The home improvement chain also said the malware responsible for the breach has been removed from all stores.
Retail Decisions forecasts a 9% drop in card-not-present fraud.
Criminals this year will make fewer attempts than last year to fraudulently buy products from web sites in the United Kingdom, according to a forecast from Retail Decisions, a provider of payment card issuing, processing and fraud-prevention services.
The company predicts that card-not-present fraud—which also includes criminals using mail order or phones—will decline to 242 million pounds ($387.2 million) this year, down 9.0% from 266 million pounds ($425.6 million). The company bases its estimates on card-not-present fraud figures and trends from the first half of the year.
The latest figures from the UK Cards Association, a trade group for issuers, support the estimates. Card-not-present fraud dropped to 266.4 million pounds ($426.3 million) in 2009, down 18.9% from 328.4 million pounds ($525.5 million) in 2008.
Retail Decisions says online shoppers have become more sophisticated about noticing potential threats to payment security.
“Consumers are clearly becoming more accustomed to requests for security information online and over the phone, knowing to keep their eyes peeled for the https web address and security padlock at the bottom of the page, so that they are able to protect themselves,” the company says.
Online merchant losses due to fraud are declining in Europe because of increased use of security systems like MasterCard SecureCode and Verified by Visa that require consumers to verify their identities with passwords, says Julie Fergerson, vice president of emerging technologies at payment security firm Ethoca. She says Visa and MasterCard promoted use of those security systems after online fraud increased over the past decade in response to Europe’s addition of chips in its credit and debit cards, a security measure that made it harder for criminals to commit fraud in bricks-and-mortar stores.
Actual online fraud may not be declining in Europe, but merchants don’t necessarily know about all the fraud occurring on their sites, Fergerson says. That’s because merchants that support these security systems from Visa and MasterCard are not liable for fraud, as they are in North America. Instead, the banks that issue credit and debit cards assume liability for fraudulent transactions. “Merchants no longer know when they see fraud,” Fergerson says. “When fraud happens, now the issuer has to eat the liability.”