eCommerce Fraud Can Happen Anywhere
Fraud can happen anywhere in the eCommerce world. The thriving ecommerce landscape where online merchants offer goods and services to millions worldwide by way of website, mobile apps and social media platforms, putting in credit card information into websites is no longer causing caution and fear. We have become very comfortable with punching in personal information into our smartphones. More and more of us are buying, selling and banking online. We have also become immuned to the words spamming, hacking and spyware. Today managing fraud can cost a merchant millions. According to a new study, online retailers are still too reliant on verifying purchases with a username and password.
E-retailers spend more than 8% of their total annual revenue combatting fraud, according to a new study from research consulting firm Javelin Strategy and Research LLC.
Between fraud management costs, false positives and chargeback losses, e-retailers are losing a significant portion of their revenue to fraud, finds the September 2017 report “The Financial Impact of Fraud: Exploring the Impact of Fraud In A Digital World.” Javelin Strategy’s findings are based on an online study conducted in June of 500 e-commerce merchants generating $1 million or more in annual sales.
Of the merchants surveyed, the average yearly financial expense due to fraud and fraud prevention was $15.5 million and that represents 8% of annual revenue across all channels, including online and offline sales. Of that $15.5 million, 7% is attributable to chargebacks; 74% is for fraud management software, hardware and employees; and 19% comes from false positives.
“We consider this to be a very high percentage of revenue to lose to fraud and fraud mitigation expenditures, especially considering the lost opportunity for investing that money in revenue-generating activities,” says Al Pascual, Research Director Head of Fraud and Security at Javelin. “It signals a very aggressive fraud environment, especially in the digital space.”
False positives are legitimate transactions that are declined because rules - often overly rigid ones - flag them as fraudulent. For example, a transaction may be declined if the shipping and billing addresses don’t match. False positives affect retailers because they not only prevent sales, they also give consumers a negative view of the brand, Javelin says. Of a retailer’s transactions that are declined because of suspected fraud, 30% are actually legitimate, according to the report. Plus, that 30% is likely understated, as a consumer may give up without making a purchase and it is difficult for a retailer to determine the actual fraud on all transactions, according to the study.
60% of chargeback losses originate from online sales and an additional 14% are from transactions made on mobile devices. Only 25% of chargeback losses stem from in-person or physical store transactions. The remaining chargeback losses are by telephone, mail or self-service kiosk. 38% of merchants said fraud losses increased in the past 12 months, 22% said it was lower and 40% said it stayed the same. Consequently 33% of retailers say they plan to increase spending on fraud prevention next year, 54% will spend the same and 13% will decrease spending.
Javelin recommends retailers use fraud-fighting tools that inspect a consumer’s device, behavior and purchase activity, such as fingerprinting that uses data to identify individual PCs, phones or tablets to verify a shopper’s identity, because these elements are harder for a criminal to overcome. Retailers should rely less on such static data elements as the security code on the back of a credit card and physical address verification. Plus, using geolocation and device fingerprinting requires minimal to no effort from shoppers, Javelin says.
The survey finds that retailers are overly reliant on usernames and passwords to secure customer accounts, Javelin says. Here are the ways respondents say they authenticate purchases (they could choose more than one response):
- 75% username and password
- 40% dynamic security question, such as a questions from the customer’s shopping history.
- 45% two-factor authentication, such as one-time passwords
- 40% static knowledge-based authentication, such as preselected security questions
- 24% geolocation
- 17% device fingerprinting
Fraud Management will continue to be a critical area of investment given the dynamic nature of fraud it is an ever changing landscape. While each solution is not 100% fraud free, it is possible when you take the necessary precautions. There are many services and protocols already in place to help you achieve this, and you also can develop your own internally to ensure that every aspect of your business is completely covered.