Veteran eCommerce shoppers may have noticed a gap in their typical summer spending this year when Amazon’s annual Prime Day was delayed from its typical July spot. No one could blame the retailer who had seen an increase in traffic and shipping delays on everything from toilet paper to roller skates due to the pandemic. But savvy patrons should fear not, as all current rumors point to Amazon’s flagship savings event taking place later this fall in October.
Similar to Singapore’s Super Shopping Day, Amazon Prime Day is a global shopping holiday exclusive to Prime members featuring deep discounts on thousands of products across all categories on the Amazon platform. What makes this year’s Prime Day unique, is it likely to be combined with Amazon’s Black Friday sales. Black Friday (Friday after Thanksgiving in the US) was traditionally the largest shopping day of the year for brick and mortar stores, with online retailers co-opting ‘Cyber Monday’ to piggyback on the trend. In 2020, Amazon will be essentially combining its two largest annual sales into one two-month bonanza.
What are the security ramifications of such an undertaking?
eCommerce sales have generally been up during the pandemic. Shoppers see online shopping as a safe alternative to leaving the house. We have already seen fraudsters catch onto this increase in traffic as it is easier for them to hide their activities among an increase in activity. Combining Prime Day and Black Friday will lead to millions of transactions on not just Amazon’s platform but also sites across the entire eCommerce vertical. Here are a few types of fraud product managers will be on the look-out for as we move toward holiday shopping season.
We know fraudsters often try to hack an algorithm with fake negative or positive reviews. The easiest way to do this is through mass-created/bot accounts. A few positive reviews on a fraudster’s own product or a few fake negative reviews for a competitor can be the difference between an eCommerce platform’s algorithm placing an item on page one or page two. With millions of transactions projected to take place during the Prime Day and Black Friday holidays, that small discrepancy could lead to a massive windfall for a fraudster or unfairly tank the competition.
How do platforms fight back against fake accounts and click farms? By stopping the accounts from ever entering their eco-system. Simple verification solutions such as 2FA can stop duplicate accounts (registering multiple accounts with the same phone number) from registering to online platforms. Digital Identity products such as TeleSign’s Score or Phone ID can return the quality of a phone number. (Is the phone number a burner, a VOIP number, sourced from a SIM farm?) With this information, platforms can keep bad users away and maintain a fair algorithm.
Account takeover is always a chief concern for platforms, but even more so during a period of increased use. An increase in activity is directly correlated to an increase in fraud. So what are some measures that security experts would recommend to quell those fears?
First of all, two-factor authentication. 2FA has been proven to stop 100% of bot attacks and 96% of bulk phishing attacks. This means that even if a user unwittingly shares their credentials with a fraudster, that fraudster would not be able to gain unauthorized account access (and buy three new flat screens!) Taking things a step further, platforms like TeleSign offer SIM Swap protection, so even if a fraudster were to be able to gain access to a user’s mobile device, the platform would recognize that phone number as recently ported and be able to flag the transaction for manual review.
At the end of the day, eCommerce platforms always want to be paid for the goods they provide. Friendly fraud or ‘chargeback fraud’ occurs when a person purchases goods from an online retailer without ever intending to pay for it. Maybe the fraudster purchases a high ticket item such as a new laptop and then calls their bank saying they never received it. A key way to fight off this fraud would be for eCommerce platforms to look at the quality of phone numbers that they are allowing to register on their platform. A VOIP number purchased for pennies on the internet is much more likely to participate in the aforementioned scheme. TeleSign can help platforms block those numbers at registration.
Shipping fraud is akin to a soft account takeover. A fraudster will steal a user’s credentials, log-in to the account and re-route the shipping of the physical items to a different address. They prey on shopping holidays such as Prime Day or Black Friday, thinking users will be purchasing so many items, they won’t notice if one or two packages were redirected. The way to prevent shipping fraud is the same as preventing account takeover. Always enable 2FA, and provide extra layers of digital identity.
The news isn’t all bad for eCommerce platforms. TeleSign’s digital identity and verification APIs will be doing lots of work in the background to decrease friction and churn, helping companies like Amazon increase conversions and profits. More purchases, less fraud. Everybody wins.
TeleSign has been connecting and protecting online experiences for over 15 years. We support the largest web properties in the world and we’re prepared to help you. Contact TeleSign now and for all of your security needs. As the pioneers of phone-based security, we are a one-stop-shop for all of your digital identity and programmable communications needs.