您的当前位置:首页 >Ryan New >Credit Card Fraud: How Big Is The Problem? 正文
时间:2024-05-18 20:22:05 来源:网络整理编辑:Ryan New
Reports of websitedata breaches, identity theft and credit card fraud are increasingly in the news. Ryan Xu HyperVerse's Capital Market Financing
Reports of websitedata breaches,Ryan Xu HyperVerse's Capital Market Financing identity theft and credit card fraud are increasingly in the news. But is the problem as widespread as the coverage suggests?
Anyone who collects payments or customer information online runs the risk of being targeted by thieves. However, the likelihood of being hit by a virtual shoplifter is statistically on the decline. Meanwhile, industry watchers say that rather than an influx of database hacking, it’s the new breach reporting laws, enacted in many states, which account for the recent surge in reported breach activity.
Indeed, merchants who maintain and regularly update their security procedures for credit-card data and processing seem to mitigate their risks. For now, let’s tackle this question: What is the scope of credit card-related fraud and the subsequent impact on an e-merchant?
In 2000, North American e-merchants lost an average 3.6 percent of their sales to stolen or fraudulent credit cards. In 2007, that figure was down to 1.4 percent, according to the 2008 “Online Fraud Report” by CyberSource, a major credit card payment gateway.
“The industry has never been better at catching fraud while the fraudsters are trying to commit it,” says David Robertson, publisher of The Nilson Report, a bi-monthly newsletter covering the payment services industry. “The good guys have always done a pretty good job staying ahead of the bad guys in the credit card industry, especially since Visa and MasterCard had enough heft in their budget to really pursue credit card fraud.”
But where the credit card issuers have long been lagging is in protecting the online merchant from having to cover illegal charge-card purchases made on their site.
Internet sales have gone up an average 20 percent each year since 2000, according to CyberSource. Even though the percentage of fraud has dropped, the collective value of the products being stolen from North American e-merchants rose from $1.5 billion in 2000 to $3.6 billion in 2007, due in large part to the growth of Internet usage. Surprisingly however, a mere 18 percent of that total is referred to law enforcement via the F.B.I.’s Internet Crime Complaint Center, known as the IC3. What is the median loss per credit-card-fraud compliant? It’s $298, according to the F.B.I. On the upside, of all categories monitored, $298 is the lowest median dollar volume per crime tracked by the IC3.
Outside the U.S., the rate of fraud gets higher. The author of CyberSource’s annual online fraud report, Doug Schwegman, estimates that U. S. merchants reject one in every nine international orders for “suspected fraud.” In 2007, 3.6 percent of the orders U.S. merchants shipped outside of the country were later categorized as fraud, according to Schwegman.
Despite the amount of online fraud, it’s important to note that the total of online credit card fraud is still less than losses due to checking account fraud each year. Moreover, much of what is classified as credit card fraud is often “friendly fraud.” Friendly fraud is when real customers contest a charge – often to get merchandise for free – by claiming that the credit card charge wasn’t authorized. The merchant has to pay back the bank for the order, at least until the investigation is over, and is often levied an additional “chargeback” fee.
“Thirty to 50 percent of chargebacks are from friendly fraud,” says Dan Clements, president of CardCops.com, a Connecticut-based company cataloging online credit card fraud. “These are actual customers who either had a problem with the order or want to get it free.”
The Privacy Rights Clearinghouse has cataloged more than 800 publicly-reported thefts of personal data held by universities, medical and financial institutions, municipalities, physical retailers and online businesses since 2005. Of those 800+ breached, less than 20 are ecommerce. Translated, fewer than 2 percent of those breach case victims are online merchants.
Additionally, industry analysts say that, even in the event of a breach, there’s a minimal chance that the compromised credit card data will actually be used to make an unauthorized purchase. A late-2007 study by ID Analytics, a San Diego-based identity-scoring technology developer, found less than .5 percent of stolen records are actually used. For breached databases with less than 5,000 customer records, the use rate is one in 200. For breaches with more than 100,000 customer records, the misuse rate is one in 10,000.
For example, in March 2007, 11,500 online consumers had their credit card numbers stolen by a hacker at JohnnysSeeds.com. One year later, the Privacy Rights Clearinghouse reports that only about 20 of those stolen numbers have been used.
