Online Merchants Fight The Good Fight Against Fraud
Merchants have increased methods for combating online fraud by 13% compared with last year. Address-verification systems and customer follow-up top the list.
A new survey indicates online merchants are spending more time and resources to fight Internet fraud. The Merchant Risk Council, a nonprofit group of 7,500 online merchants, financial institutions, and law-enforcement agencies, reported Monday that merchants have increased the use of tools deployed to combat online fraud by 13% compared to 2003.
The results of the annual survey show they're trying to combat fraud with address-verification systems (74%), customer follow-up (70%), card-verification codes (65%), negative files (55%), and real-time authorization (54%).
"Fraud-prevention technologies and strategies are more than matching new and evolving types of fraud," Tom Sullivan, director of E-commerce risk with InterActiveCorp Travel and a board member of the council, said in a statement.
Julie Fergerson, co-chairman of the council and co-founder of ClearCommerce Corp., sounds less unequivocal in her assessment of battle between criminals and commerce. "I always call it the great arms race," she says, noting that the fraudsters are getting more sophisticated, too.
"I firmly believe that merchants need to have a plan in place to keep up," she says. As an example, she suggests keeping on staff a programmer who can craft code to address unanticipated attacks.
To be sure, online fraud is rampant. And while merchants may be seeing some success in shielding themselves, consumers remain vulnerable.
According to the National Fraud Information Center, the average loss to consumers victimized by online fraud in the first six months of 2004 was $803, up from $527 in 2003 and $468 in 2002. Complaints to the center reached 37,183 in 2003, up from 36,802 in 2002. This year, online auctions generated the greatest percentage of complaints, at 28%; phishing attacks made up 5% of complaints.
Phishing attacks, which can lead to identity theft, fraud, or credit-card fraud, have grown at average rate of 25% per month from July through October, according to the Anti-Phishing Working Group, an industry association aiming to end identity theft and fraud through E-mail spoofing.
Although the Federal Trade Commission is still compiling its 2004 report, Betsy Broder at the FTC's Bureau of Consumer Protection predicts that identity theft will remain the reigning consumer issue. The rise in phishing, she says, will result in more identity theft.
However, Fergerson says that the merchant losses from fraud aren't rising in conjunction with the number of attacks, suggesting that defensive measures may be working.
That's easing minds at many online businesses. The number of merchants that identified international fraud as a "big problem or out of control" dropped significantly in the past year, according to the Merchant Risk Council's findings. Among very large merchants ($25 million annual online revenue and up), the figure went from 27% in 2003 to 20% today; among larger merchants ($1 million to $25 million), it dropped from 42% to 32%; among medium-sized merchants ($100,000 to $1 million), 45% to 29%; and among small merchants (less than $100,000), the figure dropped from 35% to 26%.
Online merchants, however, know the battle is far from won. Fergerson observes that the criminal community isn't shy about spreading the word when vulnerabilities are found. "When they figure out a way to cheat a merchant, they tell everyone they possibly can," she explains, noting that such tactics make legal action less likely.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.