Black Friday is a relatively new idea to the UK. Over the last few years this great American discount day has taken the retail market by storm and has become an event to mark on everyone’s calendar. A chance to get some low-priced Christmas shopping or an excuse to buy an even bigger TV? For some the draw to Black Friday isn’t the cheap prices, but the haven of malicious online possibilities. This year, due to COVID-19, the entire UK will be shopping on Black Friday entirely online, creating the perfect storm for fraudsters to attack retailers and their customers in multiple ways.
It is not just the security threats which are elevated, but the reliance retailers will have on their e-commerce platforms will be at an all-time high. In a bid to hit high revenues in an otherwise financially turbulent year businesses are hoping to entice large numbers of customers, but the technology they are relying on to support the expected boom must also be up to scratch. We spoke to the C8 team who all work with multiple technological and security clients to see what they have learnt in the build-up to Black Friday.
Paula Elliott, Managing Director
I spoke to Asanka Abeysinghe, Chief Technology Evangelist at WS02, he explained how we will have more shoppers than ever purchasing online, especially in the wake of temporary store closures, lockdown restrictions, and general consumer fear driven by the latest COVID-19 surge.
Therefore, retailers need to be prepared for what will surely be an unprecedented rate of online shopping and the huge spikes in demand on computing resources that will accompany it. The bottom line is that retailers can’t afford any downtime. If the system is too slow, customers will pivot away to a competitor website.
What some people might not know is that every time there is an online purchase, one or more APIs make calls to different applications and resources to ensure the transaction happens. What this means is that some of the largest online retailers—who on average make 5-7 billion API calls per day—will see that double to anywhere between 10-14 billion on Black Friday and Cyber Monday. So how do they handle these spikes?
Retailers may have a core API management system, but they need to scale to handle the volume. Notably, they may only require one API developer portal, but any components in the API management platform that manage transactions will be required to scale. For example, 10, 20 or even 30-plus API gateways may be needed to manage the quantity of API calls.
Therefore, the big question is: do retailers have the API management set up in place to handle these unprecedented spikes? If they don’t have this capacity to scale, they should seriously consider deploying them as quickly as possible. And as we move into 2021, more shoppers will stay digital. So, it is imperative for retailers to have an API architecture in place that supports what will be a permanent shift toward more online purchases in the coming year and beyond.
Michael Bartley, Deputy Managing Director
2020 certainly has thrown all semblance of normality out of the window and we have all had to make wholesale changes to the way in which we live our personal and professional lives. These changes will extend themselves somewhat to the retail extravaganza that is the Black Friday/Cyber Monday weekend, however, there are some things that will remain the same.
The main change will be that we won’t have endless news streams of lines of retailers queuing patiently outside of shops up and down the nation’s highstreets. No more comical videos of patrons scrambling to get hold of reduced televisions and other such items. However, what will remain consistent is the more sinister side of the event. Adversaries will be trying their very best to take advantage of consumers desires to get a great deal with a concerted campaign of phishing scam emails. What’s worrying is that over the years what was once a weekend of deals has extended to what many now describe as ‘Black November’ with a plethora of retailers extending their offers throughout the whole month. This in turn gives the adversary an extended amount of time in which to potentially scam honest consumers. My advice is to keep your eyes peeled for scam offer emails from nefarious actors and take that extra second to make sure all is as it should be before clicking on what look like links to great offers.
Jim Pople, PR Director
Speaking with a number of C8’s clients throughout this year, it’s clear that retailers have adapted at pace to the challenges that COVID-19 has presented. However, the speed of which they had to transform and accelerate digital transformation plans from early-Spring onwards may have seen cybersecurity take a back seat, as retailers prioritise a superior customer experience – and increasing revenues!
With eCommerce taking an increasingly central role worldwide throughout 2020, due to regional and national COVID-19 lockdowns keeping shoppers out of stores, it’s easy to think that the impact of the Black Friday and Cyber Monday weekend has been diminished. I was certainly one of those who thought that the surge in eCommerce transactions would be spread out over a longer period of time. However, this is certainly not the approach for hackers. According to Imperva’s State of Security Within e-Commerce report, retailers experienced twice as many account takeovers (ATO) as any other industry, with 62% of login pages hit.
Furthermore, over three quarters of retailers suffered credential stuffing, where previously breached credentials are used in attacks across other sites. This is an indication of attackers biding their time ahead of the coming weekend, using the influx of online shoppers to source consumers’ personally identifiable information, which can be used in enacting follow-up attacks. This is a worrying statistic, and a potential indicator of how hackers are hitting retailers – and consumers – where it hurts, on a weekend where retailers need it most.
