March 21, 2014, 12:44 PM

Cybercriminals increase pressure on omnichannel retail chains, a Wal-Mart exec says

Cross-channel services like buy online and return to any store—without requiring a receipt—are creating formidable security challenges for retail chains, Wal-Mart’s director of global e-commerce investigations said at a payments security industry conference this week.

Lead Photo

The retailer that wants to be all things to all shoppers is trying hard not to extend the welcome mat to cybercrimals, Fred Helm, director of global e-commerce investigations for Wal-Mart Stores Inc., said this week.

Retail chains like Wal-Mart that operate both physical and online stores have “created a perfect fraud culture” by letting shoppers return merchandise to any bricks-and-mortar store, often without a receipt, Helm said during a presentation at the Merchant Risk Council’s 2014 E-Commerce Payments and Risk Conference, held Mar. 17-20 in Las Vegas. At the same time, he added, criminals are increasing their use of counterfeit payment cards to purchase gift cards in stores as well as online, then using them to fund other transactions.

“We’re in an unbelievably risky time,” Helm said. 

Criminals for years have found ways to steal merchandise from bricks-and-mortar stores, including by paying with stolen credit cards, then fence them online through e-marketplaces and other web sites, he said. Now more of them are simply returning merchandise to stores for cash or credit to purchase other merchandise.

Helm also noted that some criminals will place bulk orders of gift cards sold through “scrip” organizations, which are legitimate businesses that provide gift cards redeemable at various merchants for use in fundraising efforts. Charities and public institutions like schools, for example, purchase high volumes of gift cards for sale in fundraising campaigns; as people buy the cards and redeem them either online or in stores, the charity gets to keep a percentage of the card value.

But merchants and fundraising organization usually don’t know if criminals are purchasing large volumes of these gift cards with counterfeit payment cards, Helm said.

To mitigate the losses, Helm directs a team of five data analysts and three investigators who watch for unusual activity and cooperate with law enforcement officials to identify and catch thieves. In one case, he noted, Wal-Mart provided value-loaded gift cards used by law enforcement officers in a campaign to catch thieves.

Dealing with cybercriminals is getting more challenging as criminals assemble “botnets”—large numbers of computers they control via inserting malicious software. They use those computers to automatically place fraudulent online orders much faster than in the recent past, Helm said. Adding to the challenge facing retailers is the proliferation gangs of cybercriminals in regions such as mid-Africa and Eastern Europe, he said. 

But though Helm’s team will work with law enforcement to help track and apprehend criminals, he said his team is focusing more on analyzing the data in fraudulent transactions rather than on locking up the bad guys. “We want good analytics to make data decisions” and help Wal-Mart’s risk manager set the most effective rules for accepting and rejecting transactions online and in stores, he said.

 

 

comments powered by Disqus

Advertisement

Advertisement

Advertisement

From IR Blogs

FPO

Deepak Agarwal / E-Commerce

Back-to-school insights from a Top 100 online retailer

It’s the second-largest online shopping season, and one nomorerack.com CEO pays close attention to. Here ...

FPO

Kevin Sterneckert / E-Commerce

The ghost economy: an $800 billion retail data disconnect

A new twist on a classic holiday story that online retailers will relive in the ...

Advertisement