Andrew Lipsman, senior analyst at comScore, an online sales-tracking firm, told SCMagazineUS.com on Monday that the start of the holiday cyber-shopping spree would be the "heaviest online shopping day on record -- about $700 million."
Cyber Monday is the first workday following the Thanksgiving holiday -- the day American shoppers head online en masse to shop after “Black Friday,” the unofficial beginning of the Christmas shopping season. Last year, comScore said that $608 million was spent on online retail on Cyber Monday, then the biggest online shopping day on record. However, sales on 11 days surpassed that record during December 2006, with a new best of $667 million set on Dec. 13.
"Cyber Monday marks the first spike in online holiday shopping activity and, while it will be the heaviest on record to date, it will be surpassed in the coming weeks, typically peaking in mid-December,” said Lipsman.
Shop.org, a trade association for online merchants, reported a 300 percent increase in traffic from last year to its Cybermonday.com website, which directs shoppers to the best deals at more than 400 online retailers.
"I've talked with several online merchants and they're seeing strong increases this year," Scott Silverman, Shop.org's executive director, told SCMagazineUS.com. Jewelry retailer ice.com saw its sales increase 83 percent over Cyber Monday 2006, he said, and bags.com reported a 50 percent jump by noon on Monday.
Despite the high volume of traffic, end-users were still threatened by cybercriminals. Avivah Litan, Gartner vice president and distinguished analyst, told SCMagazineUS.com that shoppers saw three new things this Cyber Monday, "malware, malware and more malware.”
"Malware that captures consumer credit card, bank account and other personal information is increasingly being dropped on consumer desktops through consumer use of search engines and advertisements to do holiday shopping,” she said on Monday. “Last year's threats were much more visible and typically consisted of plain old phishing attacks. But as anti-phishing defenses started working and consumers started becoming more aware of how to spot and avoid them, the thieves have turned to more invisible and hard-to-detect tactics, which is why we see a rapid increase in malware-based attacks."
Some organizations used the unofficial holiday to mark cybersecurity milestones.
More than 96 percent of the top-tier merchants have reported that they no longer store sensitive credit card data -- such as names, account numbers and expiration dates -- a key requirement of the Payment Card Industry Data Security Standard (PCI DSS).
“Retailers have made a big push to make sure they're meeting the PCI DSS standards for several reasons," Barbara Mitchell, senior product manager at Verizon Business, told SCMagazineUS.com. "Retailers see data security as something that's very important to their customers and their brand image, and the level of liability has increased. Third, the major credit card companies, such as Visa and Master Card, are offering both incentives and penalties.”
However, 42 major retailers (about four percent of the Tier 1 and Tier 2 retailers which accept credit cards) have yet to indicate that they've stopped storing sensitive credit card data, which, if involved in a security breach, can expose consumers to fraud and identity theft, according to Mitchell.