Yet another source is confirming that e- and m-commerce transactions during the holidays have showed strong growth. During the week including Thanksgiving, Black Friday and Cyber Monday, digital retail payment transaction volume grew 19 percent overall year-over-year and the share of those transactions that originated on a mobile device grew to 59 percent, according to the ThreatMetrix 2018 Holiday Fraud Insights Report.
Digital transactions continue to rise but, as fraud professionals have become painfully aware, the rush of Christmas orders beginning after Thanksgiving give bad actors plenty of cover to run various fraud schemes. This year, according to the ThreatMetrix report, the attacks merchants needed to be most aware of during the holiday shopping kickoff week were automated bot attacks. Fraudsters employ bots for many reasons, but credential stuffing attacks targeting online customer accounts with retailers are especially pernicious.
Bots enabled the credential stuffing attack that made recent headlines in which criminals illegally accessed loyalty accounts at national coffee and restaurant chain Dunkin' Donuts. Fraudsters used bots to try hundreds of thousands or even millions of login credentials stolen in unrelated data breaches, hoping that Dunkin' customers reused the username/password combo. Dunkin' notified customers recently that the fraudsters were successful in an undisclosed number of cases.
"There needs to be a merging of fraud and IT security because attacks on logins, or account takeovers, are the gateway to further fraud," said Rebekah Moody, market planning director at ThreatMetrix. "If you've managed to take over someone's account, think of the information you have access to. You have access to all their personal credentials and, in a number of instances, you have access to a saved card on file. That gives you access to make a further fraudulent credit card transaction. You can see the catalogue of fraud that can go on down the line."