The holiday rush creates perfect conditions for fraud: busy staff, high transaction volumes, and pressure to process sales quickly. With seasonal workers and extended hours, businesses become particularly vulnerable. One in five small businesses has been victimized by fraud according to a study by Payments Canada, and nearly two-thirds of Canadian businesses have faced cybersecurity incidents. Beyond immediate financial losses, these breaches can permanently damage customer trust, supplier relationships, and business reputation.
Here is what to watch for and how to protect your business during this critical season.
Card-present
This fraud occurs in-person when fraudsters use counterfeit or stolen cards. Watch for customers who seem unusually rushed, make large or atypical purchases, or try multiple cards after declines. Be alert when someone acts overly friendly or pressures staff to bypass security measures during busy periods.
Card-not-present
This fraud targets online and phone orders. Fraudsters often order high-value items, make bulk purchases of easily re-sellable goods, or create unusual combinations of products. They typically resist providing detailed information, may use mismatched shipping and billing addresses, and often attempt multiple transactions in quick succession.
How to protect your business
The Albertan owners of a Calgary pub were finalizing their business sale when they received a call during a busy 5 PM happy hour, claiming to be from the power company, and threatening immediate shutoff due to unpaid bills. Already stressed about utility transitions, they quickly paid $2,000 through an emailed payment link without verification. The call and email were scams, deliberately timed to exploit their vulnerability during a busy and hectic period for their business.
Criminals often hack supplier email accounts to request payment changes and use phone spoofing to appear as legitimate vendors or utilities, combining urgent demands with service interruption threats.
How to protect your business
Criminals frequently target small businesses with unsolicited advertising, posing as directory publishers or charities seeking urgent donations.
To protect yourself and your business:
Shipping notification scams
Cybercriminals send fake delivery alerts appearing to be from legitimate carriers, claiming urgent delivery problems to steal credentials or install malware.
How to protect your business:
Denial of service (DoS) and distributed denial of service (DDoS)
These attacks overwhelm online systems by flooding them with massive traffic, effectively shutting down digital operations and causing significant impact to a business’ operations, finances and reputation. Common impacts include:
It is highly recommended that businesses leverage strategies to defend against DoS and DDoS attacks. Because these attacks can use sophisticated, multi-channel approaches, protecting your business means layering in multiple lines of defense, such as rate limiting, blackhole routing, firewalls and continuous monitoring of web traffic.
For smaller businesses with limited resources, the Canadian Centre for Cyber Security recommends engaging a third-party provider who can implement robust protections and protocols against DoS and DDoS attacks.
Mitigate cyber risks
The best course of action when considering fraud and cybersecurity is to be proactive and prepared.
Data breaches and cyber-attacks can lead to devastating costs for small businesses, from system recovery to legal expenses and customer notifications. Cyber insurance can protect business owners against the financial implications of some of these risks.
ATB offers small business cybersecurity insurance, ensuring small business owners have access to protection from data breaches, cyber-attacks, and related legal and recovery costs.