Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

5 Ways to Keep Fraudsters at Bay Over the Holidays

Organizations want to focus on customer satisfaction and increased revenues during the holiday shopping season. Here are some smart security and fraud protections to keep in mind.

Joshua Goldfarb, Field CISO

December 6, 2021

4 Min Read
Laptop with holiday evergreen decorations and a mouse in a small shopping cart.
Source: Studio Casper via iStock

As we near the end of the calendar year, many of us may be looking forward to some time off with friends and family and a fresh start in the new year. In the retail, e-commerce, and financial sectors, however, the end of the year brings the holiday shopping season. This is the busiest and most critical time of the year for those types of businesses.

Simply put, there is a lot of money at stake during this peak shopping season. Not surprisingly, attackers and fraudsters are keenly aware of this. They hone their skills and target their efforts to maximize their financial gain by maximizing customer losses.

In light of this, here are five ways that smarter security and fraud protections can help enterprises increase revenues and reduce losses during the holiday shopping season:

1. Focus on risk: Boiled to their essence, fraud and security are essentially risk management exercises. Maintaining this focus on risk is incredibly important for an enterprise as it wages war with the attackers and fraudsters. There are lots of potential distractions out there that can pull a security or fraud team off-topic. For example, an enterprise can very quickly get pulled into chasing around banking Trojans rather than focusing on whether an account takeover (ATO) has occurred. Know what will impact risk and how to mitigate those threats. Stay away from distractions that don’t impact risk yet pull away valuable resources.

2. Reduce friction: Sometimes enterprises get so focused on fraud losses that they forget all about another important risk: top-line revenue loss. This type of loss occurs when customers encounter significant friction during the buying process. If this friction reaches high enough levels, the customer may abandon the purchase entirely. This happens, on average, with about 10% of online purchases across the industry, representing a significant amount of revenue left on the table. Focusing on how to reduce friction during the customer journey can significantly mitigate the risk of losing top-line revenue and should be taken just as seriously as fraud losses.

3. Improve customer experience: I have never been a fan of draconian security and fraud measures. For example, blocking by IP address, constantly challenging for reauthentication regardless of whether the user and device are known good, and/or denying access if malware is found on the customer device. These measures don’t actually mitigate much risk. Sure, they can provide interesting data points as part of a bigger picture risk-decision process. In and of themselves, however, they are not reliable enough to base a risk decision on. Instead, they frustrate legitimate users and cause customers to abandon purchases. New technologies that allow for a secure, smooth customer experience are available. The idea that mitigating fraud risk needs to make the customer experience more difficult simply isn’t true anymore.

4. Focus on behavior: As customers move throughout our online applications, we ought to be aware of their behavior. Just as data points about the environment and device are valuable components of an overall risk decision, so are data points about a customer’s behavior within a session. Certain behaviors are typically seen from attackers and fraudsters. To not include those data points is to miss incredibly valuable input and context.

5. Focus on transactions: At the end of the day, no matter what an attacker or a fraudster does within a given session, chances are that we will not see a significant monetary loss until they complete one or more transactions. As security and fraud professionals, we should absolutely take advantage of the contextual data points around the environment, device, and customer behavior with the session. The earlier on in the customer journey that we can pick up on potential fraud activity, the better. Beyond that, though, we should pay special attention to transactions - those points within the customer journey where attackers and fraudsters are aiming their efforts. These are the most important points to focus on to mitigate fraud and risk.

When gearing up for the end-of-the-year shopping season, it is important to remember risk. Risk includes losses due to a number of different causes, among them revenue lost due to a poor customer experience and losses incurred due to fraud. Approaching the challenges of this season with an eye toward both increasing revenue and preventing loss can help enterprises successfully emerge once the new year begins.

About the Author

Joshua Goldfarb

Field CISO, F5

Josh Goldfarb is currently Field CISO at F5. Previously, Josh served as VP and CTO of Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team, where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh's blogging and public speaking appearances, he is also a regular contributor to Dark Reading and SecurityWeek.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights