Saturday, May 17, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Threats & Breaches 

Home » Cybersecurity » Threats & Breaches » How to prepare for fraud this holiday season

SBN

How to prepare for fraud this holiday season

by Brittany Allen on November 15, 2022

The holiday shopping season begins earlier every year, and many retailers are already facing tough headwinds as 2022 comes to an end. More consumers are tightening their purse strings this year in response to rising inflation and market instability, which could dampen holiday profits and increase the impact of seasonal fraud. 

The NPD found that 29% of consumers cite finances and the economy as reasons for spending less during the upcoming holidays. And more shoppers are starting early to scope out the best deals, with 39% of consumers kicking off their holiday shopping before October. Because of this increased economic tension among shoppers, consumers will likely be more choosy about where they spend their money, opting for merchants with the most competitive prices. 

The holidays are a crucial time for retail, with November and December contributing to nearly a quarter of the annual sales of department stores and specialty retailers. And for fraudsters, this means more opportunities to hide behind increased transaction volumes. Since consumer spending may cool down this year, preventing fraud and enabling a smooth customer experience will be critical in order to get the most out of the holiday bump. Merchants can set themselves up for success this season by staying on top of emerging fraud trends and optimizing their fraud prevention strategy. 

Techstrong Gang Youtube
AWS Hub

Top fraud trends to watch out for ahead of the holidays

Unlike last year, merchants are no longer held back by supply chain issues, but may face a surplus of supply instead, posing new challenges to profitability. To secure revenue and stand out from competitors, many businesses are starting holiday deals even earlier than Black Friday and Cyber Monday to entice shoppers.

Despite weaker spending projections, merchants will still deal with higher order volumes than normal, and may have fewer employees on staff—especially if their organization recently experienced layoffs or a hiring freeze. Because shopping can be concentrated on individual days and narrow shopping hours, fraudsters know it’s easier for them to skate by undetected. Below are some of the top fraud trends to watch out for leading up to the holidays below.

Reseller abuse

It’s a common tactic among fraudsters to target limited stock, easily resold, and in-demand items during the holidays in the hopes of turning a profit on marketplaces such as eBay. Fraudsters will be scouting out items they know they can flip for more money, such as PS5s in previous years, or the latest iPhone. These cybercriminals may run scripts and purchase large quantities of these items with the intent of reselling them for triple the price. This creates a negative brand experience for trusted consumers, who are likely to be turned off from a site where they know they have no chance of buying the item they want. 

Gift card fraud

Gift cards are already a prime target for social engineering scams, and the holidays are the busiest season for these prepaid cards. The FTC found that gift cards are the #1 payment method of choice for scammers, resulting in a reported $148 million stolen from consumers. Gift card scams are popular among fraudsters because they lack proper security features, and many consumers don’t spend the funds right away—extending the window for potential fraudulent activity. With more businesses offering gift cards as purchase rewards and as reimbursement for returned items, tracking fraudulent funds becomes even more complex. 

Account takeovers

Many businesses are reporting upticks in account takeover (ATO) attacks as fraud tactics become more sophisticated. Fraudsters can now easily turn to nefarious marketplaces like Genesis to purchase stolen account details at astonishing scale, or get similar information from more accessible fraud marketplaces in the Telegram messaging app. Recently, Sift found an alarming 131% rise in ATO attacks in the first half of 2022, a trend that will only accelerate during the holidays. ATO fraud can lead to damaging consequences, including stolen funds, shrinking customer lifetime value, inflated acquisition costs, and ultimately, lower profits. Dealing with an account breach can have a serious impact on brand abandonment—43% of consumers said they would stop using a site or app if their associated accounts were compromised by ATO.

First-party fraud

First-party fraud—in which the purchaser files a dispute due to fraud for a transaction that wasn’t actually fraudulent—rises both in times of economic uncertainty and during the holidays. More consumers may plan on filing disputes on legitimate purchases after the holidays to free up finances if they feel they’ve overspent. And because the card-not-present dispute process favors the consumer over the merchant, this can result in a significant loss for many merchants, costing the businesses the price of the product, chargeback fees, and operational costs.

Tips for preparing for the holiday spending rush

During the holiday shopping season, it’s important to bolster defenses against fraud while also reducing friction for trusted customers. To do so, merchants must have a plan in place for risk thresholds and how to respond in the event of a large-scale fraud attack. Each business should evaluate their security weaknesses and have a clear plan of action to protect customers and prevent losses. See below for tips and tools to more accurately and efficiently fight fraud during the holidays. 

Focus on customer service

In order to attract more customers, many merchants are providing incentives to shop with them, including extended deal windows and longer return windows. This not only gives customers more flexibility and sets the business apart from the competition, but can also help prevent chargebacks. Although returns can result in a loss for the merchant, disputes can be even more costly—piling chargeback fees on top of the cost of the product. 

Automate risk management

For businesses with smaller fraud teams, fighting fraud during this busy shopping period can be overwhelming, and many businesses bring in extra temporary help. Even large teams can find themselves buried in manual review during the holidays. By setting up automation thresholds for blocking and accepting orders, risk teams can better enable smoother transactions for trusted users and take the precautions necessary for anything that looks out of place. For suspicious orders, they can automatically be sent to Review Queues in Sift for manual review. 

Harness the power of workflows

The holiday season predictably drives increases in revenue each year, and the frenzy of online traffic and spending provides cover for fraudsters. Many merchants adapt risk thresholds to ride out the increase in transaction volumes and incentivize spending, but this consequently makes it easier for fraudsters to infiltrate accounts and siphon funds. Businesses should make calculated adjustments to thresholds, depending on their tolerance for risk and review. Using Sift Workflows, analyst teams can block unwanted risk and improve the acceptance rate for legitimate users.

