Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:20 PM
Dark Reading
Dark Reading
Products and Releases

Visa eCommerce Fraud Report A Mixed Bag

Estimated revenue lost to fraud in North America: $2.7 billion

MOUNTAIN VIEW, Calif., January 18, 2011 - CyberSource, a Visa Company (NYSE: V), today announced results from its annual surveys of eCommerce fraud in North America and the U.K. Overall findings suggest both regions continue to face challenges with illegal activity in the online sales channel.

At least one headline result shows differing directions. In the U.S. and Canada, online merchants say their 2010 fraud rate (the percent of accepted orders which later turn out to be fraudulent) remained at 0.9% for the second straight year. U.K. merchants, on the other hand, say their fraud rate rose from 1.6% in 2009 to an average of 1.9% in 2010-twice the rate seen by U.S./Canadian merchants. CyberSource experts point to a number of likely causes for this development in the U.K., ranging from the greater incidence of cross-border eCommerce within the European region to "fraud migration" in which fraudsters, facing stiff challenges in one location, simply direct their efforts elsewhere, including the U.K. "U.K. merchants have long been more internationally focused," said Akif Khan, architect of the U.K. survey and Director, Products and Services for CyberSource. "The share of U.K. merchant revenue derived from international online orders is about 50% higher than that of North American merchants. And year after year, CyberSource surveys show the fraud rate associated with international orders is higher. More generally, as eCommerce becomes more global, fraudsters can easily migrate from one location to the next. "

Selected findings from the 2010 surveys

Fraud rate: On average, North American merchants say less than 1% (0.9%) of online orders received were fraudulent in 2010, identical to the year before. That translates to a 2010 merchant dollar loss of approximately $2.7 billion. This is the second consecutive decline in North American fraud losses. CyberSource estimates U.S./Canadian merchants lost $3.3 billion in 2009, and $4.0 billion in 2008. U.K. merchants saw an uptick in their fraud rate from 1.6% to 1.9%. Both of these regional averages vary dramatically by merchant size, larger organizations typically doing better at finding and rejecting fraudulent orders than their smaller counterparts.

Frequency of manual review: Manual review is an effective but expensive anti-fraud practice. In the U.K. in 2010, merchants manually reviewed 20% of their orders, slightly above the year before; in North America, the rate was 17%, down from 20% the year before.

Percent of orders accepted after review: Merchants in both North America and the U.K. ultimately accepted over 70% of the orders they chose to manually review. According to Doug Schwegman, CyberSource Director, Worldwide Market Intelligence "More accurate automated screening could yield savings to merchants on both sides of the Atlantic."

Order rejection rate: Here, too, there were differences between North American and U.K. rates. The share of incoming orders North American merchants declined to accept due to suspicion of payment fraud in 2010 was 2.7%, up from 2.4 % the year before-an increase after two years of decline but still below the 4% average rate seen prior to 2008. In the U.K., merchants still see considerably higher order rejection rates, reporting they reject 5% of incoming orders due to suspicion of fraud, up from 4.6 % last year. "Over the 12 years of survey data we have consistently seen that merchants with high fraud losses have higher order rejection rates," said Schwegman. "A merchant's first reaction to growing fraud is often to tighten order acceptance criteria and start rejecting more orders. When the U.K. fraud rates come down, I think you will see fewer orders rejected."

Use of case management: Both North American and U.K. merchants are making significant use of case management systems (which consolidate order information and present the results for reviewers to assess). The survey found that 37% of U.K. merchants use such systems compared to 41% of U.S./Canadian merchants. In both regions, larger merchants tend to make greater use of these sophisticated tools.

Increasing review staff in 2011: If merchants in either group believe the answer to their fraud issues lies in more people, their budgets do not reflect that strategy. Only 13% of U.K. merchants say they have budget to increase staff in the year ahead-16% in North America.

Automated detection a top priority: 53% of North American merchants identified improving automated fraud detection as a top priority for 2011. About 30% of U.K. merchant respondents agree. Fraud changes: U.S./Canadian merchants said the biggest changes to fraud they faced in 2010 were increases in "friendly fraud" (where buyers repudiate a transaction even after they've received the ordered goods or services), "cleaner fraud" (harder to distinguish good orders from bad), and international fraud.

To obtain a copy of the North American survey results -- for journalists: please call or email Bruce Frymire (650-965-6042, [email protected]). For all others: please visit www.cybersource.com/fraudreport2011.

To register for a copy of the U.K. report, please visit: www.cybersource.co.uk/fraudreportregister. Journalists or analysts please contact Helen Carroll on +44 (0)1628 628 080 or [email protected]

The twelfth annual North American CyberSource fraud survey was commissioned by CyberSource Corporation and executed by Mindwave Research of Austin, Texas. The survey was fielded September 15th through October 19th, 2010 and yielded 334 qualified and complete responses. The sample was drawn from a database of companies involved in electronic commerce activities. Incentives to respondents included a summary of the research.

The seventh annual U.K. Online Fraud Report survey was conducted by research group Vanson Bourne and was commissioned by CyberSource Ltd. The survey was fielded from 6 September 2010 to 1 October 2010 and yielded 200 qualified responses. The sample was drawn from a database of companies involved in eCommerce activities. Incentives to respondents included entry into a prize draw for an iPad.

About CyberSource CyberSource, a wholly-owned subsidiary of Visa Inc., is a payment management company. Over 300,000 businesses worldwide use CyberSource and Authorize.Net brand solutions to process online payments, streamline fraud management, and simplify payment security. The company is headquartered in Mountain View, California with international offices in Reading, U.K.; Singapore; and Tokyo. CyberSource operates in Europe under agreement with Visa Europe. For more information, please visit www.cybersource.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-25
The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightn...
PUBLISHED: 2020-09-25
A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP s...
PUBLISHED: 2020-09-25
The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet...
PUBLISHED: 2020-09-25
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.
PUBLISHED: 2020-09-25
Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation.