Christmas can be a boom time for online retailers and bargain-hunting consumers alike, especially with the increase in online shopping during the pandemic. At the same time, however, lurking on the web are hackers and rogue employees looking to ruin your festive shopping spree. Commercial disputes lawyer and cyber-crime expert Oliver Smith looks at combatting the festive online fraud onslaught.

The winter holidays are the gift that keeps on giving for cyber criminals who thrive on popular promotional dates such as Black Friday, Cyber Monday and the January sale season. According to the National Fraud Intelligence Bureau, last Christmas there were over 17,000 reports of online shopping fraud, with an average loss of £775. Increased reliance on technology has made businesses more vulnerable to theft of large volumes of valuable data such as customer email addresses or other sensitive information like profit margins or passwords. The number of passwords consumers now have to remember means they, understandably, often use the same or similar passwords for many of their accounts. When one is compromised, it can make other accounts vulnerable.

There are, however, technical and legal solutions available to the savvy online retailer and shopper. Many big tech companies like Apple, Microsoft and Google offer encrypted password apps which will remember or create any number of complex different passwords for all your online accounts. The best part is that you only need to remember one password to use it. Alternatively, you can save your passwords on your internet browser and they will automatically input them for you but you must ensure that access to your computer is password-protected. Some websites offer two-factor authentication, where they will text you a new code to input each time you log in. Meanwhile, there are many software programs for businesses to help them police and protect their data. This is particularly important as under the General Data Protection Regulation (GDPR) companies responsible for data breaches can receive large fines based on a percentage of annual turnover.

As a last resort, businesses may have to seek assistance from the courts by seeking an urgent interim injunction to stop a rogue employee using stolen data or selling it to a competitor. In extreme cases a judge may even allow solicitors, under supervision of another independent solicitor, to carry out an unannounced search of the ex-employee’s home, new office or computers to find and preserve evidence of wrongdoing.

But what about consumers?

Shoppers concerned that a data breach may have affected them or led to them being defrauded online can contact the Information Commissioner’s Office online for help in securing their data or claiming compensation. If the matter is high value or urgent, an intellectual property solicitor should be consulted.

For further information please contact:

This article is for general information purposes only and does not constitute legal or professional advice. It should not be used as a substitute for legal advice relating to your particular circumstances. Please note that the law may have changed since the date of this article.