This Shopping Season Will Be Crucial
2020 retail sales were down significantly because the pandemic forced many brick and mortar stores to find new ways of generating revenue. Cloud computing became strategic for survival as retailers transitioned to ecommerce business models. New players are joining established, mature and experienced ecommerce businesses. The competition for consumers will be fierce as survival will depend on online performance. This holiday season will be crucial for retailers and it will be spent mostly online.
In its recently published
Analytics Holiday Forecast report, Adobe forecasted this year's holiday spend to represent two years of growth in a single season.
"U.S. online holiday sales will total $189 billion, shattering all previous records with a 33% YoY increase. Online sales will surpass $2 billion every day between Nov 1-21 and increase to $3 billion a day Nov 22-Dec 3. Black Friday is projected to generate $10 billion in online sales, a 39% YoY increase, and Cyber Monday will remain the biggest online shopping day of the year with $12.7 billion, a 35% jump YoY."
Knowing and understanding the most important cyberthreats your ecommerce business will face is crucial this holiday season.
User Experience and Digital Trust
Availability and user experience are crucial to online success. When online shopping is sluggish, not accessible, or critical components such as checkout and payment processing fail repeatedly, shopping cart abandonment rates increase and visitors will bounce.
An online brand and reputation will be undermined if your website falls victim to fraudulent bots that take over customers' accounts and use their credit cards, gift cards or premium discounts. The very measures you implemented to generate customer loyalty and stickiness increase the risk from fraudsters.
If you have the misfortune to fall victim to a data breach and your customers' sensitive data leaks, digital trust and reputation can be damaged for years.
Account takeover (ATO) attacks are amongst the most harmful types of bot attacks in terms of financial and reputational damage for ecommerce business. They result is user accounts being compromised to execute theft of account balances, including money, store credits, gift cards and loyalty points. ATO attacks rely on lists of breached or stolen account credentials to take over user accounts on websites and applications.
The two main types of attacks employed in ATO are
credential stuffing (multiple log-in attempts to verify the validity of stolen username and password combinations) and
credential cracking (trying out different usernames and password combinations to identify valid login credentials).
During the shopping season, many ecommerce shops have special sales or deals reserved for premium customers. The holiday season is also the season of gifts, so not surprisingly many personal accounts will have new credit via recently redeemed gift cards. For this reason, Radware witnesses increased ATO activity in ecommerce customers during the holiday season.
Impacted by massive changes in consumer behavior that began due to the pandemic, the growth of digital gift cards is expected to accelerate this holiday season. Further impacting ecommerce are malicious actors that leverage breached accounts and bots for tokens or gift card cracking.
During an ATO attack, the objective of the attacker is testing credentials, either generated or based on a purchased list of recently leaked accounts, as fast and efficiently as possible. ATO campaigns typically concentrate around the login page and can easily reach levels of activity similar to DDoS attacks.