It’s been often said that there is no such thing as a free lunch. That is certainly true when it comes to fighting payment fraud on the Internet. While fraud prevention programs have proven effective in cutting the number of fraudulent and disputed transactions, those savings come at a cost. “If you’re going to do business in our space, the investment in any kind of fraud prevention is going to be substantial,” says Gany Karim, manager of fraud and risk control for Chicago-based uBid.com, an online auction and fixed-price retailer.
Some of the costs are easy to measure-the cost of purchasing or licensing decision-making software, purchasing new computer hardware and paying fees to have a transaction checked by an outside bureau. Other costs are more difficult to measure-the staff-hours spent maintaining databases-while others are nearly impossible to measure-the cost of lost business due to over-stringent preventive actions.
Whether these costs are tangible or not, they add up-and they’re necessary. Newton, Mass-based Meridien Research estimates online credit card fraud reached $3.8 billion worldwide last year. Meridien projects that without investments in prevention, online card fraud could reach $16 billion in 2005. Reasonable investments in fraud control technology could keep that number to $6 billion, Meridien says.
Most online retailers won’t talk about fraud. Some are reluctant for others in the industry to know their fraud experience while others fear that criminals will pounce on anything they say to determine where the weaknesses are in a system. But one thing is clear: nearly all retailers have to incur some anti-fraud costs, whether they are big operations that sell high-value goods that are easily re-sold-i.e., consumer electronics-or small guys who would be wiped out by only a few fraudulent transactions.
To make matters worse, vendors say many retailers don’t really know how to address the problem and so aren’t even sure of how much they are spending to combat the problem. “Merchants don’t really understand fraud very well,” says Robert Renzulli, vice president of product development for First National Merchant Solutions, a subsidiary of the First National Bank of Omaha. “Because they’re all different, merchants need to understand what kind of fraud they’re experiencing before they can take preventive action.”
One of the highest costs of fighting fraud is the cost of lost business. Many e-retailers have become so concerned about fraud that they have implemented systems that reject any questionable order, resulting in the rejection of good sales. Stamford, Conn.-based researchers Gartner Group estimates that online retailers reject 8% of sales due to fraud concerns. While Gartner researchers have not calculated how many of those rejected sales are truly fraudulent, payments processor Mountain View, Calif.-based Cybersource Corp. estimates that 3% are truly fraudulent while payments processor Retail Decisions, based in Providence, R.I., believes the rate of true fraud is 1.5%.
“A lot of companies have internal rules that automatically reject all sales over a certain amount or any sales over a certain number made on the same credit card,” says Jeff Foster, executive vice president of business technology integration for Retail Decisions. A retailer with $100 million a year in online sales could be losing substantial business due to too-stringent fraud measures, he says. “If you’re rejecting 7% of sales and only 1.5% are actually fraudulent, you’re losing $500,000 a month in revenue,” Foster says.
And that includes only the lost sales that can be measured. A customer whose purchase is rejected once may refuse to shop at that online store again. “On top of that,” Foster says, “many of the biggest Internet retailers have brick-and-mortar operations and you can be sure that many customers whose sales were rejected online will refuse to shop at the retailer’s brick-and-mortar stores as well.”
Industrywide, lost sales could amount to $2.5 billion a year, based on Gartner’s high-end estimate of an 8% rejection rate and Cybersources’s 3% actual fraud rate. At $50 billion a year in U.S. web-based retail purchases, $1.5 billion are fraudulent, according to the Cybersource number, but the industry is rejecting $4 billion, using the Gartner number.
Associated with lost sales is the loss of international business. Many online retailers refuse to accept any sales outside North America because international fraud rates are so high. Gartner’s research found that only 64% of online retailers accept orders from outside North America. Furthermore, 9% of all merchants surveyed had accepted international sales at one time, but stopped doing so, due to the high fraud rates.
Also associated with rejected sales costs is the added cost of customer service. Jeff King, director of product management for Cybersource, notes that many retailers report that as order rejection numbers increase, customer service calls grow as customers whose orders are rejected call to complain.
To avoid rejecting a lot of transactions, many companies are manually reviewing all questionable sales. But that can be expensive as well. Some online retailers, particularly those most susceptible to fraud, review nearly all their claims. Cybersource estimates that 20% of Internet orders today require some human intervention to screen for fraud. “If you’re reviewing more than 20% of your transactions, you really have a problem,” King says.
Whatever the proportion of transactions reviewed manually, the cost is high. “I talked to one online electronics company that has 12 full-time employees reviewing every sale-at salary and benefits of $50,000 per employee,” Foster recounts. “With that overhead, it is nearly impossible to make a profit. Another company was reviewing about a third of sales. When it audited its costs, it found it was paying about $1 a transaction to keep out the fraud. That is outrageous.” Foster says a good fraud-prevention program should only incur 10 to 25 cents in direct costs of screening for fraud.