Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

1/20/2011
05:20 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Visa eCommerce Fraud Report A Mixed Bag

Estimated revenue lost to fraud in North America: $2.7 billion

MOUNTAIN VIEW, Calif., January 18, 2011 - CyberSource, a Visa Company (NYSE: V), today announced results from its annual surveys of eCommerce fraud in North America and the U.K. Overall findings suggest both regions continue to face challenges with illegal activity in the online sales channel.

At least one headline result shows differing directions. In the U.S. and Canada, online merchants say their 2010 fraud rate (the percent of accepted orders which later turn out to be fraudulent) remained at 0.9% for the second straight year. U.K. merchants, on the other hand, say their fraud rate rose from 1.6% in 2009 to an average of 1.9% in 2010-twice the rate seen by U.S./Canadian merchants. CyberSource experts point to a number of likely causes for this development in the U.K., ranging from the greater incidence of cross-border eCommerce within the European region to "fraud migration" in which fraudsters, facing stiff challenges in one location, simply direct their efforts elsewhere, including the U.K. "U.K. merchants have long been more internationally focused," said Akif Khan, architect of the U.K. survey and Director, Products and Services for CyberSource. "The share of U.K. merchant revenue derived from international online orders is about 50% higher than that of North American merchants. And year after year, CyberSource surveys show the fraud rate associated with international orders is higher. More generally, as eCommerce becomes more global, fraudsters can easily migrate from one location to the next. "

Selected findings from the 2010 surveys

Fraud rate: On average, North American merchants say less than 1% (0.9%) of online orders received were fraudulent in 2010, identical to the year before. That translates to a 2010 merchant dollar loss of approximately $2.7 billion. This is the second consecutive decline in North American fraud losses. CyberSource estimates U.S./Canadian merchants lost $3.3 billion in 2009, and $4.0 billion in 2008. U.K. merchants saw an uptick in their fraud rate from 1.6% to 1.9%. Both of these regional averages vary dramatically by merchant size, larger organizations typically doing better at finding and rejecting fraudulent orders than their smaller counterparts.

Frequency of manual review: Manual review is an effective but expensive anti-fraud practice. In the U.K. in 2010, merchants manually reviewed 20% of their orders, slightly above the year before; in North America, the rate was 17%, down from 20% the year before.

Percent of orders accepted after review: Merchants in both North America and the U.K. ultimately accepted over 70% of the orders they chose to manually review. According to Doug Schwegman, CyberSource Director, Worldwide Market Intelligence "More accurate automated screening could yield savings to merchants on both sides of the Atlantic."

Order rejection rate: Here, too, there were differences between North American and U.K. rates. The share of incoming orders North American merchants declined to accept due to suspicion of payment fraud in 2010 was 2.7%, up from 2.4 % the year before-an increase after two years of decline but still below the 4% average rate seen prior to 2008. In the U.K., merchants still see considerably higher order rejection rates, reporting they reject 5% of incoming orders due to suspicion of fraud, up from 4.6 % last year. "Over the 12 years of survey data we have consistently seen that merchants with high fraud losses have higher order rejection rates," said Schwegman. "A merchant's first reaction to growing fraud is often to tighten order acceptance criteria and start rejecting more orders. When the U.K. fraud rates come down, I think you will see fewer orders rejected."

Use of case management: Both North American and U.K. merchants are making significant use of case management systems (which consolidate order information and present the results for reviewers to assess). The survey found that 37% of U.K. merchants use such systems compared to 41% of U.S./Canadian merchants. In both regions, larger merchants tend to make greater use of these sophisticated tools.

Increasing review staff in 2011: If merchants in either group believe the answer to their fraud issues lies in more people, their budgets do not reflect that strategy. Only 13% of U.K. merchants say they have budget to increase staff in the year ahead-16% in North America.

Automated detection a top priority: 53% of North American merchants identified improving automated fraud detection as a top priority for 2011. About 30% of U.K. merchant respondents agree. Fraud changes: U.S./Canadian merchants said the biggest changes to fraud they faced in 2010 were increases in "friendly fraud" (where buyers repudiate a transaction even after they've received the ordered goods or services), "cleaner fraud" (harder to distinguish good orders from bad), and international fraud.

To obtain a copy of the North American survey results -- for journalists: please call or email Bruce Frymire (650-965-6042, [email protected]). For all others: please visit www.cybersource.com/fraudreport2011.

To register for a copy of the U.K. report, please visit: www.cybersource.co.uk/fraudreportregister. Journalists or analysts please contact Helen Carroll on +44 (0)1628 628 080 or [email protected]

The twelfth annual North American CyberSource fraud survey was commissioned by CyberSource Corporation and executed by Mindwave Research of Austin, Texas. The survey was fielded September 15th through October 19th, 2010 and yielded 334 qualified and complete responses. The sample was drawn from a database of companies involved in electronic commerce activities. Incentives to respondents included a summary of the research.

The seventh annual U.K. Online Fraud Report survey was conducted by research group Vanson Bourne and was commissioned by CyberSource Ltd. The survey was fielded from 6 September 2010 to 1 October 2010 and yielded 200 qualified responses. The sample was drawn from a database of companies involved in eCommerce activities. Incentives to respondents included entry into a prize draw for an iPad.

About CyberSource CyberSource, a wholly-owned subsidiary of Visa Inc., is a payment management company. Over 300,000 businesses worldwide use CyberSource and Authorize.Net brand solutions to process online payments, streamline fraud management, and simplify payment security. The company is headquartered in Mountain View, California with international offices in Reading, U.K.; Singapore; and Tokyo. CyberSource operates in Europe under agreement with Visa Europe. For more information, please visit www.cybersource.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7989
PUBLISHED: 2020-01-26
Adive Framework 2.0.8 has admin/user/add userUsername XSS.
CVE-2020-7990
PUBLISHED: 2020-01-26
Adive Framework 2.0.8 has admin/user/add userName XSS.
CVE-2020-7991
PUBLISHED: 2020-01-26
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
CVE-2020-7984
PUBLISHED: 2020-01-26
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/a...
CVE-2019-16029
PUBLISHED: 2020-01-26
A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. Th...