Holiday shopping will set new records this year — and so could fraud, according to new predictions from cybersecurity company ThreatMetrix.
"According to data from our Q3 2017 Cybercrime Report, businesses will be heavily targeted for cyberattacks this week through Black Friday — with more than 50 million attacks anticipated to be unleashed. Intensified bot activity detected by ThreatMetrix during the past quarter shows cybercriminals are leveraging automated attacks, which will help fuel these increased incidents," the company said.
The San Jose, California-based company said this year's peak holiday shopping days will see highest-ever transaction volumes, and online commerce will outpace in-store commerce.
Fraudsters are expected to launch automated bot attacks to test identity credentials on retailer websites, the company said.
"ThreatMetrix also anticipates sustained high volumes of bot attacks as more leaked identity data becomes available to cyberthieves on the dark web. Indeed, some attack peaks will see more than 90% of retailers' web traffic coming from automated bots testing identity credentials," it predicted.
More than 450 million bot attacks were detected in the third quarter of 2017 alone, a large proportion of which targeted e-commerce merchants, it noted.
That could rack up a big bill. In 2016, illegal transactions and chargebacks grew 31% during the holidays; the cost to merchants totaled 7.5% of their annual revenue that year, the company said. The most targeted segment for online purchases was cosmetics and perfume, which saw fraud rates spike 172% in October 2017 alone.
Rising mobile use is helping open the door to fraud, according to the company.
"Mobile appears to be the starting point for most shoppers, accounting for up to 54% of retail web traffic. And the channel is now home to roughly 33% of all online purchases. But for retailers, the mobile revolution isn't risk-free. With a growing number of consumers opening and managing accounts on their mobile devices, more of them are saving credit card information to retailer sites and apps, making them tempting targets for cybercriminals wielding stolen login credentials," it said.
Gift cards are also becoming a bigger gateway to crime, offering criminals a way to monetize stolen credit cards quickly, sell gift cards for cash at online auction sites, it noted.
"If Holiday 2016 was any indication, expect such online marketplaces to face several sustained spikes in rejected transactions as fraudsters use bots in their attempts [to] hack into user accounts," ThreatMetrix said.
Even holiday charitable donations are targets.
"ThreatMetrix detected a series of transactions aimed at testing payment credentials. These $5 payments made with stolen credit cards are designed to test the validity of cards before using them elsewhere online to make a high value purchase. Charities are also vulnerable because they typically make donations very easy, with few security barriers. Despite high legitimate giving, the testing volume was sometimes as high as 70% of the total transactions," it reported.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
