Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:20 PM
Dark Reading
Dark Reading
Products and Releases

Visa eCommerce Fraud Report A Mixed Bag

Estimated revenue lost to fraud in North America: $2.7 billion

MOUNTAIN VIEW, Calif., January 18, 2011 - CyberSource, a Visa Company (NYSE: V), today announced results from its annual surveys of eCommerce fraud in North America and the U.K. Overall findings suggest both regions continue to face challenges with illegal activity in the online sales channel.

At least one headline result shows differing directions. In the U.S. and Canada, online merchants say their 2010 fraud rate (the percent of accepted orders which later turn out to be fraudulent) remained at 0.9% for the second straight year. U.K. merchants, on the other hand, say their fraud rate rose from 1.6% in 2009 to an average of 1.9% in 2010-twice the rate seen by U.S./Canadian merchants. CyberSource experts point to a number of likely causes for this development in the U.K., ranging from the greater incidence of cross-border eCommerce within the European region to "fraud migration" in which fraudsters, facing stiff challenges in one location, simply direct their efforts elsewhere, including the U.K. "U.K. merchants have long been more internationally focused," said Akif Khan, architect of the U.K. survey and Director, Products and Services for CyberSource. "The share of U.K. merchant revenue derived from international online orders is about 50% higher than that of North American merchants. And year after year, CyberSource surveys show the fraud rate associated with international orders is higher. More generally, as eCommerce becomes more global, fraudsters can easily migrate from one location to the next. "

Selected findings from the 2010 surveys

Fraud rate: On average, North American merchants say less than 1% (0.9%) of online orders received were fraudulent in 2010, identical to the year before. That translates to a 2010 merchant dollar loss of approximately $2.7 billion. This is the second consecutive decline in North American fraud losses. CyberSource estimates U.S./Canadian merchants lost $3.3 billion in 2009, and $4.0 billion in 2008. U.K. merchants saw an uptick in their fraud rate from 1.6% to 1.9%. Both of these regional averages vary dramatically by merchant size, larger organizations typically doing better at finding and rejecting fraudulent orders than their smaller counterparts.

Frequency of manual review: Manual review is an effective but expensive anti-fraud practice. In the U.K. in 2010, merchants manually reviewed 20% of their orders, slightly above the year before; in North America, the rate was 17%, down from 20% the year before.

Percent of orders accepted after review: Merchants in both North America and the U.K. ultimately accepted over 70% of the orders they chose to manually review. According to Doug Schwegman, CyberSource Director, Worldwide Market Intelligence "More accurate automated screening could yield savings to merchants on both sides of the Atlantic."

Order rejection rate: Here, too, there were differences between North American and U.K. rates. The share of incoming orders North American merchants declined to accept due to suspicion of payment fraud in 2010 was 2.7%, up from 2.4 % the year before-an increase after two years of decline but still below the 4% average rate seen prior to 2008. In the U.K., merchants still see considerably higher order rejection rates, reporting they reject 5% of incoming orders due to suspicion of fraud, up from 4.6 % last year. "Over the 12 years of survey data we have consistently seen that merchants with high fraud losses have higher order rejection rates," said Schwegman. "A merchant's first reaction to growing fraud is often to tighten order acceptance criteria and start rejecting more orders. When the U.K. fraud rates come down, I think you will see fewer orders rejected."

Use of case management: Both North American and U.K. merchants are making significant use of case management systems (which consolidate order information and present the results for reviewers to assess). The survey found that 37% of U.K. merchants use such systems compared to 41% of U.S./Canadian merchants. In both regions, larger merchants tend to make greater use of these sophisticated tools.

Increasing review staff in 2011: If merchants in either group believe the answer to their fraud issues lies in more people, their budgets do not reflect that strategy. Only 13% of U.K. merchants say they have budget to increase staff in the year ahead-16% in North America.

Automated detection a top priority: 53% of North American merchants identified improving automated fraud detection as a top priority for 2011. About 30% of U.K. merchant respondents agree. Fraud changes: U.S./Canadian merchants said the biggest changes to fraud they faced in 2010 were increases in "friendly fraud" (where buyers repudiate a transaction even after they've received the ordered goods or services), "cleaner fraud" (harder to distinguish good orders from bad), and international fraud.

To obtain a copy of the North American survey results -- for journalists: please call or email Bruce Frymire (650-965-6042, [email protected]). For all others: please visit www.cybersource.com/fraudreport2011.

To register for a copy of the U.K. report, please visit: www.cybersource.co.uk/fraudreportregister. Journalists or analysts please contact Helen Carroll on +44 (0)1628 628 080 or [email protected]

The twelfth annual North American CyberSource fraud survey was commissioned by CyberSource Corporation and executed by Mindwave Research of Austin, Texas. The survey was fielded September 15th through October 19th, 2010 and yielded 334 qualified and complete responses. The sample was drawn from a database of companies involved in electronic commerce activities. Incentives to respondents included a summary of the research.

The seventh annual U.K. Online Fraud Report survey was conducted by research group Vanson Bourne and was commissioned by CyberSource Ltd. The survey was fielded from 6 September 2010 to 1 October 2010 and yielded 200 qualified responses. The sample was drawn from a database of companies involved in eCommerce activities. Incentives to respondents included entry into a prize draw for an iPad.

About CyberSource CyberSource, a wholly-owned subsidiary of Visa Inc., is a payment management company. Over 300,000 businesses worldwide use CyberSource and Authorize.Net brand solutions to process online payments, streamline fraud management, and simplify payment security. The company is headquartered in Mountain View, California with international offices in Reading, U.K.; Singapore; and Tokyo. CyberSource operates in Europe under agreement with Visa Europe. For more information, please visit www.cybersource.com.


Recommended Reading:

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...