detection and prevention measures are in place, preparation is key in ensuring businesses are protected across the festive season.

Black Friday patterns

Identity fraud: This type of fraudulent conduct is becoming more prevalent given the increasingly sophisticated scams created by fraudsters. Phishing scams or website spoofing scams can be a data-rich goldmine for fraudsters. Between 2019 and 2020, Cifas members reported a 19% increase in identity fraud to the Cifas National Fraud Database.

Facility Takeover: Retailers report this conduct when an individual impersonates another and changes their personal details to access their financial information and mail. As reported in the Cifas National Fraud Database, between 2019 and 2020 there was a 20% increase in facility takeover, particularly on telecommunication products.

Internal fraud: As an increasing amount of employees work from home and given the financial difficulties that come with living in an economic downturn, it’s no surprise internal fraud is on the rise. Cifas’ Internal Fraud Database indicated a 115% increase in individuals obtaining and disclosing personal data, mainly to a third party.

Key threats raised by Cifas members

Insight from Cifas retail members indicated that electrical items are particularly vulnerable to fraudulent orders. This includes Apple products, digital downloads, computers and gaming products.

While another retail member stated that the usual fraudulent orders have not been much different to other years. Retail items that may be prone to fraudulent orders include: iPhones, AirPods, Apple watches, Fitbits, Samsung TV’s, branded sportswear, Ugg boots, Amazon Echo Dots, GHDS, Vax Hoovers, and the latest gaming consoles which include the PlayStation 5 and the Xbox Series X.

Protecting customer contact centres

As a business, protecting your customer contact centres is crucial. While stores are currently shut due to the pandemic restrictions, contact centres will have to bear the brunt in the meantime.

Without a doubt, criminals will exploit the difficulty call centres may have in terms of verifying an individual they think they are speaking to. Last year, 87% of identity fraud incidents reported to Cifas were online. This suggests businesses may need to analyse their boarding processes and how they interact with customers throughout their lifecycle. Perhaps the usual knowledge-based authentication is no longer effective, or criminals may use synthetic identities to try and get past verification.

On average, criminals will attempt to social engineer customer contact agents five times before taking over an account. They may adopt clever techniques to convince agents of their authenticity, such as claiming to be a vulnerable customer who may have difficulty recalling their account information.

It is important for call centres to carry out as many verification methods as possible, while also sharing any key methods that are being used to try and engineer them of information, across the business and partners.

Preventing internal fraud before it happens

How much do businesses know about their employees, contractors, suppliers and couriers? Businesses need to consider using services such as the Cifas Internal Fraud Database Enhanced to check employees and potential employees against both the Internal Fraud Database (IFD) and National Fraud Database (NFD), rather than just relying on reference checks. However, this shouldn’t just be at the application stage, it needs to be done throughout an employee’s lifecycle.

Robust polices must be in place around the use of personal devices, particularly in relation to accessing sensitive data. A survey by DSA Connect, an IT asset disposal company showed that around 14% of employees over the past five years have been able to access data at work they were not authorised to see.

While attitudes around work issued devices have been raised during the pandemic, where despite employer’s fears, 82% of employers said that they allow employees to use personal devices to access work emails. It is essential for businesses to ensure they know who has access to sensitive data, and that they have a legitimate reason to access it.

By establishing an anti-fraud culture and carrying out regular checks on staff, retailers are demonstrating that they are protecting their business and consumers.

Website spoofing

Over the past year, fake websites have been a real issue. A number of well-known brands have had their websites spoofed to lure customers, who end up revealing personal and financial information to criminals. Although businesses may not suffer the financial loss directly, it can harm their reputation.

It is always worth proactively scanning to see if your brand is being abused and ensuring that there are ways in which customers can report it.

Protective services for businesses

Any business that is tempted to upscale their technological framework to meet demand must ensure they are up to date with the latest cyber threats. Not only must they ensure they can detect them, they also need to know to respond if they have been attacked.

The British Retail Consortium recently released their Cyber Resilience Toolkit for Retail, which contains some great suggestions on developing cyber security strategies.

Making full use of services that offer API services is also absolutely critical. From screening phone numbers and devices at the onset, to looking at any changes made to accounts during the customer journey. This will help your business cope with volume without detriment to robust checks.

Joining an intelligence community

Retailers may have all the tools and software in the world, but knowledge is also vital. Understanding where fraud threads come from can help businesses enhance their fraud prevention tools and their staffs’ ability to deal with the threat.

Being part of a fraud community such as Cifas gives you the intelligence to raise awareness fast, and know what methods criminals are using.

The Cifas National Fraud Database can help you stay safe against potential threats to your business. It holds a record of first and a third party fraud risk data such as identity fraud and misuse of facility. While the Internal Fraud Enhanced Database is the only database in the UK that records instances of fraudulent conduct by job applicants and employees in the workforce.

Cifas members can screen their candidates and employees against over 750,000 instances of confirmed fraud risk covering both employee and consumer data to ensure that their employees integrity is not in question.

Stop the Fraud Bonanza

Cifas have this week released a video ‘Stop the fraud Bonanza’ with Cifas’ Amber Burridge, Head of Fraud Intelligence, and Sandra Peaston, Director of Research and Development, advising retailers on how they can protect themselves and their customers during the busiest shopping weekend of the year. The video can be viewed below.

Join the UK’s fraud prevention community and share data, intelligence and learning to fight fraud and protect your organisation. View our website to explore our membership options or get in touch with our team for a friendly, no-obligation chat