Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

U.S. E-Commerce Fraud Total Will Hit $4 Billion, Study Says

Online fraud costs merchants about 1.4 percent of their top-line revenue annually, survey says

U.S. companies that do electronic commerce will lose a record $4 billion to online fraud this year, but they are taking steps to fight it, according to a report issued today.

According to the annual Cybersource survey on e-commerce fraud, e-commerce fraud is up slightly over 2007, when it set the previous record of $3.7 billion. The 2008 figure represents about 1.4 percent of merchants' total online revenue for the year -- roughly the same percentage of loss that merchants have experienced in each of the past three years.

"For years, U.S. e-commerce merchants have fought fraudsters to what amounts to an annual standoff," says Doug Schwegman, CyberSource director of market and customer intelligence. "Losing on average about 1.4 percent of sales to fraud has been the constant. This year, however, for the first time, merchants could not rely on double-digit market expansion to bolster online revenue growth or to cover inefficiencies."

To date, many merchants have been fighting fraud by flagging suspicious orders and reviewing them manually, Cybersource says. For each of the past six years, approximately one out of every four online orders has been manually reviewed, and in 2007 approximately 4.2 percent of orders were rejected due to suspicion of fraud.

This year, however, merchants are accepting a higher percentage of orders, rejecting just 2.9 percent, according to the study. "Falling rejection rates, coupled with steady fraud rates, imply that merchants are more successful this year than in previous years at fighting fraud," the study says.

Midsize merchants " those with online revenue of $5 million to $25 million -- are most challenged by online fraud, the study says. When compared with larger merchants, midsize companies show higher order rejection rates (4.3 percent vs. 2.4 percent), higher manual review rates (34 percent of orders, vs. 15 percent), and higher fraud loss rates (1.6 percent of revenue vs. 1.2 percent).

"We believe the largest merchants are simply better at fighting fraud," Schwegman says. "They make better use of fraud detection tools and other resources. And, as they work through the growing pains of becoming a large merchant, midsize merchants' fraud metrics may actually spike if they haven't implemented the tools and established the review expertise to sufficiently protect them from the increase in the volume of fraudulent activity." Fraud chargebacks can represent a profit potential for merchants, the study says. Currently, merchants fight only about half of the fraud chargebacks they receive. One-third of merchants challenge fewer than 10%. But merchants that do elect to challenge chargebacks recover, on average, 28% of their fraud chargebacks. "For many merchants, this remains an untapped opportunity," Cybersource says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I feel safe, but I can't understand a word he's saying."
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11111
PUBLISHED: 2020-03-31
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
CVE-2020-11112
PUBLISHED: 2020-03-31
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
CVE-2020-11113
PUBLISHED: 2020-03-31
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CVE-2020-10374
PUBLISHED: 2020-03-30
A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form.
CVE-2020-11104
PUBLISHED: 2020-03-30
An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if...