Criminals Today are Tech Savvy and Organized
Organized retail crime is big business today, says Christian Beckner, vice president of retail technology and cybersecurity at the National Retail Federation. Hackers and cybercriminals are using a widening range of tactics, from account theft and takeovers (for example, stealing login information for a particular online retailer) to credit card theft, ransomware and more. Using stolen account information — often purchased on the dark web — retail thieves can access credit card data, and, in some cases, evolve their crimes from the online realm to physical locations.
Take, for instance, the “buy online, pickup in store” or curbside pickup trend that escalated when the COVID-19 pandemic shut down stores across the nation. Simply by stealing online account information, cybercriminals can make purchases online, pickup the merchandise in-store, and then resell it, leaving victims and businesses to foot the bill. Similar acts of thievery can be accomplished using stolen credit cards and having merchandise delivered to the criminals’ doorsteps.
Things are likely to get even more dangerous as artificial intelligence matures, says Buck Bell, the head of CDW’s Global Security Strategy Office. “The real short-term challenge is the degree to which AI can be an accelerant of successful attacks,” he says. Criminals are working on “using AI to replicate successful attacks to get pretty broad coverage in no time.”
Specifically in retail, Bell says, AI may be used to extract customer information via omnichannel communications. For example, he said, criminals might build an AI bot that can present itself to retailers as a customer, using whatever information is publicly available about him or her. “The AI will be responsive enough to walk through additional steps to extract additional information about that customer.”
What’s enticing about such a scenario, from the standpoint of cybercriminals, is the algorithm’s ability to learn as it goes, getting better with each attempt, as well as the ability to easily unleash such a bot at scale. “You know three of four pieces of demographic information about someone that’s easily discoverable online, and from that you can try to discover additional demographic information, account information, those kinds of things. We’ll see that increasing over the next two or three years.”
In some cases, the malicious bots will communicate with the retailers’ own customer service chatbots. In others, they will dial into call centers and speak to live agents, using the large language models that power tools such as Chat GPT.
“With some of these large language models, the opportunity to be much more conversational exists,” Bell says, “and if I can combine that with data mining, I can probably find out enough to convince a retailer that I might be who I say I am.”