Manage Subscriptions · Subscribe Now · F.A.Q.'s
HOME · Sunday, May 11, 2008
Hosting, Infrastructure & Software
Credit Card Fraud: How Big Is The Problem?
Fraud percentage is declining, cost to prevent is high
By: Jennifer D. Meacham
Comments: 2
Reports of website data breaches, identity theft and credit card fraud are increasingly in the news. But is the problem as widespread as the coverage suggests?
Anyone who collects payments or customer information online runs the risk of being targeted by thieves. However, the likelihood of being hit by a virtual shoplifter is statistically on the decline. Meanwhile, industry watchers say that rather than an influx of database hacking, it's the new breach reporting laws, enacted in many states, which account for the recent surge in reported breach activity.
Indeed, merchants who maintain and regularly update their security procedures for credit-card data and processing seem to mitigate their risks. For now, let's tackle this question: What is the scope of credit card-related fraud and the subsequent impact on an e-merchant?
In 2000, North American e-merchants lost an average 3.6 percent of their sales to stolen or fraudulent credit cards. In 2007, that figure was down to 1.4 percent, according to the 2008 "Online Fraud Report" by CyberSource, a major credit card payment gateway.
"The industry has never been better at catching fraud while the fraudsters are trying to commit it," says David Robertson, publisher of The Nilson Report, a bi-monthly newsletter covering the payment services industry. "The good guys have always done a pretty good job staying ahead of the bad guys in the credit card industry, especially since Visa and MasterCard had enough heft in their budget to really pursue credit card fraud."
But where the credit card issuers have long been lagging is in protecting the online merchant from having to cover illegal charge-card purchases made on their site.
Scope of online merchandise theft
Internet sales have gone up an average 20 percent each year since 2000, according to CyberSource. Even though the percentage of fraud has dropped, the collective value of the products being stolen from North American e-merchants rose from $1.5 billion in 2000 to $3.6 billion in 2007, due in large part to the growth of Internet usage. Surprisingly however, a mere 18 percent of that total is referred to law enforcement via the F.B.I.'s Internet Crime Complaint Center, known as the IC3. What is the median loss per credit-card-fraud compliant? It's $298, according to the F.B.I. On the upside, of all categories monitored, $298 is the lowest median dollar volume per crime tracked by the IC3.
Outside the U.S., the rate of fraud gets higher. The author of CyberSource's annual online fraud report, Doug Schwegman, estimates that U. S. merchants reject one in every nine international orders for "suspected fraud." In 2007, 3.6 percent of the orders U.S. merchants shipped outside of the country were later categorized as fraud, according to Schwegman.
Despite the amount of online fraud, it's important to note that the total of online credit card fraud is still less than losses due to checking account fraud each year. Moreover, much of what is classified as credit card fraud is often "friendly fraud." Friendly fraud is when real customers contest a charge - often to get merchandise for free - by claiming that the credit card charge wasn't authorized. The merchant has to pay back the bank for the order, at least until the investigation is over, and is often levied an additional "chargeback" fee.
"Thirty to 50 percent of chargebacks are from friendly fraud," says Dan Clements, president of CardCops.com, a Connecticut-based company cataloging online credit card fraud. "These are actual customers who either had a problem with the order or want to get it free."
Scope of online data breaches
The Privacy Rights Clearinghouse (Privacyrights.org) has cataloged more than 800 publicly-reported thefts of personal data held by universities, medical and financial institutions, municipalities, physical retailers and online businesses since 2005. Of those 800+ breached, less than 20 are ecommerce. Translated, fewer than 2 percent of those breach case victims are online merchants.
Additionally, industry analysts say that, even in the event of a breach, there's a minimal chance that the compromised credit card data will actually be used to make an unauthorized purchase. A late-2007 study by ID Analytics, a San Diego-based identity-scoring technology developer, found less than .5 percent of stolen records are actually used. For breached databases with less than 5,000 customer records, the use rate is one in 200. For breaches with more than 100,000 customer records, the misuse rate is one in 10,000.
For example, in March 2007, 11,500 online consumers had their credit card numbers stolen by a hacker at JohnnysSeeds.com. One year later, the Privacy Rights Clearinghouse reports that only about 20 of those stolen numbers have been used.
Impact on the e-merchant
Unlike face-to-face credit card transactions, where the merchant bank bears the responsibility of covering losses from fraudulently acquired merchandise, "card not present" transactions leave the merchant liable for the cost of that fraud. And the stark reality is that all Internet credit card transactions are "card not present."
The end result for online retailers is a chargeback: Reversal of the original order amount plus an additional merchant-bank fee of $5 to $35 per transaction. "You are assessed a chargeback fee once the original cardholder reports it to your bank," says Bob Bokor, president of the magician supply site Abra4magic.com[KM1]. He says he's charged $20 or $25 for chargebacks, lower than most small merchants since chargeback fees can be negotiated down with higher sales volumes. He's been hit with plenty of these as a high-volume merchant, so he's now hedging his bets: "Credit them back before the customer reports it to the bank and you save the fee," he says. Sixty-five percent of the 2,000 small to mid-size e-merchants surveyed by preCharge Risk Management Solutions, an international payment processor, in its 2007 "eCommerce Chargeback Report" agree. Rather than contest a chargeback and risk the bank siding with the friendly fraudster, in nearly half of the cases they simply refunded the card the amount of the order. This was done, the merchants reported, to keep their credit card processing rates down and curb chargeback costs.
Across the board, the cost of managing fraud exceeds the cost of fraud itself by as much as 300 percent, according to preCharge's report. However, that's a far cry from the millions it could cost merchants who've suffered a data breach, according to Darwin Professional Underwriters, an insurance and risk management consulting firm. Its online Data Loss Cost Calculator calculates possible attorney fees, customer notification costs, fines, and the cost of paying for credit monitoring for every one of those customers. The calculator can compute databases such as the 11,500 breached records at JohnnysSeed.com. In that case, it found $1.9 million in potential costs to combat it the breach.
