Yet last year, according to industry specialist GBG, over 18,000 fraud attempts were made against each UK retailer on average during the period between Black Friday and the January sales.

Sarah Whipp Head of Go to Market Strategy at Callsign argues that during busy periods such as Black Friday and Cyber Monday, businesses are under pressure to balance the fraud with customer experience, but they must be careful not to let the latter slip.

At the same time, banks have to foot the bill when it comes to a majority of this type of fraud, so they have a vested interest to not let their retail customers to get complacent when it comes to security.

Given the incredibly high volume of transactions over the coming weekend, and indeed the whole festive period, often merchants will accept that fraud will be higher than usual. However, they are often willing to take the hit because it will be worth it for the extra business as long as there is no long-lasting reputational damage. Indeed, the financial costs of fraud are now borne by banks as well as merchants and Black Friday fraud is a growing challenge for financial institutions.

This is set to change next year. With Secure Customer Authentication (SCA) coming in for merchants in 2021 they may be well advised to make hay now with a lower security bar. In the future they will need to make sure they have trusted merchant status and that they manage their pricing to take into account of SCA exemptions to have a premium user experience. Next year, merchants need to partner closely with issuers (banks) to manage this situation.

3D Secure could throw another spanner in the works for banks whose customers are online retailers that use it to avoid chargebacks. It can massively complicate treatment strategy as the payments are verified by the likes of Visa, Mastercard Secure Pay and Amex Safekey, therefore the liability is mainly with the card issuers and banks.

To deal with the issue, merchants should use agile IT systems to their advantage. For example, if a retailer’s system has the functionality to modify fraud appetite policy dynamically (including adding in extra fraud checks), then they may want to lower the bar initially to gain the maximum number of sales. Then, if they were to spot a high degree of fraud attempts they could ramp up prevention measures on the fly. Of course, the impact on the customer and the risk of possible reputational damage needs to be kept at front of mind at all times.

In 2018, consumers spent a record-breaking $6.22 billion while shopping on Black Friday. Similarly, Cyber Monday sales alone set a record $7.8 billion on spending. Consumer spending on holiday retail is expected to increase 4.5% to 5% this year, rising to more than $1 trillion.

Just as frequently as sales pop up around the holidays, so do global fraud attempts. With increased exposure to spam and hackers, businesses of all sizes should prepare to stay safe during the biggest shopping spree of the year. The importance of cybersecurity and protecting against malware, hackers and cyber-attacks is elevated for individuals and businesses alike during the holiday shopping season.

 The heightened risk can be attributed to increases in shopping and online traffic. This time of year, individuals receive an amplified number of emails related to shopping and online purchasing. Hackers, in turn, know individuals are more receptive to targeting than ever and will often attempt to make a person click a link for a fake deal or coupon.

Businesses are only as safe as their cybersecurity strategy is, and employees are subject to threats and can be prone to receiving illegitimate emails. Companies must properly arm their employees with the knowledge of potential risks, especially all the techniques hackers use around the holiday season. Whether it’s free offers, pop-ups or coupons, ensuring employees are aware of malicious tactics is the most important safety exercise.

Organisations should encourage employees to be cautious through company-wide emails, hosting training sessions and mentioning tips during staff meetings.

Hackers are continuously targeting businesses and trying to get employees to click on links or open attachments by creating fake addresses, names and attaching malicious documents. During November and December, employees may use their work emails and computer programs to do personal holiday shopping or gift-giving.

Hackers may also try to infiltrate a company’s website or intranet. This can happen at any time and may already be underway if the company’s website is not properly configured. While it may seem obvious, an important first step is instructing employees to use secure passwords and implement multi-factor authentication wherever possible. If insecure processes are used, hackers may be able to get malware onto machines and into the company infrastructure. Another primary business risk to be aware of is false wire transfers. With the heightened level of online transactions, it’s crucial to keenly monitor accounts payable.

The best strategy to avoid falling prone to a cyberattack is awareness among an organisation’s employees.

Cybersecurity awareness can be disseminated across a company in a number of ways. Organisations should encourage employees to be cautious through company-wide emails, hosting training sessions and mentioning tips during staff meetings. The more the message is in front of the employee, the more likely it is to be effective. Top preventative tips for employees include visiting known website addresses instead of following links from other platforms, being alert at all times and using multi-factor authentication.

Businesses can keep hackers out by encouraging employees not to click on questionable links, taking the time to pay attention to threats and having multi-factor authentication in place. Firewalls also serve as a crucial layer to cybersecurity. The more barriers a company can put up in front of hackers, the more difficult it will be to compromise a system.

The holidays are a heightened time of vulnerability for consumers and organisations alike.

Company leadership should also arm employees with reactive steps to take if they do fall victim. Employees should be aware that they need to immediately report the potential hack or questionable activity to the organisation’s IT team. The sooner the activity is reported, the better. Once reported, the IT team can investigate the matter and potentially prevent harm to the system before it occurs.

