Yahoo Stores features ‘automatic’ PCI compliance for secure payments, among other options.
As online retailing becomes more mainstream, so do many of its characteristics. The latest: 48% of online retailers say their chargebacks for fraudulent purchase transactions is less than 0.1% of sales, matching the card-present chargeback rate experienced in physical stores, the Merchant Risk Council reports in its Fifth Annual Survey.
Nonetheless, criminals continue to pose an increasing challenge for merchants, and one-third of retailers experienced a fraud spike within the past 12 months that increased their fraud rate by 100% or more, the study says.
The problem for these merchants is they fail to take steps to stay ahead of criminals who figured out how to get by the merchants’ security measures, says Julie Fergerson, vice president of emerging technologies at security company Debix Inc. and a member of the board of the Merchant Risk Council.
One recent trend among criminals, for example, is to steal nearly complete information on legitimate credit card accounts, making it difficult to detect a fraudulent transaction until after it’s been completed.
But because criminals often re-use one particular account attribute, such as an IP address, in multiple fraudulent transactions, retailers can use security software that identifies whenever a single account attribute is appearing frequently in orders. The attribute criminals choose to re-use, however, can change. “Some retailers only configure their systems to check for one attribute when they should check for several,” Fergerson adds.
For retailers, though, help is on the way. New software and techniques now are being developed to enable merchants to simultaneously check for the frequent re-use of account attributes, identify the source location of transactions through geolocation technology, and better compare the addresses tied to potentially fraudulent transactions with authentic addresses in customer databases, Fergerson says.
The Internet knows no boundaries, and neither does fraud. European companies are instituting measures to combat criminals.
In Germany credit cards are used for Internet payment as much as eight times more often than for in-store payments, according to the “Pago-Report 2006: Trends in Consumer Purchasing and Payment Behaviour in Selected E-commerce Industries.” The report was published by Cologne, Germany-based payments processor Pago eTransaction Services GmbH.
However, fraud involving MasterCard credit cards issued in Germany, for example, has been consistently very low for years, Pago reports. “The number of cards issued has increased and e-commerce has also grown, indicating the fraud rate per card has fallen significantly,” the 2006 report states. “Special risk prevention measures implemented by merchants, special rules and regulations from MasterCard, and effective security programs like the card verification number or PCI (payment card industry data security) have all added to security requirements and standards for e-commerce transactions.”
“Many retailers are aware of and have deployed new security technology and techniques, but the devil is in the details,” says Fergerson of the Merchant Risk Council. “Once a month, somebody at a retailer should be looking at overall data and trends, and making sure everything is good.”