Retailers lost a whopping $57 billion to online cyber attacks in 2017, eclipsing losses from physical threats like shoplifting and inventory shrinkage. The scariest part? Most of these threats are orchestrated behind the scenes, and most retailers don’t realize what’s happening until it’s too late. As fraudsters increasingly leverage automation tools to launch attacks and such attacks escalate in size and scope, it’s imperative that retailers get smart on how to recognize and prevent them before their bottom lines — and customer faith — are depleted. Here are four main threats that should be on all retailers’ radars.

Credential stuffing

Hackers take advantage of the fact that people reuse their passwords, so every big data breach is like hitting the jackpot for these fraudsters. They take the laundry list of stolen credentials and launch massive login attempts — with a 1-2 percent success rate. Once an account has been taken over, there are a number of ways a hacker can monetize the data they find, which may include exploitation of credit card information and personally identifiable information like driver’s license or social security numbers.

In retail, nearly 30% of login POSTs are attributed to credential stuffing. This means one out of every three online login attempts is from a fraudster attempting to steal a user’s credentials. Credential stuffing is difficult to eliminate for a single retailer in isolation because criminals adapt to defensive measures quickly, often within 12 to 24 hours. Some of them operate like organized crime syndicates with technical capability and abundant resources, and are able to invest in rapid response techniques motivated by the high profit margin. Because of this, it is more effective to defend against credential stuffing as part of a network of allied retailers. Technology such as machine learning and artificial intelligence should also be leveraged to scale detect and deflect capabilities.

Gift card cracking

Gift card cracking occurs when criminals correctly guess a valid gift card number and PIN that has an available balance. At that point, the criminals either transfer the balance to a card they control, or sell the card on a site that will reimburse them with cash.

How does a criminal guess a valid gift card number? It’s simpler than you may think. Fraudsters can discover sequential patterns in gift cards by comparing the numbers on two or more gift cards that are available in plain sight in retail stores. Once they narrow down the subset of digits that they have to try, automated attempts are then launched against the Check Gift Card Balance endpoint. Automated traffic to check gift card balance endpoints can be up to 100 times greater than the amount of human traffic.

Or, fraudsters will discreetly photograph or write down gift…