Despite the Recession, Online Fraud Takes a Dip in 2009

It often seems impossible to thwart online fraudsters, but e-commerce merchants made headway in the past year, according to CyberSource Corp.'s 11th annual study of e-commerce fraud. For the first time in four years, U.S. and Canadian merchants reported a decline in the average percentage of online revenues lost to fraud?1.2%, the lowest in the widely watched survey's history. The fraud-loss rate had held steady at 1.4% since 2006. Online fraud will cost North American merchants an estimated $3.3 billion in losses this year, down 18% from the record $4 billion last year. Doug Schwegman, director of market and customer intelligence at Mountain View, Calif.-based CyberSource, tells Digital Transactions News that he and some of his colleagues thought the weak economy might cause some people to turn to crime. “We're expecting to see fraud rates go up this year on the theory of the recession,” he says. But it didn't happen. CyberSource, a risk-management firm, commissioned Austin, Texas-based Mindwave Research to compile the data, which were gathered by e-mail invitations and resulted in 352 qualified completed interviews from Sept. 10 to Oct. 7. Interviewees were ultimately responsible for or influenced policy and decisions in online payment risk at their companies. The responding companies' median annual online revenues in 2009 are $2 million, though 31% have annual revenues of $25 million or more. Reasons for the fraud-rate decline vary. Merchants are using better prevention tools, though e-commerce volume has been flat. “It's hard to say whether there are more fraud attempts or less,” says Schwegman. Merchants indicated they are making greater use of sophisticated fraud-detection technology and trying to reduce their reliance on expensive manual reviews of suspect transactions. Some 67% of merchants use automated decision tools to sort orders compared with 56% in 2008. One such tool Schwegman notes is device fingerprinting, a means of identifying the source of orders by a computer's operating characteristics?everything from the version of its browser to time and date stamps. Numerous orders originating from one computer within a short time span are a sign of possible fraud. The use of device fingerprinting almost tripled among merchants that do more than $25 million in online sales per year. Some 18% of those merchants used device fingerprinting in 2009, and nearly half the sample of large merchants (45%) say they will implement the technology in 2010, CyberSource says. The top fraud-detection tools remain card verification values (CVV numbers) on payment cards and address verification services, both of which are used by more than 75% of responding merchants. Certainly contributing to the lower overall fraud rate was the 50% drop in fraud from international orders, from 4% proving fraudulent in 2008 to 2% this year. More U.S. and Canadian merchants are accepting orders from beyond their borders?54% in 2009 versus 51% in 2008. Of those that accept international orders, foreign business now accounts for 21% of total volume, up from 17% in 2008. U.S. and Canadian merchants also are rejecting fewer international orders, 7.7% vs. 10.9% in 2008. Eighty-one percent of the U.S. and Canadian merchants that accept foreign orders said they accept orders from Britain, making that country tops for international sales. Next were Australia, 72%, and Germany, 71%. The fraud threat posed by international commerce, however, still remains. Despite its drop, the international order-rejection rate is still three times the domestic rate, and the international fraud rate is double the domestic rate. In overall fraud, some 37% of CyberSource's respondents reported increased fraud this year. Merchants with annual online revenues of $5 million to $25 million had the highest revenue loss rate in 2009, 2.2%, compared with 0.9% for those with revenues above $25 million, 1.6% for those with revenues of $500,000 to $5 million, and 0.8% for those below $500,000. Of total fraudulent orders, some 49% resulted in chargebacks to merchants from banks or other payment providers, up from 42% in 2008. The share of fraudulent claims handled through merchant credits correspondingly declined from 58% to 51%. Merchants this year are re-presenting, or fighting, 53% of their fraud-coded chargebacks and winning 42% of the time. Survey results raised the question of just how low fraud rates would continue to go. Asked about changes in what they've seen in online-fraud management this year, 21% of merchants believe fraud is becoming more complex. Twelve percent believe fraud is getting harder to detect. In part, that's because fraudsters have data such as live card numbers, CVV numbers, and seemingly valid shipping addresses, Schwegman says. Forty-eight percent of merchants say fraudulent orders appear “cleaner.” “[Fraudulent orders] are better camouflaged than ever before,” he says. For 2010, 60% of respondents expect to focus on their automated detection capabilities, 20% on their process-analytics capabilities, and 16% will focus on improving their manual-review tasks and workflows, according to CyberSource.