As we begin a new year, it’s time to reflect on what changed in the last 12 months. What worked and what didn’t? Is your retail business keeping up with shifting consumer behaviors? My main observation is that social mobile shopping by millennials is by far the most important trend, presenting a fantastic opportunity that we fraudsters could massively capitalize on.
Allow me to explain …
This is the Place to Be
Over 46 percent of online shopping is now done using mobile devices (up from just 15 percent last year). This goes beyond browsing, and there are many shopping apps. Mobile payments and wallets got easier and more popular. Flexibility and personalization are key in winning over buyers.
Social is hot, too: 2.5 billion users in social networks! Many age groups, but the real and really different rulers of the social mobile kingdom are millennials. Ninety percent of millennials use social media, most with multiple apps. This is where they live. Nearly 50 percent of millennials’ purchasing decisions are influenced by reviews, feedbacks and comments. To maximize revenues and avoid friction, some social platforms are evolving influencing to reselling, offering a "Buy" button.
Fraud Nirvana
Concentrating lots of millennials and transactions makes the social mobile space an obvious venue for us, fraudsters. But two factors make it truly promising: users’ behaviors and platform capabilities.
People share a lot of info. Platforms make money from targeted ads, so they encourage people to share even more. By following and learning about users, you could easily “befriend” them, impersonate a social influencer, or pretend to be a reseller.
Millennials in particular are highly engaged, preferring convenience, always on, influenced by friends, conditioned to instant gratification, openly sharing information and spreading it virally, impulsive … when they go social shopping on mobile devices, there's just not enough cognitive capacity left to also be security minded and on alert. (Assuming they even cared or tried.)
At the same time, social and mobile platforms have some loopholes that just beg to be exploited. With limited screen and post sizes, shortened URLs are common — a great place to hide your phishing or drive-by site. Smartphones hold a gold mine of credentials, personal and payment information, contacts, locations and messages — which your stealthy app could access, helping you impersonate users. Furthermore, apps aren't just for smartphones. They're also available in social platforms, where scrutiny is minimal. Forty-three percent of fraud attacks on social involve malware. Last but not least, with encryption and privacy controls proliferating, you could hide in the social networks yourself, conducting business at ease.
Time is of the essence
All of that's great, and the technical adaptation required isn't overly hard. But we should not become complacent: the arms race with fraud detectors isn’t going away.
With platform vendors doing so much on big data analytics and artificial intelligence (AI), it’s almost a miracle they're not applying these yet to detect shopping fraud and impersonation. I guess optimizing targeted ads, maximizing revenues and showing they fight fake news is more interesting?
The upside is that provided we collect enough data, we could develop our own AI and automate social engineering to trick them!
Shortened URLs are fantastic, but I’m always nervous that social networks will wake up one day and start pre-scanning them to assess the real URLs. I still vividly remember the hit we took the day security vendors started scanning email messages for phishing links. This could happen again!
Social and mobile platforms have been offering two-factor authentication for a while. So far, the convenience goddess is on our side, and adoption has been slow. However, this tactical win might turn into a strategic problem for us if the vendors skipped two-factor authentication and just adopted behavioral biometrics in web and mobile to transparently detect suspicious activity.
These are just examples. My point is simple: there's technology out there that anti-fraud teams could use. Their main challenge is to get their business leader to agree to pay attention and prioritize applying those technologies to try and catch us.
So adopt now, and you can maximize profit before the business environment changes …
Israel Aloni is the vice president of products at empow cyber security, a security platform that breaks down security tools into particles, and then creates cross-product solutions specific to ongoing threats identified by the platform.
Related story: 5 New Year’s Resolutions for the Retail Industry