Consumers in North Dakota are far less likely to experience an incident of e-commerce fraud than those living in West Virginia. Knowing this informs Forter's monitoring of e-commerce fraud.
West Virginia had the highest percentage of e-commerce fraud instances at 2.11%, or just more than two per 100 transactions. It earned the state the poorest ranking in a list of the country's 50 states that Israel-based Forter compiled to examine fraud trends as the U.S. moves toward EMV-chip cards for in-store payments.
Security experts have long warned retailers and banks that card fraud will migrate quickly to card-not-present transactions, (i.e., e-commerce) as a result of tighter security at the point of sale.
North Dakota was on the other end of the e-commerce fraud spectrum, with no fraudulent transactions during the past six months, the period in which Forter compiled its findings through matching the billing address with the card's address verification system on each e-commerce transaction.
Generally, card-not-present fraud results from data breaches and can occur in any state. The difference in the rates of individual states can be affected by population, available technology, or a significant base of customers for a retailer that may have suffered a recent major breach, said Noam Inbar, Forters vice president of business development.
"We know that in states that tend to buy more international products or those that have more financial institutions and global commerce, we could see a high rate of fraud vulnerability," Inbar said.
U.S. retailers tend to be more aware of security and will protect their e-commerce sites more diligently than merchants in other countries, Inbar predicts.
Forter provides real-time transaction authorization for its merchant and financial institution clients. The company has a policy of covering any chargeback costs if it authorizes a transaction that results in a fraudulent sale.
While the ranking of states is an interesting way to analyze fraud data, on its own it likely won't be extremely helpful to merchants developing a fraud strategy, said Julie Conroy, research director and fraud expert with Boston-based Aite Group.
"When merchants are determining where to do business, they wouldn't look at whole states, per se," Conroy said. "They are getting down to different floor levels to determine where high-crime activity might be."
To develop useful information regarding fraud hot spots, the data has to have a narrow focus beyond the state level, Conroy said. "I am sure Forter can do that, and that type of information is when you get to the really useful stuff for developing a fraud strategy," she added.
By using the billing addresses and address verification matches, Forter can demonstrate that merchants can't rely on device location services alone to stop fraud, Inbar said.
"Fraudsters have the technology to mask their IP and location, and we have the technologies to identify that," Inbar said.
It is difficult to ascertain why North Dakota observed no e-commerce fraud during the study period, but it is likely that the research shows there is not as much e-commerce rooted in that state, compared to those with major cities, Inbar said.
Delaware (2.08%), Minnesota (2.02%), Arkansas (1.80%) and Nevada (1.63%) rounded out the five states with the most e-commerce fraud, along with West Virginia. Not surprisingly, West Virginia is the most popular state for fraudsters to use a fake Internet Protocol (IP) address.
There are legitimate or innocuous reasons for hiding an IP address that are not necessarily related to fraud, which is why Forter has to analyze all transaction data available, Inbar said. But its research found that 80% of the time purchasers were hiding a West Virginia IP address, they were indeed fraudsters.