While consumers hunt for deals during today's Cyber Monday online shopping frenzy, fraudsters are doing the same — using the credentials they've hoarded from any number of data breaches the past year.
Even so, the U.S. may not suffer major e-commerce fraud numbers this year, partly because merchants and consumers alike have a far better awareness of the threat of cyber attacks and have some tools to fight back, said Philip Andreae, vice president of field marketing and payment in North America for Oberthur Technologies.
"We may actually get lucky, but we have to be ready to accept that the criminal is going to try to take advantage," Andreae said.
Oberthur promotes its Motion Code technology that provides a dynamic security code where cardholders typically see a printed CVC2 or CVV2 code, but more widespread issuing of Oberthur's high-tech cards may be months away.
The changing code makes it safer for card-not-present transactions, since they would invalidate the static security codes stolen in breaches. Oberthur integrated with NagraID in late 2014 to develop the card security technology.
In addition, merchants have a stronger version of the card networks' 3D Secure technology available to them than they had in years past.
"Tokenization is also advancing as a merchant-centric solution, as well as advanced device fingerprinting," Andreae said.
The advancement of mobile devices for e-commerce purchases also makes the biometrics element a practical form of security, through the work of the Faster Identification Online [FIDO] Alliance and the TouchID fingerprint authenticator used in Apple Pay, Andreae added.
For its part, the Federal Bureau of Investigation continues to send out its cyber awareness tips at this time of year, stressing that consumers should at the very least protect their online shopping, banking and various accounts with strong two-factor authentication.
The new factor for the U.S. this year is that payments and security industry players have long expected that e-commerce fraud would surge when EMV chip technology takes hold at the point of sale. The same shift in fraud occurred in other countries that adopted EMV security.
However, Cyber Monday comes too soon after the Oct. 1 liability shift to consider EMV to be the catalyst for any spike in digital fraud.
"I think this year’s Cyber Monday will be quite painful, but I don’t think you can lay the blame entirely at the door of EMV, since less than 20% of U.S. transactions are chip-on-chip at this point," said Julie Conroy, research director and fraud expert with Boston-based Aite Group.
The vast number of data breaches over the past couple of years is more to blame, Conroy said.
"There’s so much data on cards, credentials, and identities in the ecosystem that as I talk to banks and merchants alike, everyone is reporting an uptick in card-not-present fraud," she added.
Still, the U.S. has the advantage that other countries may not have had in knowing that the fraud shift would occur, Andreae said.
"We are going to tighten down the rules, as merchants may reject good consumers in order to not accept the bad players," Andreae added. "Yes, we are going to see an increase in e-commerce fraud, but the enhancement of technology and guiding rules is coming as well."
The payments and retail industries unfortunately have an array of cyber threats lurking.
"There can be cyber attacks that are an element of cyber terrorism as the criminals look for money to fund terrorist activities," Andreae said. In addition, there are "cyber hobbyists" trying to become better at stealing data than anyone else, and cyber criminals who simply want to steal data and money to get rich, he added.
That explains why those protecting data can never let their guard down — and also why so many forms of fraud are on the rise.
Account takeover, stolen card fraud and friendly fraud all seem to be on the rise, Aite's Conroy said.
"Combine that with the fact that many merchants lower their risk tolerances this time of year to let more orders through, and I think that unfortunately Cyber Monday, and the ensuing shopping season, will be particularly profitable for fraudsters," Conroy added.