Protocol | Fintech

The pandemic keeps changing ecommerce. That makes fraud harder to fight.

As the second holiday season under COVID-19 gets underway, fraud finds new forms.

A man in front of a computer, holding a credit card, looking upset with his hand over his eyes

Online fraud is frustrating consumers and merchants.

Photo: fizkes/iStock/Getty Images Plus

Click banner image for more Shopping Week coverage

The second pandemic holiday shopping season is underway. That means cybersecurity experts get another chance to figure out how fraudsters operate in the COVID era.

It's a huge and constantly shifting challenge. The way consumers shop and spend their money has changed dramatically since the crisis began, and it also opened up new and expanded opportunities for identity theft, fraudulent accounts and transactions and account hacking.

The waves of change have upended established assumptions about fraud. Waves of new shoppers have come online, making predictions about which shoppers are real and fake and less reliable. Contactless pickup might mean less chance to check a shopper's identity, blending online and offline fraud. And more and more stolen data leaks online all the time, fueling automated attacks on ecommerce and payment systems.

"The pandemic spending behavior has all been anomalous," said Jay Budzik, chief technology officer of Zest AI, whose software uses machine learning to help businesses assess borrower risk. "We've been in a very abnormal period this whole time. The idea that we're able to tell you what's normal and what's not normal is kind of a hard thing. That's the challenge that people are going to face."

In the first year of the pandemic, more consumers were forced to shop and spend money online, and that led to a spike in different forms of online fraud and heftier losses for businesses.

Those losses are expected to swell: Juniper Research estimates that merchants will lose $206 billion to payment fraud between 2021 and 2025.

Kimberly Sutherland, vice president of Fraud and Identity Strategy at LexisNexis Risk Solutions, pointed to a sharp rise in automated attacks. In the first six months of 2021, the number of bot attacks soared to 1.2 billion, up 41% from last year, featuring huge amounts of stolen identity credentials, according to her firm's data.

But human-initiated attacks are still thriving. In fact, they're easier to pull off given broader access to stolen personal information, said Sunil Madhu, founder and CEO of Instnt, a customer-onboarding software company.

"All your personal information is already stolen and easily purchasable for about two bucks online," which could easily be used to create fake accounts, he told Protocol.

In some cases, fraudsters create a fake account to make a purchase, which they pick up at a physical location, he said. With busy holiday pickup queues, stores might be too busy to closely scrutinize IDs. Sutherland of LexisNexis agreed: With more stores open, this holiday season will be distinguished from last year in "the challenge of omnichannel fraud," she said.

Another relatively new vulnerability is "buy now, pay later." Once used mostly for big-ticket purchases like Pelotons, pay-later purchases are expanding to less expensive items in categories like apparel and beauty.

Rick Song, co-founder and CEO of Persona, an identity verification software company, said pay-later transactions pose "one of the biggest challenges" in fraud monitoring today. Unlike credit cards, "there is no centralized network and a lot of the underwriting is being done at the time of the purchase," he told Protocol.

The growth of automated fraud has pushed businesses to embrace more sophisticated security technology. Sutherland cited the use of behavioral analytics, software that can quickly track and analyze "everything from mouse and keyboard movement, how you hold the device, time on page."

AI may prove crucial, even though the technology has drawn heightened scrutiny amid worries about misuse.

Budzik of Zest AI said AI has become a powerful fool in flagging increasingly sophisticated fraud. "They're great at noticing subtle patterns that people can't," he said.

He cited a type of fraud in which a fraudster sets up an account under a synthetic identity — a made-up persona — which they use responsibly for years before making huge transactions from which they simply walk away.

The market for fraud-fighting tools is growing, too. Juniper projects companies will spend $9.3 billion to detect and prevent fraud in 2021, a figure that will grow to $11.8 billion in 2025.

Protocol | Workplace

CTO to CEO: The case for putting the tech expert in charge

Parag Agrawal is one of the few tech industry CTOs to nab the top job. But the tides may be shifting.

Parag Agrawal’s appointment to Twitter's CEO seat is already alerting a new generation of CTOs that the top job may not be so out of reach.

Photo: Twitter

Parag Agrawal’s ascension to CEO of Twitter is notable for a few reasons. For one, at 37, he’s now the youngest CEO of an S&P 500 company, beating out Mark Zuckerberg. For another, his path to the top as a CTO-turned-CEO is still relatively rare in the corporate world.