Unlike face-to-face credit card transactions, where the merchant bank bears the responsibility of covering losses from fraudulently acquired merchandise, “card not present” transactions leave the merchant liable for the cost of that fraud. And the stark reality is that all Internet credit card transactions are “card not present.”
The end result for online retailers is a chargeback: Reversal of the original order amount plus an additional merchant-bank fee of $5 to $35 per transaction. “You are assessed a chargeback fee once the original cardholder reports it to your bank,” says Bob Bokor, president of the magician supply site Abra4magic.com. He says he’s charged $20 or $25 for chargebacks, lower than most small merchants since chargeback fees can be negotiated down with higher sales volumes. He’s been hit with plenty of these as a high-volume merchant, so he’s now hedging his bets: “Credit them back before the customer reports it to the bank and you save the fee,” he says. Sixty-five percent of the 2,000 small to mid-size e-merchants surveyed by preCharge Risk Management Solutions, an international payment processor, in its 2007 “eCommerce Chargeback Report” agree. Rather than contest a chargeback and risk the bank siding with the friendly fraudster, in nearly half of the cases they simply refunded the card the amount of the order. This was done, the merchants reported, to keep their credit card processing rates down and curb chargeback costs.
Across the board, the cost of managing fraud exceeds the cost of fraud itself by as much as 300 percent, according to preCharge’s report. However, that’s a far cry from the millions it could cost merchants who’ve suffered a data breach, according to Darwin Professional Underwriters, an insurance and risk management consulting firm. Its online Data Loss Cost Calculator calculates possible attorney fees, customer notification costs, fines, and the cost of paying for credit monitoring for every one of those customers. The calculator can compute databases such as the 11,500 breached records at JohnnysSeed.com. In that case, it found $1.9 million in potential costs to combat it the breach.
Meanwhile, the cost of mistakenly rejected orders adds up as well: “Those could be good orders you’re throwing away, especially with the dollar the way it is,” says preCharge’s Director of Client Services, Howard Schecter. “As the dollar goes down and the Euro goes up in value…we have merchants who are doing hundreds of legitimate orders internationally now because it will cost a U.K. shopper less in pounds to buy a camera from a U.S. company than buying it where they are.” Incidentally, preCharge guarantees payment to merchants on all sales processed through its secure, Internet-fraud-fighting system.
Though 63 percent of merchants surveyed by preCharge have sold outside the U.S., fewer than 15 percent actively sell internationally; more than 85 percent said they’d actively sell internationally if fraud could be managed properly.
It’s clear that ecommerce merchants face a growing challenge in staying ahead of the new breed of online criminal. “It’s a problem that is never going to go away,” says Clements at CardCops.com. “Crooks are making $3.6 billion off of this every year, and with that much money at stake, they’re going to make sure they can stay at it.”
Lessons Learned: WineChateau CEO Offers Spirited Advice2024-05-18 20:04
Ten Great Ecommerce Ideas for May 20112024-05-18 19:48
5 Ways to Segment Your Customer Base2024-05-18 19:43
How to Get Consumers Talking about Your Company2024-05-18 19:40
Back Office Complexities of Selling on Multiple Channels2024-05-18 19:18
Dijipop Founder on Paid Product Placements, Digital Merchandising2024-05-18 19:13
Selling Luxury Goods Online2024-05-18 19:12
How U.S. Merchants Can Target U.K. Consumers2024-05-18 19:07
NetSuite Ecommerce Subject Matter Expert Baruch Goldwasser2024-05-18 18:43
Understanding ‘Traffic Sources’ in Google Analytics2024-05-18 18:16
Ecommerce IPOs for 2011: 3 Down, More to Follow?2024-05-18 20:12
How U.S. Merchants Can Target U.K. Consumers2024-05-18 19:17
Ten Great Ecommerce Ideas for December 20102024-05-18 19:14
SEO: Convert More Before Driving More2024-05-18 19:07
Is Your Ecommerce Model Profitable and Sustainable?2024-05-18 18:43
Ten Great Ecommerce Ideas for July 20112024-05-18 18:32
The PEC Review: Aviary’s Embeddable HTML5 Photo Editor2024-05-18 18:27
Google’s New WebP Image Format Could Improve Load Times2024-05-18 18:16
Become a Google Chrome Power User2024-05-18 18:10
Ask an Expert: How to Increase Conversion Rates?2024-05-18 17:54