Online payments are having transformative effects on the way that consumers purchase products and services, and interact with the merchants that provide them.
Unfortunately, as the prevalence of online payments grows, so does the practice of online fraud.
The Q3 2016 Global Fraud Attack Index, which is sponsored by Forter and produced by PYMNTS.com, confirms that this is the case: between Q2 2015 and Q1 2016, there was a 126% increase in fraud attacks online.
These facts and figures can do more than just make us aware of the dangers that we face: they can shine a light on where we are particularly vulnerable, give us insights into how the fraudsters operate and how we can protect both ourselves and customers.
In this article, we will collate the key facts about online fraud that you should know going forwards as your number of online transactions grows. Obviously in such a complex industry, these facts will vary in relevance according to your industry or location.
Key online payments facts
In the UK, Fraud and Cybercrime represents more than 30% of all reported crimes.
Cybercrime in the UK is indiscriminate: regardless of social class, location or any other classification, one in ten adults in the UK have been victims of cybercrime in the past year. The fact that fraud and cybercrime now represents more than 30% of all reported crimes clearly demonstrates a growing trend towards this type of crime.
In fact, the impact of these official figures have prompted calls for awareness campaigns to be run in the UK, similar to seatbelt and drink-driving campaigns in the past.
In the UK, bank and credit card fraud accounts for roughly 50% of cybercrimes (which include Identity theft, bank account phishing, etc.)
Roughly 50% of that cybercrime centres around bank and credit card fraud. This type of fraud involves the use of card details that have been fraudulently obtained through methods such as unsolicited emails, telephone calls or digital attacks such as malware and data hacks. These card details are then used to undertake fraudulent purchases over the internet, phone or by mail order. It is also known as ‘card-not-present’ (CNP) fraud.
Identity fraud is a global issue. 18% of identity fraud using U.S. credit cards - or $2.4 billion - was conducted outside the U.S.
Naturally, identity fraud is not confined by borders and is not particular to the UK: similar statistics exist globally.
Fraud losses on UK-issued cards totalled £567.5 million in 2015, an 18% increase from £479 million in 2014.
The rate at which fraud losses have increased in the UK is a concern for many ecommerce merchants. As technology improves and the knowledge and understanding of online fraudsters develops in tandem, we can expect to see online anti-fraud systems develop further to counteract those advances and secure online transactions.
There were 34 fraud attacks for every 1,000 transactions in Q1 of 2016, compared to 15 out of 1,000 observed during Q2 of 2015. That’s an increase of 126%.
As more and more customers and banking users turn to online platforms to conduct their transactions and banking, online fraudsters are being given more potential targets to exploit. Increasingly secure authentication systems and initiatives - such as the TLS migration (highly recommended by the PCI security standards) - will be imperative to guarantee security for users.
Luxury goods (especially jewellery) is by far the segment with the highest attack rate, with 93 fraud attacks per every 1,000 transactions. Digital goods come second with 35 fraud attacks per 1,000 transactions.
Naturally, different segments and industries are at higher and lower risks when it comes to fraud attacks. Fraudsters will determine their priorities based on transaction volumes and values, as a consequence the Luxury goods segment receives the highest attack rate. Illuminating statistics can be found in the Q3 2016 Global Fraud Attack Index.
A survey run by Cybersource of 307 U.S. and Canadian companies found that fraud cost retailers an average of 0.8% of online sales in 2015.
These North American companies will be taking steps to significantly reduce this statistic that will have serious effects on their annual performances.
One way web merchants are reducing fraud is by rejecting more orders: that rejection rate increased to 2.8% of orders in 2015 from 2.3% in 2013. E-retailers fear many rejections are “false positives”—transactions that look fraudulent but are not. “The majority (70%) of survey respondents who track false positives believe that up to 10% of the orders they reject on suspicion of fraud are actually genuine,” the CyberSource Annual Fraud Benchmark Report report says.
E-retailers may be successful in reducing their fraud rates, but at the expense of rejecting legitimate attempts to purchase products by real customers. Perhaps as authentication technologies improve, this measure will be looked back upon as a necessity that our challenging online fraud situation demanded.
Another way e-retailers minimize fraud is to manually review suspicious orders, and the manual review rate ticked up to 29% of orders in 2015 from 27% in 2013.
This step is generally taken by smaller e-retailers that do not have the ability to deploy sophisticated software and systems that automatically detect fraudulent transactions. If employees are equipped with the necessary understanding of red flags to look out for (found in our “Understanding Chargebacks” article), this can be an effective - albeit resource-intensive - method of combatting fraud.
Larger retailers, which are more likely to have the resources to deploy sophisticated fraud-prevention tools, manually review the fewest orders: the manual review rate was only 8% for retailers reporting $100 million or more in annual online revenue, increasing to 18% for retailers with $25-100 million in web sales, 29% for those in the $5-25 million range and 41% for those with under $5 million in annual web revenue.
This statistic echoes the findings of the above fact: larger retailers are capable of deploying and implementing more sophisticated fraud-prevention tools that are better able to combat online fraud attempts.
Perhaps as this technology becomes less expensive and the understanding of the methods of combatting online fraud improves among retailers, we will see the adoption of these tools as commonplace among e-retailers.
The CyberSource survey also gave the percentage of companies that have implemented the following fraud techniques or that plan to:
- Address verification service (AVS): 86% have implemented, 7% plan to
- Card verification number: 86%, 5%
- Postal address validation services: 67%, 11%
- Google Maps lookup: 64%, 4%
- Telephone number verification/reverse lookup: 51%, 9%
- Social networking sites: 46%, 6%
- Credit history check: 30%, 6%
- Paid-for public records services: 25%, 3%
- Payer authentication (3-D Secure): 23%, 20%
- Two-factor phone authentication: 13%, 15%
- Biometric indicators: 1%, 9%
These figures, taken from the CyberSource Annual Fraud Benchmark Report, shows that many fraud mitigation techniques have not yet been implemented by most merchants and suggest that fraud prevention tools should proactively work on making these solutions more affordable and easier to integrate for medium and smaller size merchants.
There you have it - a quick review of the most telling facts and figures in the payments industry and hopefully some interesting benchmarks for your business as a merchant.
Here are some of the key resources that are available to you to keep yourself informed on the latest developments and facts in online fraud.
Machine Learning in Fraud Management - PaymentsViews
2016 Identity Fraud: Fraud Hits an Inflection Point - JavelinStrategy
E-Retailers Cut Their Fraud Rate, But Turn Away More Good Customers - InternetRetailer
Q3 2016 Global Fraud Attack Index - PYMNTS
Annual Fraud Benchmark Report: A Balancing Act - CyberSource