With Black Friday only a few days away, retailers are gearing up for another busy holiday season where we can expect more consumers than ever before to transact online. Many plan to forego waiting outside brick-and-mortar stores, choosing instead to do all their holiday shopping from the safety of their own home. This brings back concerns experienced earlier in the pandemic around supply chain management, which resulted in product shortages and shipping delays. Although businesses have learned a lot since then, timelines for buying new technology to help support anything from an online order system to fulfillment processes have been accelerated.
On top of this, the official kick-off of the holiday season for many actually started much earlier. For instance, we are seeing holiday sales offered as early as October and extended all the way through the month of December. In theory, this would mean customer transactions would occur over a longer period of time versus the one-day mayhem that we’ve grown accustomed to (à la Cyber Monday). By looking at OneLogin’s own data, we see a steady volume of multi-factor authentication (MFA) prompts from October to November thus far, both around 12M authentication requests for each month.
MFA Prompts to OneLogin App (by Month), 2020
MFA Prompts to OneLogin App (by Month), 2019
Should this be comforting to retailers who are worried about handling large volumes of customer authentications all at once? Even if authentication requests are more spread out month-to-month, the data also shows that the total amount of authentications is already much higher than the same period last year. October saw an increase of 80% in the number of authentications compared to last year. November is already 43% higher than the year before with Black Friday and Cyber Monday right around the corner.
Cyber Attacks will Continue to Increase During the COVID-19 Era
As we saw earlier in the pandemic, phishing attacks are on the rise, likely influenced by the greater number of consumers who are turning to ecommerce amid store shutdowns. Some of these users may not be as accustomed to shopping online and could be easy targets for phishing scams. This in turn makes it very easy for fraudsters to steal account credentials and make unauthorized purchases, all while hiding behind large volumes of login traffic.
According to Imperva’s State of Security Within e-Commerce report, e-retailers experienced more than twice as many account takeover (ATO) attempts than any other industry this year (62% vs. 25%). Additionally, nearly 79% of retailers suffered credential stuffing, where previously breached credentials are used in automated attacks across a large number of sites.
What You Can Do to Protect Yourself this Holiday Season and Beyond
The easiest way to defend against account takeover and phishing attacks is to turn on MFA for all your apps and users. A Customer Identity & Access Management (CIAM) solution not only captures all your customers’ identities, but also helps you easily deploy strong MFA (sometimes referred to as two-factor authentication) to verify users are who they say they are. The problem with this: inconvenient MFA can cause unnecessary friction during the buying experience which increases abandonment rates. That’s why an advanced CIAM solution, like OneLogin’s Trusted Customer ExperiencesTM, allows you to leverage modern MFA features, such as risk-based authentication and social login, to not only provide the extra security you need, but also the convenience your customers demand.
With risk-based SmartFactor AuthenticationTM, for instance, admins and security teams can adjust authentication requirements based on the risk profile of a user. By looking at factors like location and device, the risk engine provides a risk score. Admins can then set security policies to require the user to provide an additional authentication factor, reduce the level of authentication required to sign in, or even deny access altogether if the risk is too high. SmartFactor Authentication also alerts users when they are using a compromised password from another site to further protect against breached credentials.
To make the sign-up and registration process even more frictionless, businesses are increasingly adopting social login, which gives customers the flexibility to use their social credentials, like Google, Facebook, or Twitter, to log into an online application. This establishes a trust relationship with the social provider so businesses have the security they need, while also reducing unnecessary friction during the login process. And for the end-user, that’s one less username and password they have to remember.
Equally important is your ability to handle unexpected spikes in authentication traffic that would otherwise slow down the business and negatively impact revenue. A customer identity and access management (CIAM) solution alleviates the burden on your developer teams to build best-practice security into their apps. OneLogin’s HydraBoost leverages our Hydra Cloud InfrastructureTM to easily scale and handle over 1 million authentication requests per minute without impacting the end user experience. This demonstrates an unprecedented level of horizontal scalability for Identity & Access Management (IAM), empowering DevOps teams to handle anticipated and unanticipated traffic spikes without having to invest in infrastructure development in-house.
As we approach the tail-end of an already atypical year, businesses can expect that some of what we’ve seen in terms of the holiday season starting much earlier as well as the increased volume of online transactions overall will likely continue beyond the COVID era. If anything, this has just accelerated the inevitable move to the cloud. A trusted identity provider like OneLogin serves as that safety net to make sure that you are effectively protecting the business, while preventing revenue leakage as a result of a poor customer experience because every dollar counts.