Happy Halloween: Letting Cybersecurity Awareness Month go by without implementing five best practices for protecting against payments fraud could lead to some pretty frightening results for your business and its customers.

I mean, sure, the awareness campaign and its #BeCyberSmart hashtag are cringy as hell. And yes, every month should be cybersecurity awareness month. But given it heralds the start of the all-important fourth quarter and is known for putting spine-chilling threats top of mind, October is the perfect time to take in the best ways to scare off fraudsters.

The bloodsuckers have it coming to them. Global losses from card-not-present (CNP) fraud alone topped $6.4 billion in 2020—and could increase another 16.4% by year’s end. Meanwhile, account takeover (ATO) attacks accounted for another $16 billion in loss in just the U.S. last year, up 300% from 2019. It doesn’t help that 68% of Americans use the same password across multiple accounts.

As reported in our latest fraud trends report, there are a handful of key best practices that can de-fang fraudsters. Here are three that rise to the top:

#1 Define Your Fraud and Risk Management Strategy

Ideally, defenses should be erected to protect all digital channels and current payment types. They should also provide flexibility to support various digital commerce models such as buy online, pick up in-store (BOPIS) and buy on mobile, pick-up curbside. According to PYMNTS.com, fraud in these channels rose 6% in the first quarter of 2021, with the average transaction value up 4.7%. The best solutions will provide proven capabilities for detecting and prevent fraud while maintaining a seamless transaction experience for cardholders.

#2 Employ Multiple Layers

Given all the channels, locations, and devices your customers use to do business with you, it’s important to protect every step in the customer journey. There is no “foolproof” solution. You need to mitigate every possible attack vector, including brand abuse, phishing, and rogue mobile apps, with the appropriate tools to protect your customers from falling prey to credentials harvesting attacks—and your brand from being blamed for it. According to Outseer researchers, phishing accounted for more than 1-in-5 attacks in the second quarter of the year. And the number of imposter apps from trusted sources such as Apple’s App Store, the Google Play store and others surged 66% in just 90 days.

#3 Take a Risk-based Approach

For organizations executing a balanced strategy of risk and experience, it pays to protect transactions with risk-based authentication. One of the most significant improvements in the latest EMV® 3-D Secure protocol is the incorporation of risk-based approach—one that I’m proud to say we’ve been pioneering for over a decade. It allows legitimate cardholders to transact without any added friction, improving trust and loyalty while step-up authentication options kick in for only those few, higher-risk transactions that warrant additional scrutiny. According to a new study from Aite-Novarica Group and Outseer, e-commerce transactions made using 3-D Secure achieved 85% or higher authorization rates, helping to suppress both fraud and customer attrition rates significantly.

Hobbling Goblins—and the Grinch

These three top recommendations are just the beginning. For all 5 of our best practices for Cybersecurity Awareness Month, check out our Q3 2021 Fraud & Payments Report.

Your holiday says may thank you for it. With Home Depot and others selling out Halloween decorations—as far back as August—analysts predict a very merry holiday selling season for merchants and the credit card and payments providers who serve them. Deloitte forecasts US holiday e-commerce sales will grow as much as 15% year-over-year to reach $218 billion this year.

But that’s only if they can keep payments fraud from making off with their holiday haul. With Cybersecurity Awareness Month coming to a close, Halloween is high time to start taking a broomstick to the bad guys.

For more on the new study from Aite-Novarica and Outseer, download “Maximizing the Potential of CNP: Collaboration Via 3-D Secure is the Key,” here.

Armen Najarian

CMO + Chief Identity Officer

Armen is a 15-year Silicon Valley veteran with deep experience leading the marketing function for fast-growing fraud prevention, predictive analytics, and cybersecurity companies. His most recent leadership roles include CMO positions at Agari and ThreatMetrix, the latter of which he established as the definitive category leader for digital identity solutions.