CIO Influence
Analytics Bots/Intelligent Assistants CIO Influence News Security

Retail Fraud Jumps 96 Percent YoY This Labor Day, Sparking Holiday Shopping Concerns

by Business Wire
Retail Fraud Jumps 96% YoY This Labor Day, Sparking Holiday Shopping Concerns

CQ Prime threat research finds retailers could lose up to $60,000 an hour without proper API and bot protection

Cequence, a pioneer in API security and bot management, today released alarming new data revealing a 96% surge in attack traffic targeting retailers during the Labor Day weekend.

Also Read: AI, Financial Crime, and the Battle for Control: Who’s Winning the Arms Race?

“Our research makes it clear that retailers are prime targets for cybercriminals, making immediate action not just important, but imperative”

Post this

Developed by the CQ Prime threat research team, the data is based on real, anonymized traffic and attack data from Cequence’s retail customer base, comprised of Fortune 500 and Global 2000 companies, and sampled from billions of transactions. Cequence’s threat researchers observed significant increases in malicious activity targeting retailers over the holiday weekend.

Key findings include:

  • Retailers Under Siege Labor Day Weekend: The retail vertical saw a 96% surge in attack traffic over Labor Day weekend as compared to last year.
  • Bots Up Their Game for the Holidays: Retailers faced a 79% surge in blocked bot traffic as compared to last year.
  • Cybercriminals Target Retailers with Account Takeovers: Cequence blocked over 26.69 million account takeovers (ATOs) during the Labor Day sales period.
  • Attack Traffic Soars for Major Retailer: During a recent summer sales event, a notable retailer witnessed a blocked bot traffic surge of 435% compared to normal levels. The volume of malicious traffic experienced a staggering 2,724% increase from normal levels, indicating a significant surge in malicious activity during the major sales event.
  • Cybersecurity Gaps Prove Costly for Retailers: Retailers could lose $60,000 every hour without proper bot and API protection, especially during high-traffic periods like holiday weekends.
  • Latest iPhone Drives Spike in API Calls: Since the iPhone 16’s launch in early September, Cequence has managed over 6.7 billion API calls for eight of the world’s top telecommunications companies. Notably, 37% of this traffic was malicious.

Also Read: Liquid Infrastructure Launches as the World’s First Tokenized Telecom Asset Platform

“During holiday seasons, retailers often face a perfect storm of increased vulnerability,” said William Glazier, Director of Threat Research at Cequence. “Reduced staffing levels, coupled with the surge in online activity driven by sales and promotions, create a prime opportunity for cybercriminals to exploit. Retailers risk significant financial losses due to fraudulent activities without robust bot and API protection.”

To mitigate these threats, Cequence recommends that retail businesses take the following steps:

  • Practice, Practice, Practice: Regularly review policies and procedures, and run practice drills tailored to an organization’s unique risks. Consider perspectives from the company, customers and potential attackers.
  • Know What to Protect: Maintain a detailed and up-to-date inventory of public-facing applications and associated APIs, as many attacks succeed due to overlooked or unknown endpoints.
  • Prioritize Business Goals: Focus on what drives success for the business. If speed is key, optimize performance; if user experience matters, ensure secure and fast user validation using methods like canary headers and known IPs.
  • Leverage Security Systems: Implement multi-factor authentication and monitor systems for unusual activity, especially during peak times.
  • Monitor User Activity: Track login patterns to identify anomalies, such as a user logging in 50 times in an hour from various global IP addresses, which could indicate an account takeover attempt.

“Our research makes it clear that retailers are prime targets for cybercriminals, making immediate action not just important, but imperative,” Glazier said. “While these measures should be a priority year-round, now is the time for retailers to get ahead of threat actors as peak shopping periods quickly approach.”

Additional Resources:

  • Download the infographic to learn more about the challenges retailers face during holiday shopping spikes.
  • Learn more about our Unified API Protection platform.
  • Follow us on LinkedIn and X

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

Business Wire, a Berkshire Hathaway company, is the global leader in press release distribution and regulatory disclosure. Public relations, investor relations, public policy and marketing professionals rely on Business Wire for secure and accurate distribution of market-moving news and multimedia. Founded in 1961, Business Wire is a trusted source for news organizations, journalists, investment professionals and regulatory authorities, delivering news directly into editorial systems and leading online news sources via its multi-patented NX network. Business Wire’s global newsrooms are available to meet the needs of communications professionals and news media worldwide.

Related posts

1Password Launches Mobile Support for Passkeys

Business Wire

Qualcomm Announces New Features in Snapdragon X65 5G Modem-RF System for Global 5G Expansion

CIO Influence News Desk

Code Climate Raises $50Million in Series C Funding to Propel Its Engineering Intelligence Platform

CIO Influence News Desk