The Merchant Risk Council talks with the Identity Theft Resource Center in the newest Fraudian Slip podcast about holiday identity theft and what people can do to protect themselves

  • We are days away from what will be one of the most unusual holiday shopping seasons in our lifetimes, coming off of an unusual holiday season.
  • 2020 and 2021 have seen record levels of identity fraud, a lot of it related to shopping online. Most of the fraud and scams is due to cybercriminals using good, old-fashioned scams.
  • The Identity Theft Resource Center (ITRC) sat down with the Merchant Risk Council (MRC) to discuss holiday identity theft, triangulation fraud and steps to protect yourself while shopping during the holiday season.
  • You can learn more about holiday identity theft, retail fraud, what you can do to stay safe and other topics discussed in this podcast by visiting the ITRC’s website
  • If you think you are the victim of an identity crime, you can call the ITRC (888.400.5530) or live-chat on the company website to speak with an expert advisor.

Below is a transcript of our podcast with special guest Julie Fergerson, CEO of the Merchant Risk Council

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses. Listen on Apple, Google, Spotify, SoundCloud, Audible, Amazon now.   

We are days away from what will be one of the most unusual holiday shopping seasons in our lifetimes, coming off of an unusual holiday season. Or, if you have headed the warnings from retail experts, you already know we are in the midst of a second holiday season when supply and demand are not in sync. That means more people than ever are turning to online marketplaces to help Santa deliver the goods this year. However, it also means holiday identity theft.

2020 and 2021 have seen record levels of identity fraud, a lot of it related to shopping online. Before you throw your laptop or mobile phone out the window and vow to never shop the internet again, know that very little of that fraud is cybersecurity-related. Most of the fraud and scams are related to cybercriminals using good, old-fashioned scams (and maybe a few bad habits) to trick you into buying something that is too good to be true – because it isn’t.

Joining us to talk about how you can protect yourself and your holiday from holiday identity theft, and the haul from the Grinches that want to steal little Cindy Lou Who’s gifts and roast beast, is Julie Fergerson, the CEO of the Merchant Risk Council (MRC) and the ITRC’s own CEO Eva Velasquez.

We talked with Julie Fergerson about the following:

  • What’s the MRC?
  • Retailers that you do not recognize with deals that sound too good to be true; a quick Google search can show you complaints against a retailer or if they are fake.
  • Triangulation fraud (auction sites).
  • What to do if you don’t recognize a charge on your credit card statement.
  • Alternative payment methods, like buy now and pay later (BNPL) or peer-to-peer (P2P). Payments like those may not have the same consumer protections, which regulators are discussing now.
  • The importance that you trust your instincts to protect yourself from holiday identity theft.

We talked with Eva Velasquez about the following:

You can learn more about the identity scams that involve your identity, privacy or security, or get help if you have been the victim of holiday identity theft by visiting the ITRC’s website

Be sure to join us next week for our Weekly Breach Breakdown podcast. Next month we will look back to see how well we did with our 2021 predictions. We will also look ahead at what to expect in 2022 – on the December episode of The Fraudian Slip.

By Identity Theft Resource Center CEO, Eva Velasquez & Synchrony CISO, Gleb Reznik

The 2020 holiday season will certainly be one of the most unusual ones we have seen, thanks to the biggest holiday shopping trend – a dramatic shift in online transactions prompted by the COVID-19 pandemic. Online shopping involves non-cash transactions using digital payment methods. While the most obvious are debit and credit cards, there are also peer-to-peer payment apps, digital wallets and online versions of contactless payments like Apple Pay and Google Pay.

There is a truism in cybercrime as there is in bank robbery: thieves go where the money is. There are many opportunities for bad actors to take advantage of consumers and businesses during the shopping season. We expect the identity thieves will look to take advantage of the rise in online shopping.

Tune in to our latest podcast

Historic and Current Holiday Shopping Trends

Holiday shopping has always been a busy time for consumers. Last year, there was an estimated $1.1 trillion spent on the shopping frenzy.

