The UK’s online retailers experienced a rise in the number of bad orders last year, with an average of 1.9% of orders turning out to be fraudulent.
This is the headline finding from Cybersource’s UK Online Fraud Report, which surveyed 200 etailers about the incidence of fraud and the challenges of fraud management.
I’ve been asking the report’s co-author Dr Akif Khan about the issues facing the UK’s online retailers as they attempt to combat fraud.
Why did online fraud rise last year?
Merchants are accepting more fraudulent orders, and part of the problem is that, while online sales volumes are growing, the investment in fraud management is not.
For example, while 77% of merchants surveyed are expecting a rise in sales in 2011, 59% expect fraud management budgets to stay the same.
This suggests that retailers are unable to scale fraud management to match this expected growth.
This could be that retailers have not been convinced by the business case for anti-fraud measures, or a tendency to put a fraud system in place and then leave it alone without the continual management that is needed to keep processes up to date.
Is fraud more of a problem for smaller retailers?
There are variations between different retailers. For example, large businesses expect to lose 1.2% of annual revenue to fraud, medium businesses 2.4% and small businesses 1.5%.
Small businesses generally have less efficient systems for detecting fraud which makes them more vulnerable.
Larger retailers employed an average of seven different automated anti-fraud tools, while smaller retailers used just four. There is a similar trend for manual review: larger retailers are able to review more orders.
Another issue is the payment solutions used by SMEs, which often come with basic security tools, though the retailer can tweak these systems to make them more secure.
In contrast, larger businesses can develop systems in house or will above the budgets to purchase more advanced fraud management systems.
Is the allocation of staff that ‘own’ fraud management another factor?
Yes, in many businesses the fraud management role is often an add-on to someone else’s job, which means they may not have enough time to devote to the issue. In larger firms, there tends to be a dedicated member of staff or a team in place to deal with fraud.
Is the rejection of genuine orders a big problem?
On average, 5% of transactions are rejected by anti-fraud measures, up slightly on last year. Many of these will be bad orders, but there are some good transactions being rejected.
This can be a problem for retailers, as rejecting an order can be embarrassing for the customer, and will deter them from attempting to shop again from that retailer.
The only solution is to keep fraud management systems and processes as up to date as possible.
How effective are schemes like Verified by Visa at preventing fraud?
3D Secure schemes, also known as payer authentication, such as Verified by Visa and MasterCard SecureCode continue to grow in popularity year-on-year.
These password protected identity verification services provide an additional layer of security for merchants, helping to mitigate the risk of online fraud. Payer authentication will not be completely effective if used in isolation but when combined with other fraud screening tools, it can help merchants minimise the cost of fraud to their organisation.
Are retailers satisfied with them, or do they deter some customers since they often have to leave checkout and fill in another form?
Some retailers have expressed concern about whether 3D Secure can have a negative impact on customer experience, but these concerns are abating as more and more merchants implement the scheme.
The report shows that Verified by Visa is one of the most popular anti-fraud tools, with 73% of UK merchants having implemented it, and a further 10% planning to implement it in 2011.
The key focus for merchants should be how they choose to integrate 3D Secure. The most successful implementations occur when merchants provide clear messaging and information to customers about the 3D Secure process so that customers are comfortable and therefore less likely to abandon the transaction at the checkout stage.
The fact that banks are becoming less dependent on ‘activation during shopping’ and are enrolling customers directly in 3D Secure also helps to reduce the number of potential steps during the shopping process, which should appeal to merchants.
The report finds that more companies are selling internationally. Presumably, this causes new problems for merchants?
Selling to international markets makes a lot of sense, it can insulate retailers against downturns in the domestic market, and provides a way to grow online sales.
However, it does present new problems around fraud management.
For one, manual review is more difficult, as knowledge of the local language and geography can be important when detecting fraudulent orders.
Retailers need to have the right tools in place when they begin to sell abroad.
In our survey, retailers rank the US as the third most likely source of fraud, behind Nigeria and Ghana. This is perhaps due to the sheer size of the US market, and also that high card penetration rates make it a target for fraudsters.
How do rates of online fraud in the UK compare with the US?
Fraud rates are higher than the US in this year’s report. I think this can be explained by the fact that the average UK retailer is selling to more international markets than US merchants.
This international expansion exposes retailers to more fraud, and helps to explain the discrepancy.
I’ve heard complaints from online retailers that the police are ineffective when dealing with cases of fraud. How do you see this?
I think it’s very difficult for the police to investigate every case of fraud, so I think the approach of targeting the larger organisations behind online fraud is the right one.
Also, everyone in the whole system needs to work to prevent fraud, including merchants, banks and card providers, companies offering payment solutions and the police.
The report will be released on Tuesday 25 January. You can register in advance for a copy of the report on the Cybersource website.