Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:20 PM
Dark Reading
Dark Reading
Products and Releases

Visa eCommerce Fraud Report A Mixed Bag

Estimated revenue lost to fraud in North America: $2.7 billion

MOUNTAIN VIEW, Calif., January 18, 2011 - CyberSource, a Visa Company (NYSE: V), today announced results from its annual surveys of eCommerce fraud in North America and the U.K. Overall findings suggest both regions continue to face challenges with illegal activity in the online sales channel.

At least one headline result shows differing directions. In the U.S. and Canada, online merchants say their 2010 fraud rate (the percent of accepted orders which later turn out to be fraudulent) remained at 0.9% for the second straight year. U.K. merchants, on the other hand, say their fraud rate rose from 1.6% in 2009 to an average of 1.9% in 2010-twice the rate seen by U.S./Canadian merchants. CyberSource experts point to a number of likely causes for this development in the U.K., ranging from the greater incidence of cross-border eCommerce within the European region to "fraud migration" in which fraudsters, facing stiff challenges in one location, simply direct their efforts elsewhere, including the U.K. "U.K. merchants have long been more internationally focused," said Akif Khan, architect of the U.K. survey and Director, Products and Services for CyberSource. "The share of U.K. merchant revenue derived from international online orders is about 50% higher than that of North American merchants. And year after year, CyberSource surveys show the fraud rate associated with international orders is higher. More generally, as eCommerce becomes more global, fraudsters can easily migrate from one location to the next. "

Selected findings from the 2010 surveys

Fraud rate: On average, North American merchants say less than 1% (0.9%) of online orders received were fraudulent in 2010, identical to the year before. That translates to a 2010 merchant dollar loss of approximately $2.7 billion. This is the second consecutive decline in North American fraud losses. CyberSource estimates U.S./Canadian merchants lost $3.3 billion in 2009, and $4.0 billion in 2008. U.K. merchants saw an uptick in their fraud rate from 1.6% to 1.9%. Both of these regional averages vary dramatically by merchant size, larger organizations typically doing better at finding and rejecting fraudulent orders than their smaller counterparts.

Frequency of manual review: Manual review is an effective but expensive anti-fraud practice. In the U.K. in 2010, merchants manually reviewed 20% of their orders, slightly above the year before; in North America, the rate was 17%, down from 20% the year before.

Percent of orders accepted after review: Merchants in both North America and the U.K. ultimately accepted over 70% of the orders they chose to manually review. According to Doug Schwegman, CyberSource Director, Worldwide Market Intelligence "More accurate automated screening could yield savings to merchants on both sides of the Atlantic."

Order rejection rate: Here, too, there were differences between North American and U.K. rates. The share of incoming orders North American merchants declined to accept due to suspicion of payment fraud in 2010 was 2.7%, up from 2.4 % the year before-an increase after two years of decline but still below the 4% average rate seen prior to 2008. In the U.K., merchants still see considerably higher order rejection rates, reporting they reject 5% of incoming orders due to suspicion of fraud, up from 4.6 % last year. "Over the 12 years of survey data we have consistently seen that merchants with high fraud losses have higher order rejection rates," said Schwegman. "A merchant's first reaction to growing fraud is often to tighten order acceptance criteria and start rejecting more orders. When the U.K. fraud rates come down, I think you will see fewer orders rejected."

Use of case management: Both North American and U.K. merchants are making significant use of case management systems (which consolidate order information and present the results for reviewers to assess). The survey found that 37% of U.K. merchants use such systems compared to 41% of U.S./Canadian merchants. In both regions, larger merchants tend to make greater use of these sophisticated tools.

Increasing review staff in 2011: If merchants in either group believe the answer to their fraud issues lies in more people, their budgets do not reflect that strategy. Only 13% of U.K. merchants say they have budget to increase staff in the year ahead-16% in North America.

Automated detection a top priority: 53% of North American merchants identified improving automated fraud detection as a top priority for 2011. About 30% of U.K. merchant respondents agree. Fraud changes: U.S./Canadian merchants said the biggest changes to fraud they faced in 2010 were increases in "friendly fraud" (where buyers repudiate a transaction even after they've received the ordered goods or services), "cleaner fraud" (harder to distinguish good orders from bad), and international fraud.

To obtain a copy of the North American survey results -- for journalists: please call or email Bruce Frymire (650-965-6042, [email protected]). For all others: please visit www.cybersource.com/fraudreport2011.

To register for a copy of the U.K. report, please visit: www.cybersource.co.uk/fraudreportregister. Journalists or analysts please contact Helen Carroll on +44 (0)1628 628 080 or [email protected]

The twelfth annual North American CyberSource fraud survey was commissioned by CyberSource Corporation and executed by Mindwave Research of Austin, Texas. The survey was fielded September 15th through October 19th, 2010 and yielded 334 qualified and complete responses. The sample was drawn from a database of companies involved in electronic commerce activities. Incentives to respondents included a summary of the research.

The seventh annual U.K. Online Fraud Report survey was conducted by research group Vanson Bourne and was commissioned by CyberSource Ltd. The survey was fielded from 6 September 2010 to 1 October 2010 and yielded 200 qualified responses. The sample was drawn from a database of companies involved in eCommerce activities. Incentives to respondents included entry into a prize draw for an iPad.

About CyberSource CyberSource, a wholly-owned subsidiary of Visa Inc., is a payment management company. Over 300,000 businesses worldwide use CyberSource and Authorize.Net brand solutions to process online payments, streamline fraud management, and simplify payment security. The company is headquartered in Mountain View, California with international offices in Reading, U.K.; Singapore; and Tokyo. CyberSource operates in Europe under agreement with Visa Europe. For more information, please visit www.cybersource.com.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-12-15
In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for ...
PUBLISHED: 2019-12-15
python-requests-Kerberos through 0.5 does not handle mutual authentication
PUBLISHED: 2019-12-15
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
PUBLISHED: 2019-12-15
jersey: XXE via parameter entities not disabled by the jersey SAX parser
PUBLISHED: 2019-12-15
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.