SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Black Friday fraud: Who foots the bill?
Fri, 29th Nov 2019
FYI, this story is more than a year old

Banks will have to foot the bill when it comes to the majority of fraud committed during Black Friday and Cyber Monday weekend, according to Sarah Whipp, head of go to market strategy at Callsign.

"With the Black Friday/Cyber Monday weekend upon us and with it myriad warnings to consumers to be vigilant of potential fraud attempts are broadcast, less thought is given to the security of the retailers who are actually selling the discounted products," Whipp says.

"Yet last year, according to industry specialist GBG, over 18,000 fraud attempts were made against each UK retailer on average during the period between Black Friday and the January sales."

Whipp argues that during busy periods such as Black Friday and Cyber Monday, businesses are under pressure to balance the fraud with customer experience, but they must be careful not to let the latter slip.

"At the same time, banks have to foot the bill when it comes to a majority of this type of fraud, so they have a vested interest to not let their retail customers to get complacent when it comes to security," she says.

“Given the incredibly high volume of transactions over the coming weekend, and indeed the whole festive period, often merchants will accept that fraud will be higher than usual. However, they are often willing to take the hit because it will be worth it for the extra business as long as there is no long lasting reputational damage," explains Whipp.

"Indeed, the financial costs of fraud are now borne by banks as well as merchants and Black Friday fraud is a growing challenge for financial institutions," she says. 

Whipp says this is set to change next year.

"With Secure Customer Authentication (SCA) coming in for merchants in 2021 they may be well advised to make hay now with a lower security bar. In the future they will need to make sure they have trusted merchant status and that they manage their pricing to take into account of SCA exemptions to have a premium user experience," she says.

"Next year, merchants need to partner closely with issuers (banks) to manage this situation."

According to Whipp, 3D Secure could throw another spanner in the works for banks whose customers are online retailers that use it to avoid chargebacks.

"It can massively complicate treatment strategy as the payments are verified by the likes of Visa, Mastercard Secure Pay and Amex Safekey, therefore the liability is mainly with the card issuers and banks," she says.

“To deal with the issue, merchants should use agile IT systems to their advantage. For example, if a retailer's system has the functionality to modify fraud appetite policy dynamically (including adding in extra fraud checks), then they may want to lower the bar initially to gain the maximum number of sales," Whipp explains.

"Then, if they were to spot a high degree of fraud attempts they could ramp up prevention measures on the fly. Of course, the impact on the customer and the risk of possible reputational damage needs to be kept at front of mind at all times.