During the festive shopping season, when e-commerce activity reaches a peak, online shoppers need to stay especially alert to the risk of scams. New data from Action Fraud highlights the scale of the issue, with over £11.5 million lost to cybercriminals during last year's festive period. Clothing, high-end tech products and cars were among the most frequently targeted items in these seasonal scams.
Niall McConachie, Regional Director (UK & Ireland) at Yubico, shares insights on how consumers can adopt better cybersecurity habits and how retailers can strengthen their security measures to keep customers safe:
"At key sales periods such as the run-up to Christmas, online shoppers are more likely to adopt poor security habits in their haste to grab a bargain. These include storing their credit card information in a retailer's platform and reusing their passwords across multiple services. Yubico's recent State of Global Authentication survey found that the most commonly compromised passwords are those used for apps and services storing sensitive personal information. Online retailer accounts are a notable target, with 21 percent of respondents reporting that their passwords for such accounts were compromised in a successful hack or data leak.
"Last month, the UK's National Cyber Security Centre (NCSC) urged online shoppers to create 'memorable but secure passwords' and enable two-step verification to their key accounts. However, with some scammers now able to bypass these methods, relying solely on complex passwords and two-step verification is no longer sufficient. While the onus remains on retailers to step up their security, consumers must also apply caution - particularly when they see deals that look too good to be true. Another red flag is any promotion that creates a false sense of urgency, which could mean something more sinister is at play.
"Instead of making passwords more complex, consumers can use phishing-resistant multi-factor authentication (MFA), like passkeys. Passkeys seamlessly authenticate users by employing cryptographic security 'keys' stored on their device. They are considered a superior alternative to passwords since users do not need to recall or manually enter long sequences of characters that can be forgotten, stolen or intercepted and do not slow down the checkout process. Passkeys allow shoppers to securely manage logins across multiple platforms and applications, offering a stronger authentication method than passwords or even two-step verification. With device-bound passkeys providing the highest level of assurance, online shoppers can better safeguard themselves and their valuable data."