The retail industry can't be successful with a brick-and-mortar model only, and most of them embrace the omnichannel approach for driving the growth and revenue while improving customer engagement.
FREMONT, CA: As eCommerce continues to grow, merchants must focus on the practicalities of this evolving shopping model. Customers are comfortable with using merchant websites and mobile apps to browse, shop, and buy. This means minimal interruptions, no complications, and increased guaranteed security.
Payments security and chargeback fraud applications must not be overlooked in a rush to deliver on customer demands. With the continued claims by customers for a real omnichannel experience and the buy-anywhere experience, fraudsters are stealing in the shadows ready to seize on merchant and customer missteps.
Below given are some of the risky rising trends in the eCommerce industry every retailer must be aware in 2020.
Denial of Service
Even novice threat actors can launch DDoS (Distributed Denial of Service) attacks. The capabilities can be rented as a service from underground marketplaces. DDoS attacks have used in extortion campaigns, how a cyber attacker threatens to DDoS a site, and making it inaccessible unless money is paid to prevent or end the attack.
Web Application Attacks
For better customer engagement, web applications are essential and crucial but are often known to be the weakest entry point for the external attacks. Enterprises should increase spending on security scanning tools to help reinforce vulnerable attack points such as web applications.
Consumer data is precious and is hugely targeted by cybercriminals. Instead of smash and grab method, threat actors have found the process of data exfiltration to be effective, and stealing data over a long period without detection.
Phishing sites, spearfishing, and whale fishing are all social engineering tactics that threat actors are launching successfully. A recent spear-phishing campaign targeted retailers in the US using methods similar to that of Russian threat actor TA505. This attack was initiated by a phishing email using the logo of the target company to make the email appear legitimate.
See Also: Cyber Security Review Magazine