Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

10/15/2012
03:12 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Merchants Fighting Fraud Online -- But Not Effectively, Reveals Study By SignatureLink And CardNotPresent.com

Study respondents are not only aware of fraud, a full 65% are attempting to address it through active verification systems

RIDGELAND, Miss. and NEWBURYPORT, Mass., Oct. 15, 2012 /PRNewswire/ -- Although most merchants have made a concerted effort to fight e-commerce fraud, their methods are largely ineffective against fraudsters and off-putting to consumers, according to a new survey conducted jointly by leading card-not-present (CNP) industry news source CardNotPresent.com and eCommerce stabilizer SignatureLink, Inc.

The SignatureLink SecureBuy(TM) 2012 CNP Fraud Study, conducted in August and September 2012, polled 379 online and offline merchants of all sizes about their anti-fraud efforts.

CardNotPresent.com and SignatureLink expected to find that many merchants were ignoring the threat of payment fraud and simply accepting chargebacks as a cost of doing business online. As it turns out, study respondents are not only aware of fraud, a full 65% are attempting to address it through active verification systems like Verified by Visa and MasterCard SecureCode. That's an admirable effort, said SignatureLink CEO Greg Wooten, but it's often a case of the cure being worse than the disease.

"We applaud the many merchants using active authentication techniques," Wooten stated, "but the user experience could be improved among legitimate customers by deploying risk-based passive authentication to invoke active authentication."

The study also showed that 52% of merchants are performing pre-fraud screening, typically geolocation of the customer's IP address. Unfortunately, fraudsters can easily manipulate those screening solutions.

"Very few merchants are using second-generation geolocation solutions,"

explained Wooten. "The problem is that a fraudster with any skill whatsoever simply spoofs his IP address and easily bypasses a first-generation geolocation filter. The merchant ends up with a false sense of security while remaining vulnerable to fraud."

Perhaps the greatest opportunity for merchants to shore up their e-commerce fraud fighting efforts lies in chargeback prevention and management. The SignatureLink SecureBuy(TM) 2012 CNP Fraud Study revealed that only 10% of merchants collect the buyer's consent to their terms and conditions (T&Cs) and refund policies through voice or signed consent. Of the remaining 90% of merchants, 50% simply require the customer to check a box during the online checkout process, and 40% never require the buyer to consent to anything at all.

That means 90% of merchants engaging in e-commerce are leaving themselves wide open to Cybershoplifting(TM), where the customer makes a purchase, receives the merchandise, and then disputes the transaction with his or her credit card company, triggering chargebacks for merchants.

"That in itself is a problem," noted Steven Casco, founder and publisher of CardNotPresent.com, "because our study also found that over 60% of merchants never have the buyer's signature on file for any transaction, and over half of merchants lose the chargeback representment process almost every time."

Moreover, a link or pop-up to a merchant's T&C does not solve the problem. "This approach is not in line with current regulatory standards and is actually considered deceptive," stated Wooten. "There's no way for either side to prove their case or to determine what the T&Cs were for a given transaction. Had they captured a signature within the sales draft that carried a true chain of custody, it would be a different story -- because in the e-commerce fraud space, the signature ultimately rules."

The full results of the SignatureLink SecureBuy(TM) 2012 CNP Fraud Study are available at: http://www.signaturelink.com/2012-cnp-fraud-study.html

About CardNotPresent.com

As one of the only sources of content focused solely on the growing card-not-present (CNP) segment of the payments industry, CardNotPresent.com is an independent voice generating original news, information, education and inspiration for and about the companies and people operating in the CNP space.

The company's media platforms include the CardNotPresent.com portal, CNP Report, CNP Expo, and CNP Awards. Sign up for free to receive the twice-weekly CNP Report featuring comprehensive coverage of the CNP payments space at www.cardnotpresent.com/signup/

About SignatureLink, Inc.

Founded in 2002, SignatureLink, Inc. is the eCommerce stabilizer. The company debuted its patented, electronic handwritten signature technology -- the online signature pad -- in 2005. Since then, SignatureLink has diligently developed products that help online retailers successfully fight Cybershoplifting(TM) and other forms of eCommerce fraud to lower the cost of payment acceptance and increase profits. Visit http://www.signaturelink.com for more information.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-18178
PUBLISHED: 2021-05-18
Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."
CVE-2020-20214
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
CVE-2020-20222
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20236
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
CVE-2020-20237
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.