Two-thirds of online retailers say they feel threatened by payment fraud, something which threatens to hold back e-commerce growth in the UK.
The stats come from payment provider Sagepay, which surveyed 1,000 retailers, also revealed a lack of awareness of what they need to do to meet the industry standards (PCI DSS) on payment security.
According to the Sagepay survey, just 39% of online retailers actually understand the definition of PCI DSS compliance, while 65% don't believe they are responsible for covering the implications of payments fraud committed on their site.
A recent Cybersource online fraud report also looked at this problem, revealing that one in eight online retailers in the UK are now losing 5% or more of their online revenue to fraud.
Perhaps smaller retailers need to be more aware, but the outlay required to implement anti-fraud measure can be a drain on resources. This means that payment fraud can affect smaller e-tailers disproportionately, as they can't afford to use all of the tools that are available and typically rely on one or two third-party tools to fight fraud.
According to Cybersource, More than 40% of the smallest businesses are yet to implement CVN (Card Verification Number) checking, which is one of the simplest ways to help check that the buyer is in possession of the card they are using.
Also, while around 90% of larger businesses will have implemented Verified by Visa or MasterCard SecureCode by the end of 2009, the figure will be closer to 60% for smaller retailers.
Trevor Ginn of Hello Baby thinks that payment providers could do more to help online retailers:
In recent years it has become easier to accept payments online with companies like PayPal and Google checkout saying that setting up payments can be done in a matter of minutes. Where I think the payment providers fail is in making any attempt to educate their merchants in the risks to taking credit cards or recommend any best practice.
According to Trevor, some of these payment solutions (PayPal, Google Checkout, Sagepay etc) are sent to merchants without all the security tools set to high levels:
The reason that the payment gateways don’t set the security at a high level is that they want to give people the freedom to choose. What I think is really lacking is a step by step procedure which makes people aware of the settings they are choosing, even if it is by default. In my experience (PayPal, Google checkout, Sagepay), this does not happen, and the merchant is expected to be aware of the risks.
There is also a lack of protection from the authorities, something retailers have complained about before, which is partly due to lack of resources allocated to police e-crime units.
There seems to be a reluctance to investigate cases of online fraud; Dominic Yacoubian of the now defunct 247Electrical told us last year that he stopped reporting fraud to the police as it wasn't worth the time and effort.