E-com firms focus on cybersecurity ahead of high-volume festive season

As the e-commerce ecosystem gears up for robusts festival sales companies are increasingly turning up their cybersecurity measures to prevent fraud that typically spikes around this time

A Mumbai woman recently received her e-commerce order as expected, but days later found herself fielding persistent calls from 'delivery agents' who demanded payment for a duplicate parcel she never ordered. The caller even sent tracking details and insisted on an OTP to 'cancel' the delivery.

 

In truth, it was all fake, a sophisticated scam that seeks to exploit the trust consumers place in now-familiar logistics processes.

 

The incident is not an isolated one, reflecting a troubling surge in e-commerce fraud as India approaches its peak festive shopping season. Experts estimate that online fraud incidents typically spike by 20-25 per cent during this period.

 

With transaction volumes climbing and consumer spending accelerating ahead of Diwali and other major festivals, scammers are deploying increasingly elaborate schemes that mimic legitimate delivery protocols, exposing new vulnerabilities in India's booming digital commerce ecosystem.

 

“The high velocity and volume of e-commerce sales, especially during the holiday season, presents several fraud and cybersecurity risks for both platforms and users. Common types of fraud include phishing, where attackers send fake emails or create spoofed web pages to steal user information such as login credentials and payment details,” said Pankit Desai, chief executive officer (CEO) and co-founder, Sequretek.

 

E-commerce on the rise

 

The rise in fraudulent activities highlights an urgent need for enhanced cybersecurity measures and vigilant regulatory oversight as India’s digital shopping ecosystem balloons during peak festive sales periods.

 

At a panel organised by PHDCCI this week, e-commerce majors Amazon, Flipkart, and Meesho called for industry-wide collaboration to curb fraudulent sellers.

 

The companies said a shared mechanism to flag and blacklist repeat offenders across platforms would prevent such sellers from easily switching between marketplaces, thereby strengthening consumer trust.

 

According to a report by Datum Intelligence, a research outfit, sales are expected to grow 27 per cent to about ₹1.2 trillion for this year's festive season.

 

In urban India, consumer sentiment turned net positive for the first time in three years, with 37.6 per cent reporting higher non-essential spending in July, signalling a rebound in discretionary demand ahead of the festive season, the Datum report found.

 

In rural India, the report said non-essential spending surged 54.7 per cent in July, the highest in two years, indicating robust consumption recovery, with net sentiment jumping to a positive 37.2 amid expectations of spending growth ahead of the festival season.

 

Bolstering consumer safety

 

The safety of e-commerce customers gains importance as fraudsters find new ways to dupe users of e-commerce platforms.

 

“Nowadays, fraudsters are operating on a large scale as gangs. In e-commerce, we need different levels of KYCs and monitoring (say, the mobile number and UPI need to match) to ensure authenticity," said Vijayant Gaur, director general of the Cyber Security Association of India.

 

The Indian Cybercrime Coordination Centre (I4C), established by the Ministry of Home Affairs and Amazon India, is a collaboration that will launch a nationwide initiative designed to safeguard consumers from the growing rising threat of online scams and fraud.

 

"Shopping is a natural part of every Indian household in the festive season. It is also a time of heightened fraudulent activity by scamsters who try to dupe consumers, particularly vulnerable groups like first-time internet users and senior citizens,” said Nishant Kumar, Director, I4C. “This partnership with Amazon will create awareness for consumers on how to detect frauds and avoid falling prey to them,” he added.

 

As part of the campaign called #ScamSmartIndia, I4C and Amazon will jointly drive a series of initiatives at a national and regional level in the coming months. The partnership aims to take cyber literacy to the grassroots, making it accessible, relatable, and actionable by combining education, awareness, and technology-led prevention.

 

These include engaging social media content that breaks down complex fraud scenarios into easy-to-understand safety tips, digital ads featuring safety advisories that reach millions of households, and educational flyers in Amazon packages. There are also weekly multilingual tips under the ‘Scam-Free September’ initiative to guide consumers to shop safely during the festive season and a national hackathon to develop AI-powered solutions for scam detection and prevention.

 

Rakesh Bakshi, vice president (Legal), Amazon India, said when scammers misuse names of known brands to lure customers to divulge, they don't just harm businesses – they damage consumer confidence in the entire digital economy of the country.

 

“Through our partnership with I4C, we want to take proactive steps to create practical solutions that educate and empower shoppers to recognize, avoid, and report scams,” said Bakshi.

 

Other e-commerce firms have similar initiatives or are using technology to address the issue.

 

Ensuring platform safety

 

Experts believe that continuous monitoring of all third-party integrations is crucial during the peak sales season since cyber threats arising from one of the software vendors could contaminate the entire system.

 

“Ensuring regular updates and patches for all third-party software is essential to mitigate known vulnerabilities. Moreover, implementing robust API (application programming interface) security is critical, given that APIs facilitate connections across various operations like order processing, inventory management, and customer interactions” Desai from Sequretek added.

 

Additionally, in the age of artificial intelligence (AI) and deepfakes, machine learning-based anomaly detection can enable platforms to detect early signs of fraud and risk.

 

“Behavioural analytics can be used to create a baseline of normal user behavior, allowing for immediate flagging of deviations. Introducing out-of-band validation for sensitive transactions, for example, those involving changes in bank information, adds an extra layer of protection,” he added.

 

Furthermore, he explained that merchants in rural areas need specific support to protect their businesses from cyberthreats.

 

“This means not just helping them commercially but also providing cybersecurity education and training. This includes proactive education, hands-on training, and simplified tools that make secure transactions second nature,” he said.