Every IT department should have an incident response plan in place in the event any data is compromised. If there is a breach, proper planning will outline the appropriate authorities to contact and resources available to help with recovery from the hack. If you don’t have an incident response plan in place, contact a financial services or cybersecurity firm with extensive experience. An external partner should be able to assist with the development of a cybersecurity plan and test the existing infrastructure for potential vulnerabilities.

Unfortunately, user error is often inevitable. For that reason, organisations should also have an effective monitoring system in place. This will provide proper controls to detect a hacker trying to get into the system. Software should include intrusion detection and prevention, properly configured firewall and advanced endpoint protection, all of which will prove vital in a time of cybersecurity need. These systems will alert the company if there are suspicious events or activities within the network.

Companies cannot rely on security software alone for monitoring. Organisations must ensure their computer systems are up-to-date and modernised through patches, which are provided by software companies when a vulnerability in the software is exposed. If software is outdated, it will provide an additional entryway for a hacker to access the network. Additional anti-virus and anti-malware programs can aid in picking up on any zero-day exploits or hacks to unpatched software.

The holidays are a heightened time of vulnerability for consumers and organisations alike. With that in mind, businesses must prioritise cybersecurity awareness and best practices. Employees must also play an active role in being mindful of their activities online—from clicking on links to opening attachments and inputting private information.

Organisations should implement cybersecurity practices year-round, with heightened awareness around the holidays. From monitoring to proper controls, each layer of security will provide additional barriers from outside threats. As holiday retail spending reaches more than $1 trillion this year, it’s high time organisations refresh and review cybersecurity training, software and crisis response plans.

It’s the end of another Black Friday weekend, the annual event that has transformed the retail calendar and kicks off the festive shopping season for eager shoppers the world over. Below Karen Wheeler, Country Manager and Vice-President, Affinion UK, tells Finance Monthly both traditional and challenger banks could be missing an opportunity and should take inspiration from what retailers are doing during Black Friday.

In the UK alone, £1.4bn was spent on online sales in the UK on Black Friday – an increase of 11.7% on last year, according to online retailers trade body IMRG.

Given the amount of hype and expectation, it’s not surprising to see that banks are slowly waking up to how they too can be inspired by the retail world, and capitalise on this golden window of opportunity. Starling Bank, for example, was offering customers the opportunity to earn 10 per cent cashback on their online shopping on Black Friday and Cyber Monday (up to a total of £25) if they invite one person to join the bank with a referral code.

A missed opportunity

But aside from Starling, there are few examples of other banks experimenting with Black Friday offers, incentives and deals, and I think this is a huge missed opportunity. At a key time for consumers looking for discounts and extra value, could they be doing more to find new ways to make their customers happy, and generate goodwill and loyalty that extends beyond the Christmas period?

Of course, the understandable challenge for banks is that there is less of a natural seasonal spike for them to build momentum towards. Whilst retailers can live or die depending on their performance during the critical Christmas season, banks need to offer a consistent and engaging customer experience all year round. So how can providers give their customers the ‘Black Friday feeling’ every day of the year?

1. Surprise and delight customers – What makes Black Friday a success is the sense of the anticipation and surprise that it brings. Starling’s offer is a good example of capturing the festive zeitgeist, but instead of being a one-off purchase, it’s the start of a relationship with a customer built around meeting an everyday need. For banks, the opportunity is therefore to find moments where they can offer practical, relevant solutions which help customers to manage their lives, delivered in a personalised way which makes them feel special.
2. Personalisation is crucial – With reams of data available, there is no excuse for banks to make generalisations or assumptions about their customers, particularly at a time when life milestones are more fluid than ever. Barclays is doing this right, with its Life Moments proposition that lays out key considerations for events such as going to university, buying a house or having a baby – without any reference to age groups or gender. More channels and touchpoints mean more opportunity to collate data on each customer and build a picture of their lives into a ‘segment of one’, meaning every interaction should be relevant, engaging and valued.
3. Think outside of the box – According to the British Banking Association, there were 19.6 million banking app users across the UK in 2016, with 159 logins occurring every second. This means banks have a huge opportunity to capitalise on this high frequency of interactions and ask themselves: how can we build on this, what more can we offer our customers? We know from our partnerships with some of the UK’s leading banks that in order to build long-term loyalty, it’s essential to provide solutions for other relevant parts of their lives to deepen the engagement.

It will be interesting to see if more banks trial Black Friday offers and promotions in the years to come. However, banks’ relationships with their customers aren’t only important during the last weekend in November.

This is why it’s crucial to find new ways to engage, surprise and delight customers throughout the year; both meeting and predicting their needs and becoming an increasingly important part of their lives to build long-term relationships and encourage loyalty.