According to the Better Business Bureau (BBB), approximately 65 percent of consumers shopped online during the holidays in 2019.

Online retailers have seen sales grow steadily over the years. According to the U.S. Department of Commerce, sales have risen between one to two percent each year.

Online Holiday Shopping Trends So Far in the 2020 Holiday Season

With all of that said, 2020 looks to be a watershed year. In just the first ten days of the holiday shopping season, U.S. consumers spent $21.7 billion online, a 21 percent year-over-year increase, according to Adobe Analytics.

There is no surprise in this online holiday shopping trend. The same Adobe Analytics report shows 63 percent of consumers are avoiding stores and buying more online, with health concerns due to the pandemic driving the decision for 81 percent of shoppers.

Advice for Consumers

  • Have strong password management – If someone has strong password management, an identity thief will not be able to access multiple accounts if they gain access to one account with stolen credentials from a scam or shoulder surfing. It is especially important to ignore “customer service representatives” who call about online orders or accounts. At the Identity Theft Resource Center (ITRC), we recommend using at least a twelve-digit passphrase because they are easier to remember and harder for an identity thief to crack.
  • Beware of phishing emails with emotional triggers – People should keep an eye out for shopping discounts sent to their phones claiming huge store discounts if they download an app and enter their credit card information. Another popular phishing email is package tracking scams that offer to track someone’s packages after making their purchase with a link to open or download. No one should ever click on a link, attachment or file from an unknown email because that is how scammers strike with malware, ransomware and steal people’s personal information.
  • Use credit cards and not debit cards – Credit cards provide more protection than debit cards. One of the biggest reasons is because debit cards are linked with bank accounts. If an identity thief compromises a debit card, the victim’s bank account can be immediately drained of all available funds. It may take time to restore the stolen funds, leaving the cardholder without access to the money.
  • Shop on secure websites – People need to do their homework before providing any of their payment information or other data. Consumers can check a business’s reputation at third party review organizations like the BBB and Yelp. Using search terms like “Scam” or “Complaints” along with the website or company name can give someone insight into the experience of other customers. 
  • Do not use public Wi-Fi – No one should ever use public Wi-Fi to check their bank account information or to make purchases. Some public Wi-Fi connections are not secure, and a hacker could have the ability to position themselves between the user and the connection point to steal their data. If someone wants to use public Wi-Fi to kill time while in the store or to check on products they want to buy, they need to avoid entering any personal information.

Advice for Businesses

  • Secure your information – Businesses need to take all of the necessary steps to ensure customers’ personal information is secure. It starts by making sure all systems are protected with properly configured cybersecurity tools. Time and time again, we see businesses and technology providers fail to configure passwords, resulting in exposed sensitive data for anyone to see online.
  • Have security software – Businesses need to protect their networks from cyberattacks. If a system does not have appropriate security software like network and application firewalls, malware protection and a program to patch known security flaws, identity thieves will steal whatever customer and company information they want.
  • Talk to the employees about online security – A business can have all the security measures in place, but it does not matter if employees click on links in phishing schemes. Company executives and cybersecurity teams should talk to employees about security, so they do not end up being their weakest link.

What the Post-Pandemic Marketplace Will Look Like

While many things are uncertain about our post-pandemic world, one safe bet is that online holiday shopping will continue to rise. Statistics show online shopping was already on the rise before COVID-19. With the even bigger surge during the pandemic, it will force businesses to get serious, if they are not already, about e-commerce and a digital-first model. In a sense, every day could be Black Friday!

For more information on online shopping during the holiday season or online holiday shopping trends, contact the ITRC at no-cost by calling 888.400.5530 or by live-chat on the company website.

Also, download the free ID Theft Help app, which has access to resources, a case log for an identity theft resolution process and much more.

Synchrony is a proud financial sponsor of the Identity Theft Resource Center.