His leap suggests that CEO succession trends may be shifting, as technology increasingly takes the center stage in business and strategy decisions not just for tech companies, but for the business world more broadly.

Keep Reading Show less
Michelle Ma

Michelle Ma (@himichellema) is a reporter at Protocol, where she writes about management, leadership and workplace issues in tech. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at

The fintech developers who made mobile banking as routine as texting or online shopping aren't done. The next frontier for innovation is open banking – fintech builders are enabling consumers to be at the center of where and how their data is used to provide the services they want and need.

Most people don't even realize they're using open banking services today. If they connected their investment and banking accounts in a personal financial management solution or app, they're using open banking. Perhaps they've seen ads about how they can improve their credit score by uploading pay stubs or utility records to that same app – this is also powered by open banking.

Keep Reading Show less
Bob Schukai
Bob Schukai is Executive Vice President of Technology Development, New Digital Infrastructure & Fintech at Mastercard, where he leads the technical design, execution and support of innovative open banking and fintech solutions, as well as next generation technologies to support global payment and data capabilities. Prior to Mastercard, Schukai’s work focused on cognitive computing, financial technology, blockchain, user experience and digital identity. He is also a member of the Institute for Electrical and Electronics Engineers.
Protocol | Workplace

Google contractor says she was fired for 'ungoogley' behavior

According to a charge filed with the National Labor Relations Board, "ungoogley" is Google's term for having a bad attitude.

A contractor at Google staffing firm Modis claims she was fired from her job after asking about pay.

Photo: Future Publishing/Getty Images

A contractor at Google staffing firm Modis claims she was fired from her job for "ungoogley" behavior after asking about holiday pay at a meeting with management, according to a charge filed with the National Labor Relations Board by a lawyer for the Alphabet Workers Union.

Tuesday Carne said in an interview with Protocol that she was fired after just nine days of working in the data contracting facility in South Carolina. Carne's termination letter (which Protocol reviewed) called her behavior at the meeting "unacceptable and 'ungoogley'" and claimed that her behavior was the reason for her firing.

Keep Reading Show less
Anna Kramer

Anna Kramer is a reporter at Protocol (Twitter: @ anna_c_kramer, email:, where she writes about labor and workplace issues. Prior to joining the team, she covered tech and small business for the San Francisco Chronicle and privacy for Bloomberg Law. She is a recent graduate of Brown University, where she studied International Relations and Arabic and wrote her senior thesis about surveillance tools and technological development in the Middle East.

Protocol | Policy

Biden FCC nominee Sohn is walking a tightrope with Republicans

Gigi Sohn faces plenty of GOP opposition, but the longtime net-neutrality advocate is hoping to pick up a little Republican support as she deals with Democrats’ narrow margins.

Gigi Sohn’s work for net neutrality has become an issue in her confirmation hearings for the FCC.

Photo: Alex Wong/Getty Images

Gigi Sohn wouldn’t mind getting support from a Republican or two, and it’d certainly make her path back to the Federal Communications Commission easier.

During her Senate Commerce Committee confirmation on Wednesday, Sohn, a progressive favorite and longtime net-neutrality advocate, touted her commitment to ensuring a diversity of voices on the airwaves, her past fights for small conservative networks she personally disagrees with and her habit of socializing with those she battles on policy.

Keep Reading Show less
Ben Brody

Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.

Protocol | Workplace

Microsoft Teams is going after small businesses

Microsoft Teams Essentials offers longer, bigger meetings for a relatively small price tag.

Companies can now buy a standalone version of Teams.

Photo: Mika Baumeister/Unsplash

Microsoft announced Wednesday that companies can now buy a standalone version of Teams — one of its most important products and a major player in work messaging and video chat, alongside Slack and Zoom. The product, called Microsoft Teams Essentials, aims to give small or medium-sized businesses a communication hub that costs less than its competitors'.

Microsoft will charge small businesses $4 per user per month for Microsoft Teams Essentials, while Zoom’s cheapest paid plan is $14.99 per user per month and Slack’s is $6.67 per user each month, when billed annually. The free version of Microsoft Teams still exists, as do the various other Microsoft 365 plans that include Teams. Teams Essentials offers longer meeting times, larger group meetings and more cloud storage.

Keep Reading Show less
Lizzy Lawrence

Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She's a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school's independent newspaper. She's based in D.C., and can be reached at

Latest Stories