Computer Crime Research Center


E-fraud: damage increases

Date: November 10, 2005
By: Jack Kapica

Fraud is becoming such a problem that it is expected to carve $2.8-billion (U.S.) out of the e-commerce industry in 2005, up $200-million from the year before.

This year, mid-to-large merchants fared worse as their fraud rates went up for the first time in some years.

The alarm was sounded by the seventh annual CyberSource Corp. fraud survey, which says the over-all rate of fraud loss remains relatively constant at 1.6 per cent of revenue, merchants selling $5-million to $25-million annually on-line saw fraud losses increase from 1.5 per cent to 1.8 per cent of revenue.

Large enterprises — those selling more than $25-million — saw losses increase from 1.1 per cent to 1.2 per cent of revenue.

Cybersource, of Mountain View, Calif., a provider of electronic payment and risk management systems, also reported that international e-commerce continues to be a far higher risk, with order rejection and fraud rates about three times higher than the overall rate.

But smaller merchants — those with annual e-commerce revenues of less than $5-million — experienced lower loss due to fraud compared to 2004.

The result is that all merchants are reviewing more orders manually, Cybersource said. Moreover, 75 per cent of the study's respondents say they are unable to add staff despite the increase of their e-commerce businesses.

Small businesses are most careful with their orders, manually examining one out of every four orders.

Mid-to-large merchants have been forced use twice as many screening and automated decision tools as small businesses to realize productivity gains.

They did this with essentially the same staff levels as the year before, Cybersource said. Forcing more orders through an already cumbersome manual review process is affecting the percentage of orders accepted that ultimately turned out to be fraudulent.

"Merchants used to be able to just throw people at this problem," said Cybersource's Doug Schwegman said in a statement. "But there's an inherent limitation to that. What merchants need today is greater efficiency, greater intelligence, even technology breakthroughs.

"The bad guys have put the larger merchants in a challenging situation."

The rate of manual review for the largest merchants did not grow from 2004 to 2005, holding at 15 per cent both years, while their fraudulent order rate drifted up from 0.9 per cent to 1.1 per cent.

"That does not translate to success for this class of merchants," Mr. Schwegman said. "The larger merchant needs to see this review rate drop every year, while driving fraudulent orders significantly below 1 per cent. Reviewing 15 per cent of orders is far too high when you consider the exploding volumes of the largest on-line merchants. With eCommerce growing more than 20 per cent, merchants need to increase efficiency each year to keep pace."

Two basic tools have gained popularity among merchants: an address verification system (used by 75 per cent of merchants), which compares the address on file at the card issuer to the billing address provided by the cardholder, and card verification number (used by 66 per cent of merchants), which checks additional digits printed on the card.

Over half the merchants said they are currently using or intend to implement MasterCard's SecureCode or Visa's Verified by Visa payer authentication systems before year-end 2006.

Orders originating outside the United States or Canada tend to carry a far higher risk of fraud, Cybersource said. Merchants decline 12.4 per cent of their offshore orders on suspicion of fraud, more than three times the overall rejection rate of 3.9 per cent. The portion of those international orders accepted that later turn out to be fraudulent is 2.4 per cent, nearly two and a half times the overall rate of 1 per cent.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo