For consumers and retailers alike, ensuring the security of online payments is key to the future of online retailing
To look at the e-spending numbers, one wouldn’t believe that some consumers don’t shop online because they are afraid of their credit card numbers being ripped off. E-retail sales were up 29% last year over the year before, reaching $52 billion.
But, depending on whose numbers you’re reading, upwards of 40% of consumers don’t shop online as much as they otherwise would because of the fear that their credit card numbers will be compromised. The fear is so strong, in fact, that Forrester Research Inc.’s online shopping survey reports that 41% of consumers who are online but have not bought online believe their credit card numbers could be stolen in transmission from their computer to the retail site. Even 30% of online buyers believe that. “Fraud and privacy concerns have dampened e-commerce growth,” says Christopher M. Kelley, retail analyst with Forrester. “There’s a real need to educate consumers about the myths and realities.”
Fraud on the Internet is undoubtedly higher than fraud in stores, although reports of how high vary. From its own experience, Certegy Inc.’s Check Services Group reports that consumer-not-present fraud occurs at 3 times the rate of card-present fraud. First National Merchant Solutions, a division of First National Bank of Omaha, says it’s 1.5 to 2 times higher, although it believes its experience is below average due to the fraud-prevention checks it has built into its system.
The explanation for the higher rate online may be as simple as the fact that, compared to offline purchases, a disproportionate share of online buying takes place at computer and consumer electronic retail sites. “Fraudsters won’t purchase products online that they can’t easily resell, which is why they target electronic gadgets,” says Robert Renzulli, vice president of product development at Omaha-based First National Merchants Solutions, a division of the 100-year-old First National Bank of Omaha. About 30% of First National’s processing business is in the card-not-present environment. Other products that pose a high risk of fraud include software and digital content. “In the case of e-retailers, high risk is often associated with the nature of the merchant’s product offering,” Renzulli says.
But another, possibly more important phenomenon is at work as well: So-called friendly fraud is easier to commit online than in a store and that may be attracting otherwise honest people into trying their hands at larceny. “There’s a higher fraud rate on Internet transactions not because criminals realize they can hack into insecure e-commerce sites, but because consumers can buy merchandise on the Internet with a credit card, keep it and then say to their card-issuing banks that they want their money back,” says David Kerlin, president and CEO of Portland, Ore.-based 9-year-old e-check processor AmeriNet Inc., which offers the Debit-It e-check product to online retailers and call centers. “And because the card hasn’t been swipe-read, they get their money back.”
But while fraud clearly exists, the widespread perception of Internet transactions as being somehow less secure to the consumer than store-based transactions is false, analysts say. “Fraud on the Internet is primarily an issue of perception,” Kerlin says. “We as an industry have done a bad job of getting our story out to the media, which have been focused on this whole issue of hackers creating an identity theft problem on the Internet. The reality is the very opposite-an Internet transaction is the most secure of payment transactions. You need to be a very sophisticated hacker to drill into a secure site and download credit card information. Any thief will tell you that you that there are 50 easier ways to get card information in a brick-and-mortar environment than through the web.”
Still, the perception exists among a significant minority of consumers that the Internet represents a fraud and security risk. In Forrester’s survey, 32% of online consumers who do not buy on the Internet fear that their card numbers could be stolen from a retailer’s database. Among web buyers, that figure falls only slightly, to 28%. Similarly, 34% of non-buyers fear that their identities could be stolen over the Internet, with that proportion slipping only to 27% among buyers. Conversely, a mere 16% of buyers believe that using a credit card over the Internet is safer than using it in a store and only 4% of non-buyers believe that.
An educational issue
An informal poll by Tony Abruzzio, executive vice president and general manager of GO Software Inc., which targets small to mid-sized merchants with a payments processing program that runs on PCs, confirms that grabbing card numbers from the Internet is difficult. “Recently, I spoke to an audience of about 100 people who were attending a fraud prevention symposium in Miami,” Abruzzio recounts. “I asked them to raise their hand if they have ever had a credit card fraud perpetrated against them or any of their family or any of their friends. No one raised their hand. Sure, credit card fraud on the Internet is a problem, but it has been overstated. It is not a huge and growing issue.”
Part of the answer to consumers’ fears about the integrity of their card numbers is overcoming consumers’ ignorance about how web-based payment transactions work. “It’s a big educational issue,” says John Shirey, corporate manager of product development for Dallas-based Paymentech L.P., a payments processor whose customers include such well-known online retailers as Amazon.com, Art.com, PCConnection and PCWarehouse. “Everyone talks of the Internet as a public network so people think it’s not secure. The average online shopper doesn’t understand SSL and HTTPS. They are mysteries to many consumers.”