As India’s festive shopping peaks during this quarter of the year across digital and omnichannel retail, cybercriminals are finding new ways to exploit shoppers’ excitement and urgency. Fake QR codes, malicious payment links, and AI-generated brand impersonations are becoming increasingly common.

Karthik Krishnan, Partner at Deloitte India, in an interview with ETRetail, outlines how retailers and consumers can safeguard themselves in this rapidly changing threat landscape.

He further explains how festive-season cyber frauds have evolved from simple scams to AI-powered deception, and why ‘trust’ is now the most valuable currency in retail.

Edited Excerpts:

Q1. How has the nature of retail-focused cyber fraud evolved in recent years, especially during festive seasons?

Retail cyber fraud has evolved from simple transactional scams to behaviorally engineered attacks. During festive seasons, when digital transactions surge, cybercriminals exploit urgency and emotions to push fake offers, phishing links, and malicious QR codes. The rise of e-commerce and digital payments has expanded the attack surface, making consumers more vulnerable.“Fraudsters today are not just stealing data, they’re eroding consumer trust. Trust has become the new currency of digital commerce,” says Krishnan.

Q2. What are the most common and emerging scam trends consumers should be aware of?

Fake QR codes at pop-up stalls, BNPL (Buy Now Pay Later) scams, and social media-driven fake offers spike sharply during festive periods. Fraudsters impersonate brands and send fake promotional messages with malicious links or payment requests.

“Consumers should stay cautious – verify before you click, and pause before you pay,” Krishnan warns. “Many scams now mimic legitimate brand communication styles, blurring the line between authenticity and fraud.”

Q3. How are cybercriminals using AI and how do you see cybersecurity teams countering it?

Cybercriminals are now using AI to personalize phishing campaigns, mimic brand content, and automate scams at scale. Deepfakes and synthetic content make it harder to distinguish real from fake.

“The future of trust depends on proactive design and smart regulation,” Krishnan notes, pointing to the government’s draft IT Rules mandating labelling of AI-generated content.

On the defense side, cybersecurity teams are using AI-driven behavioral analytics and real-time detection to stay ahead. “AI now powers both the attack and defense side of the cyber battlefield,” he adds.

Q4. With consumers rapidly adopting digital payments, what role does awareness play in preventing fraud?

Consumer awareness and digital hygiene remain the first line of defense. Simple precautions like checking URLs, avoiding public Wi-Fi for payments, and not sharing OTPs can prevent most frauds.

“During festive rush, deals that look too good to be true often are,” says Krishnan. “Retailers and payment providers must drive awareness campaigns to build long-term trust.”

Q5. What steps can retailers take to safeguard their platforms and build trust?

Retailers must deploy multi-layered security, including secure gateways, two-factor authentication, and real-time fraud monitoring.

“Building trust also means being transparent about data handling and acting swiftly when frauds occur,” he says. “Trust-led resilience can become a differentiator, turning cybersecurity from compliance to competitive advantage.”

Q6. How can regulators, payment platforms, and retailers collaborate better?

Krishnan emphasizes an ecosystem-level response. Regulators, payment platforms, and retailers should share threat intelligence, standardize fraud reporting, and run joint consumer awareness drives.

“The goal is to make digital trust a shared responsibility across the ecosystem,” he says.

Q7. As we are in the festive period, what’s suggested while making the purchases?

“Stay alert and sceptical of unusually generous offers. Use only official apps or websites, enable transaction alerts, and never share personal information,” Krishnan advises. “Most importantly – pause before you pay. Scammers thrive on urgency; taking a moment can save you from a costly mistake.”

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!