More than 100 million messages contain attachments that, if opened, install software that takes over computers, security experts say.
Credit card fraud on the Internet is 30 times greater than in the real world--$300 million in the holiday shopping season alone.
The credit card industry has the fraud problem under control in the real world. Fraud accounts for only about 0.1% of the 25 billion credit card transactions worldwide. But, online the number soars. Celent Communications, Boston-based research firm, estimates that online card fraud during the 2000 holiday shopping season topped $300 million-or 3% of sales. That is a sizeable chunk for a business on thin margins. “A lot of problems come from the fact that many merchants don’t have a system to track or identify fraud,” says Meredith Hickman, Celent analyst. “As more merchants start using anti-fraud systems the fraud rate should slow down.”
Celent Communications estimates that 30 million consumers spent $10 billion online in Q4 2000, 95% paid by credit card. Although some merchants have reported fraud rates of 15% to 25%, those typically come from merchants that seek anti-fraud solutions or are forced out of business. Hickman says the average 3% rate will remain steady before dropping to 2% by 2004 as more merchants deploy anti-fraud systems.
While many merchants will not discuss their fraud problems, the vendors know their stories all too well, most of them reactive rather than proactive. Too many merchants wait until high chargeback rates erase their profits before they seek help, says Nick Caunter, chief marketing officer at Retail Decisions, a London-based provider of online security systems. Yet, although fraud is a real prospect in e-commerce, it should not deter retailers from moving onto the web, Caunter says. “It doesn’t make sense for a merchant to walk away from one of the most important retail opportunities to expand their business,” he says.
Merchants face a triple whammy from credit card fraud. Not only must they eat fraudulent sales, they also pay penalties of $10 to $20 for each fraudulent or disputed transaction. And on top of it, they pay a higher interchange fee (the fee the merchant’s bank pays the card-issuing bank and which the merchant bank passes to the merchant), usually 1.5% to 2% of the transaction, than offline merchants.
But, simply transferring online anti-fraud measures to the web doesn’t work, says Allen Jost, vice president of financial services at HNC Software, one of the first companies to address e-commerce fraud solutions. For example, the same way an offline merchant may ask for a drivers license to verify a name on a card, some online merchants do blanket verifications to flag transactions that have different shipping and billing addresses. But Jost says merchants risk alienating customers if they hold orders until they can double check the information, especially since many online shoppers have packages delivered to work addresses. Using a dedicated fraud system can fine-tune fraud parameters that affect only a small percentage of sales. Such systems use neural networks that cross-reference information using statistical models to accept, reject or flag transactions for follow-up.
While Celent Communications notes that vendors have done the best job educating merchants about online fraud, the research company suggests that the card associations must help. All the major players-Visa, MasterCard, American Express and Discover-have programs that outline how merchants can address fraud. And some are addressing fraud with consumers, which will ultimately help merchants. American Express also has a program called Private Payments in which consumers use disposable credit card numbers for online shopping. Hickman particularly notes Visa’s plans for distributing PINs for use with online credit card purchases, but she says it could be a few years before those cards are out and people start using them.