How retailers can combat fraud during Black Friday and Cyber Monday

Fraud is a year-round problem for retail finance organisations. As a Senior Best Practice Manager for Cifas, I work closely with our retail members and see every week the fraudulent activity they have to deal with – activity that Cifas helps them combat.

As Black Friday and Cyber Monday approach, retail companies will see a step-up in fraudulent activity. Fraud goes up relative to the volume of applications for products – more applications means more fraud. So what can retailers do to prepare themselves for the higher risk of fraud during these peak shopping periods?

Looking out for identity fraud

Our retail members tell us that fraud MOs (modus operandi) don’t really change during Black Friday and Cyber Monday, which is great – the tools available to spot and prevent fraudulent activity are already in place. But there are things that retailers should look out for.

The main type of fraud that retail members file to our databases is identity fraud, which is often difficult to spot. The fraudster will have spent time obtaining personal details, whether through social engineering, phishing or buying the information online. Their application, for all intents and purposes, will look like it's genuine when the checks are carried out because there's a financial footprint for that individual at the property.

But retailers can deploy a range of fraud tools to spot this kind of activity. They might use email address validation or bank verification, which can flag suspicious activity. Then searching the Cifas databases can throw up more corroboration that an application might be of ‘high fraud risk’, as details from it might have been seen by another organisation, from the retail or another sector. All of these fraud tools help to increase the lines of defence a retail finance provider has against fraud.

Challenges during Black Friday and Cyber Monday

Retail members tell me there’s very little deviation in the types of fraud during Black Friday and Cyber Monday, but they do face more challenges around delivery and courier networks. These companies are under pressure at this time of year, and often employ temporary staff. Online orders will be targeted by fraudsters looking to exploit the pressure on the courier network – a courier driver with a large workload might be happy to offload a parcel to somebody purporting to be the genuine customer.

We hear stories from retail members describing fraudsters attending properties themselves. Say a fraudster has obtained my personal information using social engineering tactics and submits a finance application to a retail finance provider for an iPhone. I’m none the wiser that my details have been used, but a courier will knock on my door and deliver a parcel addressed to me. Two minutes later, I’ll get another knock on the door and be faced with somebody else dressed in a high visibility jacket saying they’re aware of an iPhone having been delivered in error or fraudulently. I hand the parcel over and they walk away with it.

This is what’s known in the retail sector as ‘high vis fraud’, and there’s even been cases of fraudsters threatening violence to get the victim to hand over the goods – they’re under a lot of pressure to get hold of the product and then turn it into cash.

In a way, the weakness lies in the fraudster exploiting the victim’s trust, because, through no fault of their own, they're completely unaware of that individual being a fraudster, who has used their identity to place the order. It's very difficult to prevent, so you've got to rely on all the fraud tools at the beginning of the process, and try and prevent the fraud happening in the first place.

Retail members also report instances of the delivery and courier drivers themselves being complicit in the fraudulent activity. As courier companies hire temporary staff during busy times, this brings an increased risk of a delivery being in the hands of a complicit driver if they are not properly vetted.

Preparing for fraud during Black Friday and Cyber Monday

The type of products that are typically targeted at this time of year tend to be those that a fraudster can quickly convert into cash: desirable items such as cameras, mobile phones, games consoles, tablets. Plus, anything which is really popular over the Christmas period. This year’s Christmas trend is likely to be bikes and quad bikes, according to one of our members.

I’ve spoken to a number of retail organisations to find out what makes them a bit more suspicious of an application, both during Black Friday and Cyber Monday, and the rest of the year. You should be wary of:

• Customers who don't appear to be overly concerned about the specifications or the cost of goods being purchased. Or they’re willing to pay extra for a quick delivery, regardless of the cost;
• Customers who ask lots of questions around the delivery process and the courier, or calls on the day of delivery, making last minute changes to the delivery address. This can also be done via applications these days which adds another layer of anonymity for the fraudster. Stop and think, work with your couriers, as it may be a fraudster trying to intercept the goods;
• Individuals in store who seem to be in a hurry to take the item away there and then;
• Customers who are happy to take an alternative item with little consideration: i.e. somebody applying for the iPhone, it’s out of stock, so they’ll take a Samsung. Usually, if you want an iPhone, you want an iPhone don’t you?
• Someone in store who is able to produce lots of documentation without being requested. I would find it suspicious if somebody walked in and said I want to apply for goods, here's my passport, here’s my driver's license, etc. A lot of people don’t consider the documentation needed;
• Long distance shoppers. I’m from the Midlands, therefore I would normally shop in my local area, but if I’m shopping in Milton Keynes for retail credit, it should seem unusual to the retailer. Generally when people apply for credit it’s normally local to their home address.

One of our members advised that retailers should resource for the increase in volume during this period. Fraudsters know that teams are going to be under pressure and, potentially, fraud rules could be relaxed in order to cope with the strain of genuine customers coming through. They know that mistakes can be made and will see if they can exploit them.

Another member warned that retailers need to be prepared for Internet-enabled crimes, such as a DoS (denial-of-service) attack on their systems. There is an increased risk of this during a busy period like Black Friday and Cyber Monday as fraudsters know there's a chance you will pay a ransom to stop your business being stalled. You’ll be focused on driving sales and preventing fraud, but are you thinking about the internal risk of a colleague opening a ransomware email? The key thing is to assume that you will receive such an attack and be prepared for that.

Educating your staff is one key way to prepare – they are the frontline of your defence, so make sure they are aware of the threats your organisation faces from both cyber-enabled criminal activity and from fraudsters trying to exploit the busy period, such as calling in to the contact centre to make last minute changes to orders.

Another challenge retail finance providers face is that sometimes they don’t have control over what courier is used. Some of our members operate retail finance for a number of different retailers and those retailers choose the courier. This means retail finance providers have less control over the delivery journey, as each courier may operate in a slightly different way, leading to fraud exposure and ultimately goods being delivered to a fraudulent address. 

I would encourage all finance providers to work with their retailers and in turn, work with their couriers to ensure any fraud exposure is reduced. Where courier drivers are found to be complicit, ensure the police are engaged – one or our members confirms this approach does act as a deterrent, as the fraudsters know you aren’t an easy target should they be caught.

Making your customers more aware

One final bit of advice would be to try and ensure your customers know what to expect from you and how you do things. One of our members carries out awareness campaigns with their customers, and we would encourage all retailers to have clear messaging about what they will and will not do. You see a similar sort of thing in the banking industry where they tell customers they won’t ask for your card details over the phone. The more educated customers are, the less likely they are to fall victim to fraudulent activity.