Black Friday Brings Major Increase In Fraud

Retailers are gearing up for the year’s busiest shopping weekend, which runs from Black Friday to Cyber Monday, but another group is also gearing up.


Security experts are warning that retailers should brace for impact because the best estimates are that there could be as many as fifty million fraud-based attacks between those spectacularly busy shopping days.

The estimate is higher than it’s ever been, and is driven in large part by the sheer number of high profile data breeches that have occurred over the last twelve months.

Account data for hundreds of millions of users flooded the Dark Web on the heels of those attacks. The scammers happily stocked up on them and are more than ready for the holiday season.

According to details provided by ThreatMetrix, the attack will shake out something like this:

• In advance of Black Friday, the scammers will use bots to test the stolen credentials they’ve purchased, tossing the ones that no longer work, and keeping the ones that are still active.

• Once they’ve culled their lists, they’ll spend a bit of time conducting a few million test attacks.

• After they successfully test their software with the valid IDs, they’ll launch large-scale fraud attacks with new user account registrations and attempted fraudulent payments.

According to security researcher Vanita Pandey:

“Many e-commerce merchants choose to accept a greater degree of risk on these key days in order to accept more transactions and reduce the chance that good customers experience friction when placing orders….fraudsters see peak shopping days as the opportunity to make larger purchases/attempt to redeem bigger basket sizes, which are less likely to be flagged as suspicious in among the sea of other high value purchases being made by good customers.”

The long and the short of it is that if you expect to see a spike in sales during the Black Friday – Cyber Monday shopping weekend, brace for a big spike in fraud attempts, too.

Latest Store With Payment Breach Is Forever 21

Unfortunately, another high-profile data breach has surfaced. The latest company to fall victim is US-based fashion retailer Forever 21, operating more than 800 stores in 57 countries.

The company became aware of the breach when they were notified of “unauthorized access to data from payment cards that were used at certain Forever 21 store locations.”

The investigation into the incident is ongoing, and we don’t have full details yet, but here’s what we know so far:

• Although the company had attempted to bolster security by implementing a token and encryption-based system that was designed to protect transaction data on the company’s point-of-sale system, an implementation issue at some store locations left POS equipment vulnerable, and these were the devices the hackers gained access to.

• Anyone who shopped at a Forever 21 location between March and October 2017 may have been impacted.

At this point, three significant pieces of information are missing. We do not yet know exactly which stores were impacted, nor how many of Forever 21’s customers may have seen their credit card information exposed, or what level of access the hackers may have had to the transaction data. We also don’t yet know if the group responsible got any personally identifiable information from the affected terminals.

The company’s official announcement regarding the breach included the following statement:

“Forever 21 immediately began an investigation of its payment card systems and engaged a leading security and forensics firm to assist. We regret that this incident occurred and apologize for any inconvenience. We will continue to work to address this matter.”

If you’ve shopped at any Forever 21 location during the timeframe mentioned above, be aware that your payment data may have been compromised. For now, the best thing you can do is monitor your credit card statements closely for any unusual activity and report it immediately if you find it.