Online Merchants Fight The Good Fight Against Fraud

A new survey indicates online merchants are spending more time and resources to fight Internet fraud. The Merchant Risk Council, a nonprofit group of 7,500 online merchants, financial institutions, and law-enforcement agencies, reported Monday that merchants have increased the use of tools deployed to combat online fraud by 13% compared to 2003.

The results of the annual survey show they're trying to combat fraud with address-verification systems (74%), customer follow-up (70%), card-verification codes (65%), negative files (55%), and real-time authorization (54%).

"Fraud-prevention technologies and strategies are more than matching new and evolving types of fraud," Tom Sullivan, director of E-commerce risk with InterActiveCorp Travel and a board member of the council, said in a statement.

Julie Fergerson, co-chairman of the council and co-founder of ClearCommerce Corp., sounds less unequivocal in her assessment of battle between criminals and commerce. "I always call it the great arms race," she says, noting that the fraudsters are getting more sophisticated, too.

"I firmly believe that merchants need to have a plan in place to keep up," she says. As an example, she suggests keeping on staff a programmer who can craft code to address unanticipated attacks.

To be sure, online fraud is rampant. And while merchants may be seeing some success in shielding themselves, consumers remain vulnerable.

According to the National Fraud Information Center, the average loss to consumers victimized by online fraud in the first six months of 2004 was $803, up from $527 in 2003 and $468 in 2002. Complaints to the center reached 37,183 in 2003, up from 36,802 in 2002. This year, online auctions generated the greatest percentage of complaints, at 28%; phishing attacks made up 5% of complaints.

Phishing attacks, which can lead to identity theft, fraud, or credit-card fraud, have grown at average rate of 25% per month from July through October, according to the Anti-Phishing Working Group, an industry association aiming to end identity theft and fraud through E-mail spoofing.

Although the Federal Trade Commission is still compiling its 2004 report, Betsy Broder at the FTC's Bureau of Consumer Protection predicts that identity theft will remain the reigning consumer issue. The rise in phishing, she says, will result in more identity theft.

However, Fergerson says that the merchant losses from fraud aren't rising in conjunction with the number of attacks, suggesting that defensive measures may be working.

That's easing minds at many online businesses. The number of merchants that identified international fraud as a "big problem or out of control" dropped significantly in the past year, according to the Merchant Risk Council's findings. Among very large merchants ($25 million annual online revenue and up), the figure went from 27% in 2003 to 20% today; among larger merchants ($1 million to $25 million), it dropped from 42% to 32%; among medium-sized merchants ($100,000 to $1 million), 45% to 29%; and among small merchants (less than $100,000), the figure dropped from 35% to 26%.

Online merchants, however, know the battle is far from won. Fergerson observes that the criminal community isn't shy about spreading the word when vulnerabilities are found. "When they figure out a way to cheat a merchant, they tell everyone they possibly can," she explains, noting that such tactics make legal action less likely.