Ensure trustworthy logins

Maintaining trust with customers can be as difficult as building trust. Businesses can build better customer relationships with automatic security notifications within Sift. Risk teams can verify credentials and protect users from ATO without blocking trustworthy logins by configuring and triggering security notifications directly from the Sift Console. This is designed to ensure user trust by notifying them of any suspicious login activity, and proving that your business is committed to keeping their account safe. 

Prepare for chargeback season

Because it’s common to see disputes roll in 2–3 months after an initial transaction, it’s wise to prepare for the January–March chargeback season following the holiday spending rush in advance. Merchants can set themselves up for less first-party fraud in the new year by having clear cancellation and return policies in place for the holidays. It will also be a great time to prepare for the Visa CE3.0 compelling evidence revamp coming in April 2023, which will help merchants better defend against first-party misuse. 

Explore Sift’s Trust & Safety University for more fraud tips. 

The post How to prepare for fraud this holiday season appeared first on Sift Blog.

*** This is a Security Bloggers Network syndicated blog from Sift Blog authored by Brittany Allen. Read the original post at: https://blog.sift.com/how-to-prepare-for-fraud-this-holiday-season/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-prepare-for-fraud-this-holiday-season

November 15, 2022November 15, 2022 Brittany Allen account takeover, Data & Insights, Digital Trust & Safety, First-party fraud, Fraud, gift card fraud, Holiday Fraud, Holiday Shopping, online fraud, Product, return fraud
  • ← This was 3rd Quarter 2022 — A Cybersecurity Look Back
  • Stories from the Field: The Scare Factor Continues to Grow for Super Malicious Insiders →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Software Supply Chain Security: Navigating NIST, CRA, and FDA Regulations
Is DevEx the Same as DevSecOps?

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

GenAI’s New Attack Surface: Why MCP Agents Demand a Rethink in Cybersecurity Strategy
Encrypt AI, Protect Your IP: DataKrypto Tackles the LLM Security Crisis While Redefining What Encryption Should Be
Firewall Rule Bloat: The Problem and How AI can Solve it
Security Gamechangers: CrowdStrike’s AI-Native SOC & Next Gen SIEM Take Center Stage at RSAC 2025
Cybersecurity’s Early Warning System: How Live Network Traffic Analysis Detects The ‘Shock Wave’ Before the Breach ‘Tsunami’ 
News Alert: INE Security outlines top 5 training priorities emerging from RSAC 2025
0-Click NTLM Auth Bypass Exposes Legacy Microsoft Systems
Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)
The Security Gap JPMorgan Chase’s CISO Didn’t Mention — And Why It’s in Your Browser
India-Pakistan Conflicts Escalating: Military Operations and DDoS Attacks Making Targeted Strikes

Industry Spotlight

Coinbase Says Breach May Cost $400 Million, Issues $20 Million Bounty
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threats & Breaches 

Coinbase Says Breach May Cost $400 Million, Issues $20 Million Bounty

May 16, 2025 Jeffrey Burt | Yesterday 0
Warning to US Retail: ‘Scattered Spider’ Targets YOU (with DragonForce Ransomware)
Analytics & Intelligence Cloud Security Cybersecurity Data Privacy Data Security DevOps Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Warning to US Retail: ‘Scattered Spider’ Targets YOU (with DragonForce Ransomware)

May 15, 2025 Richi Jennings | 1 day ago 0
As US CVE Database Fumbles, EU ‘Replacement’ Goes Live
Application Security Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security DevOps Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Industry Spotlight IoT & ICS Security Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threats & Breaches Vulnerabilities 

As US CVE Database Fumbles, EU ‘Replacement’ Goes Live

May 14, 2025 Richi Jennings | 2 days ago 0

Top Stories

Linux Foundation Shares Framework for Building Effective Cybersecurity Teams
Cybersecurity Featured News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

Linux Foundation Shares Framework for Building Effective Cybersecurity Teams

May 16, 2025 Michael Vizard | Yesterday 0
DHS Cancels $2.4 Billion Leidos Contract, Cites Changes at CISA
Cyberlaw Cybersecurity Featured Governance, Risk & Compliance Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

DHS Cancels $2.4 Billion Leidos Contract, Cites Changes at CISA

May 15, 2025 Jeffrey Burt | 1 day ago 0
Apple Device Users Can File Claims in $95 Million Siri Spying Settlement
Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security Featured Governance, Risk & Compliance Mobile Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

Apple Device Users Can File Claims in $95 Million Siri Spying Settlement

May 13, 2025 Jeffrey Burt | 3 days ago 0

Security Humor

A spider from above

Warning to US Retail: ‘Scattered Spider’ Targets YOU (with DragonForce Ransomware)

Download Free eBook

The State of Cloud Native Security 2020

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×

Security in AI

Step 1 of 7

14%
How would you best describe your organization's current stage of securing the use of generative AI in your applications?(Required)
Have you implemented, or are you planning to implement, zero trust security for the AI your organization uses or develops?(Required)
What are the three biggest challenges your organization faces when integrating generative AI into applications or workflows? (Select up to three)(Required)
How does your organization secure proprietary information used in AI training, tuning, or retrieval-augmented generation (RAG)? (Select all that apply)(Required)
Which of the following kinds of tools are you currently using to secure your organization’s use of generative AI? (select all that apply)(Required)
How valuable do you think it would it be to have a solution that classifies and quantifies risks associated with generative AI tools?(Required)
What are, or do you think would be, the most important reasons for implementing generative AI security measures? (Select up to three)(Required)

×