Meanwhile, the cost of mistakenly rejected orders adds up as well: "Those could be good orders you're throwing away, especially with the dollar the way it is," says preCharge's Director of Client Services, Howard Schecter. "As the dollar goes down and the Euro goes up in value...we have merchants who are doing hundreds of legitimate orders internationally now because it will cost a U.K. shopper less in pounds to buy a camera from a U.S. company than buying it where they are." Incidentally, preCharge guarantees payment to merchants on all sales processed through its secure, Internet-fraud-fighting system.
Though 63 percent of merchants surveyed by preCharge have sold outside the U.S., fewer than 15 percent actively sell internationally; more than 85 percent said they'd actively sell internationally if fraud could be managed properly.
It's clear that ecommerce merchants face a growing challenge in staying ahead of the new breed of online criminal. "It's a problem that is never going to go away," says Clements at CardCops.com. "Crooks are making $3.6 billion off of this every year, and with that much money at stake, they're going to make sure they can stay at it."
RESOURCE:
Data Loss Cost Calculator
Tech-404.com/calculator.html
Blinklist | Del.icio.us | Furl | Ma.gnolia | Newsvine | Spurl | Reddit | Technorati
Published on Wednesday, April 23, 2008
Comments:
You make valid points here Roger. The Association of Payment Clearing Services in London reports that, after adopting the ID Key system, U.K. retailers saw a drop of 11 percent in credit card fraud losses.
Posted by: Jennifer D. Meacham
Thursday, April 24, 2008
Ecommerce Articles
- Browse All Articles
- Browse our complete archive of ecommerce articles.
- Accounting, Management & Legal
- Ecommerce articles related to managing a small business including ecommerce accounting, business strategy and legal considerations.
- Conversion & Usability
- Online business articles about converting web site visitors into customers and how to gauge and improve your business website's usability.
- Development & Programming
- Articles to help designers, developers and programmers create successful, search engine friendly ecommerce websites and improve existing ones.
- Hosting, Infrastructure & Software
- Articles for ecommerce businesses about ecommerce web hosting, business infrastructure, business strategy and helpful ecommerce & small business software.
- Interviews & Profiles
- Interviews with prominent ecommerce business personalities and profiles of successful online businesses.
- Inventory & Shipping
- Ecommerce articles about inventory management, ecommerce order fulfillment and product shipping considerations.
- Marketing & Revenue Growth
- Articles relating to online marketing, email marketing and using the Internet to growing your business.
- Search Engine Optimization
- Search engine optimization articles for ecommerce business owners, strategists, marketers and developers.
- Shopping Carts & Online Payments
- Articles covering ecommerce shopping cart platforms and options for choosing an online payment gateway.
- Training & Education
- Tutorials and articles providing training and education for ecommerce business owners and developers of ecommerce websites.
Search Articles
Ecommerce Community
- Ecommerce Blogs
- Read our blogs about ecommerce topics written by industry professionals.
- Community Forum
- Connect with other ecommerce professionals to trade advice and answers in our community forum.
- Podcasts
- Check out our ecommerce podcasts covering topics ranging from interviews to tutorials.
- RSS Content Feeds
- Subscribe to our RSS feeds and have fresh ecommerce content delivered to you.
Ecommerce Resources
- Free Email Newsletter
- Sign up for Ecommerce Notes, our free email newsletter for ecommerce business owners and developers.
- Ecommerce Directory
- Browse our directory of ecommerce products and services, or submit your own listing in our directory.
- Ecommerce Glossary
- Familiarize yourself with terminology or submit terms to help others with our Ecommerce Glossary.
- Events Calendar
- Find out about upcoming ecommerce events or invite other ecommerce professionals by posting your own event.
- Press Releases
- Browse ecommerce related press releases and post your own press release for distribution.
- Ecommerce Store & Back Issues
- Pick up back issues of Practical eCommerce magazine along with other merchandise from Practical Ecommerce
About Practical eCommerce
- Frequently Asked Questions
- Look at frequently asked questions regarded using our website, subscribing to our magazine and more.
- Advertising Information
- Information about advertising in Practical eCommerce magazine, on our website, or in our email newsletters.
- Editorial Sharing
- Learn about options for sharing our content with your visitors, customers or employees.
- About Us
- Learn more about Practical Ecommerce magazine and meet our staff.
- Contact Us
- Contact Practical Ecommerce at any time for more information. We'd love to hear from you.
Copyright 2007 Confluence Distribution, Inc. and Practical eCommerce.
All Rights Reserved.
Massive increase in fraud crimes should make the government and banks realise that their data protection and Chip and PIN systems are diverting rather than deterring fraud crimes.
This shows that fraud will continue to grow until they exploit KEY and PIN system described on website www.xwave.co.uk which will deter BOTH identity and card fraud by making signature and PIN systems reliable and foolproof.
Fake documents have made our signature system unreliable while skimmers and pin-hole cameras etc. have made PIN system unreliable. We have option to make signatures reliable by personalising them with ID stickers and option to use Card Key Code to make PIN system reliable to make use of stolen and skimmed cards meaningless. By ignoring to exploit this system banks are only letting fraud crimes grow.
ID KEY system will eliminate the need for us to protect our personal and card details since fraudsters will be deterred from misusing these stolen details.
Proposed ID KEY can be treated as a reliable international ID card because it will personalise signature and PIN number to only the right individuals in any country.
We hope that the government and banks will appreciate these details and exploit KEY and PIN system before it is too late to stop a fraud boom.
Posted by: Roger
Thursday, April 24, 2008