This year’s Amazon Prime Day – well, two-days – is upon us once again. Peak shopping days like these are seen by many as a chance to grab a bargain on a new gadget, toy or appliance. But if you’re planning on taking advantage of the deals on offer, you should be aware that there are plenty of scammers out there keen to take advantage of you as well.
Research conducted by Bolster Research already highlighted a sharp rise in Amazon-associated phishing scams in the run up to this year’s Prime Day. There’s already a lot of great advice around on how to protect yourself from scams and phishing attempts during peak shopping events. This year the e-commerce giant appears to have started enforcing the use multi-factor authentication (MFA) more rigorously to better protect its customers, now requiring a six-digit verification passcode or sign-in confirmation from a mobile app to shop. This added layer of security prevents fraudsters from gaining access to Amazon accounts using a customer’s password alone.
Virtually every data or account breach can be traced back to compromised passwords, with phishing being one of the most common attacks. Requiring a password plus one or more added credential – aka multi-factor authentication (MFA) – is a good way to prevent unauthorised account access. Better yet, go passwordless.
Online retailers have tended to shy away from adding security measures that will inject friction into the checkout process for fear that it will lead to higher levels of cart abandonment. For example, retailers in Europe pushed back hard against PSD2’s Strong Customer Authentication (SCA) requirement that took effect on 31 December 2020. However, modern MFA is seamless and secure, using smart authenticators like mobile push and smart phone biometrics, along with adaptive risk-based authentication to provide an almost invisible layer of security.
Not only does MFA ensure that your account and personal details are more secure, but it can also be a good way of helping to avoid scams. For example, if you were to follow a link in an ad or email that purports to be from Amazon, the lack of any MFA verification can be a red flag that the site is not genuine and that you should change any passwords you may have inadvertently provided and watch out for any attempts to access that account.
E-commerce retailers will be watching Amazon’s Prime Day sales closely along with any potential security glitches to see if and when they should adopt MFA.
If you’re interested in learning more about modern MFA, register to join our upcoming webinar, Identity as a Service: Born in the Cloud, Offered as a Service.