Kiri O’Leary, Senior Account Executive
There’s no denying the festive period is typically a rewarding period for cyber criminals, with online scams rampant and banking fraud skyrocketing. Yet, with online consumer activity at an all-time high in the past few weeks due to non-essential retail closures, fraudsters are more of a threat to shoppers than ever before. During the (now extended) Black Friday and Cyber Monday period, and throughout the holiday season, online shoppers and retailers alike must prepare for an impending wave of fraud attacks and abuse. Research from Action Fraud shows that criminals conned 17,405 shoppers out of almost £13.5 million over the Christmas period in 2019, an increase of over 20% on the previous year. To help prevent shoppers from falling victim to online fraud, Action Fraud’s recently launched FraudFreeXmas campaign hopes to raise awareness about the increasing number of scams on the internet and offers helpful advice. Similarly, the UK’s National Cyber Security Centre (NCSC) has issued new guidance for online shoppers, advising online users how to be extra-cautious when browsing Black Friday deals.
However, preventing cybercrime over the peak shopping period is not solely the customer’s responsibility. Now is the time for online retailers to focus their resources on protecting consumers by ramping up their security efforts and investing in cutting-edge systems and expertise. Forter’s Ninth Fraud Attack Index has shown that online criminals have been accruing customer data and ageing accounts over the past few months, ready to launch account takeover attacks and abuse over the peak shopping period. To accommodate the rapid shift of consumers to online, many retailers have had to make the transition to online quickly, and as a result, security can often be overlooked. If customers have a bad experience over the peak shopping period, this puts their trust at risk, and ultimately damages brand reputation and revenue.
Ellen Oliver, Senior Account Executive
Due to COVID-19, many physical stores have shut down leaving retailers no choice but to take Black Friday online. However, due to retailers’ businesses turning to online trading and the increase in traffic to their websites, it is predicted that there will be a significant rise in cyber-attacks, data leaks and theft.
Some retailers may have already been exploited without knowing. Ransomware is often left untriggered until a specific time. For Black Friday, hackers may wait until the last possible moment in order to double the impact of the attack. By doing this a retailer’s entire operation can been shut down on the most profitable day of the year, all while being held to ransom.
As part of the preparation for one of the busiest trading days of the year, retailers should ensure they have the right security measures in place to minimise the risk of suffering an attack. Retailers must also ensure that their online presence, website/ portal has been suitably secured to prevent customers details being viewed, intercepted, or changed by a hacker. Furthermore, retailers should also ensure cyber resilience by placing technology solutions that are able to successfully provide recovery following an attack and help them return to normal as quickly and efficiently as possible.
Jessica Kelliher, PR Executive
As with all things 2020, this Black Friday is going to have to be different, the UK will still be in the second national lockdown, so there will not be any queues outside the shops at 6am, only keen bargain hunters waking up at 6am and logging onto their laptops. Due to all of the Black Friday and Cyber Monday sales having to take place online, in preparation for this “93% of retailers have taken deliberate steps to bolster their online offering”. For retailers to keep up with such a huge estimated demand on their website servers, businesses cannot simply rely on what they currently have.
This is why high availability load balancing and application delivery controllers (ADC) are key for this period. As explained by A10 Networks “Load balancing, whether provided through a standalone device or as a feature of an ADC, facilitates this process by performing health checks on servers, detecting potential failures, and redirecting traffic as needed to ensure uninterrupted service”. For businesses to successfully tackle Black Friday and achieve similar revenues to previous years when stores were open, businesses need to invest in these additional efforts to make sure things run smoothly and customers remain satisfied with their online retail experience.
Ameesha Patel, PR Executive
As we see the second lockdown ease just after Black Friday and Cyber Monday, despite the doom and gloom many retailers have shown remarkable resilience and turned to technology to help them during the biggest digital shopping event of the year.
The digitisation of shopping is allowing retailers to explore numerous other ways in which technology can help – such as Zalando’s virtual dressing room and body scan capability, Asda’s virtual queuing system to assist social distancing measures, the use of augmented reality to step foot into a store virtually, look at prices and purchase items to even the use of voice picking in warehouses to make the process of fulfilling orders much simpler – this ability to change and adopt an innovative approach has enabled retailers to continue to attract customers and remain operational.
This also goes to show the speed of innovation across the board has been hugely accelerated by the pandemic. So, as we head into what is traditionally the busiest time of the year for the retail sector, now is the perfect time to focus on the potential for retail technology. What other technologies are expected to have the biggest impact? How can businesses continue to harness tech to thrive in preparation for the busiest time of year in the retail sector post lockdown?