Two-thirds of online retailers say they feel threatened by payment fraud, something which threatens to hold back e-commerce growth in the UK. 

The stats come from payment provider Sagepay, which surveyed 1,000 retailers, also revealed a lack of awareness of what they need to do to meet the industry standards (PCI DSS) on payment security. 

According to the Sagepay survey, just 39% of online retailers actually understand the definition of PCI DSS compliance, while 65% don't believe they are responsible for covering the implications of payments fraud committed on their site.

A recent Cybersource online fraud report also looked at this problem, revealing that one in eight online retailers in the UK are now losing 5% or more of their online revenue to fraud.

Perhaps smaller retailers need to be more aware, but the outlay required to implement anti-fraud measure can be a drain on resources. This means that payment fraud can affect smaller e-tailers disproportionately, as they can't afford to use all of the tools that are available and typically rely on one or two third-party tools to fight fraud.

According to Cybersource, More than 40% of the smallest businesses are yet to implement CVN (Card Verification Number) checking, which is one of the simplest  ways to help check that the buyer is in possession of the card they are using. 

Also, while around 90% of larger businesses will have implemented Verified by Visa or MasterCard SecureCode by the end of 2009, the figure will be closer to 60% for smaller retailers.

Trevor Ginn of Hello Baby thinks that payment providers could do more to help online retailers:

In recent years it has become easier to accept payments online with companies like PayPal and Google checkout saying that setting up payments can be done in a matter of minutes. Where I think the payment providers fail is in making any attempt to educate their merchants in the risks to taking credit cards or recommend any best practice.

According to Trevor, some of these payment solutions (PayPal, Google Checkout, Sagepay etc) are sent to merchants without all the security tools set to high levels:

The reason that the payment gateways don’t set the security at a high level is that they want to give people the freedom to choose. What I think is really lacking is a step by step procedure which makes people aware of the settings they are choosing, even if it is by default.  In my experience (PayPal, Google checkout, Sagepay), this does not happen, and the merchant is expected to be aware of the risks.

There is also a lack of protection from the authorities, something retailers have complained about before, which is partly due to lack of resources allocated to police e-crime units.

There seems to be a reluctance to investigate cases of online fraud; Dominic Yacoubian of the now defunct 247Electrical told us last year that he stopped reporting fraud to the police as it wasn't worth the time and effort. 

Graham Charlton

Published 4 June, 2009 by Graham Charlton

Graham Charlton is the former Editor-in-Chief at Econsultancy. Follow him on Twitter or connect via Linkedin or Google+

2565 more posts from this author

You might be interested in

Comments (2)



All very true.

When the risks of fraud fall almost completely on the retailer, there is very little incentive for other parties to provide appropriate support and guidance.

about 9 years ago



It is sad those people will doanythingto separate you from  your hard earned cash . I would not give my credit card online under no circumstances

over 8 years ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.