Online merchants are dealing with hundreds of thousands of fraud attempts each day, but they say the various fraud-prevention tools at their disposal are helping them fight off the attacks.
Unfortunately, online merchants rarely prosecute the fraud cases that do arise, according to a report titled "Global E-Commerce: Merchants Under Siege (but Fighting Back)" from Boston-based Aite Group.
Aite surveyed 22 senior fraud prevention executives from e-commerce businesses in March and April. Of those businesses, 13 exceeded $500 million per year in transaction volume.
Most of the executives surveyed worked for merchants that also have brick-and-mortar operations and call centers, report author Julie Conroy McNelley, senior analyst and fraud expert with Boston-based Aite Group, tells PaymentsSource.
Of those merchants, 83% said they feel that fraud in the online channel represents the biggest challenge, while 11% said fraud at their brick-and-mortar operations was the main concern.
Only 6% indicated that fraud at their call centers was the top issue, though most survey participants said fraud could quickly migrate to the call centers from the Web if merchants' websites prove too difficult to crack.
While some industry trend surveys indicate that fraudsters' taking over consumer accounts has declined, that was not the case with those in the Aite study, McNelley says.
Account takeovers rose the most in the past two years. In such incidents, fraudsters steal the consumer's credentials and then attempt to use those same credentials for other accounts.
Sadly, most consumers use the same combination of e-mail address and password across the vast majority of their online relationships, the report noted.
"I have seen other reports that say account takeover is decreasing, but the executives we spoke to were emphatic that account takeover is dramatically increasing and they were just getting hammered with it," McNelley says.
Respondents ranked stolen card data, or fraudsters using phony credentials, right behind account takeover as a leading problem at their businesses.
Cybercrooks don't have a lot to lose in their attacks because they know how difficult it is for merchants to prosecute suspects, McNelley says.
Sixty-eight percent of respondents said they prosecuted less than 1% of the fraud cases, with 47% of those indicating they never prosecuted a case.
"It's just difficult to get law enforcement involved, and when the cases involve cross-border fraud other agencies have to get involved," McNelley says. "It can become a costly process for a merchant."
On the bright side, e-commerce merchants are employing more fraud-prevention tools, with 40% of respondents ranking device identity as the technology they use the most.
With device identity, software establishes a description of the computers accessing the online merchant's site. This allows fraud-prevention personnel to identify which computers are familiar and which are those of an attacker attempting to hack systems.
"The good news is that more fraud-prevention tools are becoming available and merchants have been successful in decreasing fraud," McNelley says. "The challenge is always to balance fraud prevention tools with the customer experience."
In reading between the lines of the report, another positive trend emerges, McNelley says.
"Merchants are thinking outside the box with fraud prevention and they are increasingly collaborating with card issuers to engage in efforts to stop fraud," McNelley says.
Merchants and issuers have not always had cordial relationships, but they understand they have a common enemy in hackers and need to work together, she adds.