Online fraud concerns rise as holidays near

The upcoming holiday shopping season promises to be a busy one not just for Internet retailers, but for opportunistic online fraudsters and identity thieves as well.

As a result, Internet merchants – especially smaller ones – will need to make sure they have adequate fraud- and theft-detection processes in place before the rush begins, industry experts warned.

“I think the problem is going to be real bad,” said Tom Mahoney, founder of Merchant911.Org, a 1,600-member forum in which merchants can share fraud-prevention information.

“All the projections we’re seeing are for a significant increase in online sales. Because of this rush, there will be less time for smaller merchants that do some or all of their own fraud screening, to do it well,” Mahoney said. Expect to see an increase in the number of successful fraudulent transactions and lost dollars as a result, he said.

VeriSign Inc., which provides payment processing services for more than 97,000 North American businesses and processed nearly US$7 billion in online retail sales in the third quarter, is already seeing a substantial increase in transaction volumes going into the shopping season. The number of transactions on its networks jumped from 61 million in the third quarter of 2002 to more than 91 million in the same quarter this year. And it’s continuing to rise as December approaches.

Along with that growth has come a sharp spike in fraudulent transactions, said Trevor Healy, vice-president of VeriSign payment services. “While e-commerce appears to be alive and kicking, the growth rate in the levels of fraud appear to be growing at the same rate as well,” he said. “What we are seeing is about three per cent to four per cent of a retailer’s bottom line being consumed by fraud.”

Much of this results from goods being purchased using stolen or fake credit and debit cards, or from consumers claiming they never received goods that were shipped to them. Reshipping schemes involving the purchase and subsequent shipping of goods outside the country using fake credentials and credit cards are another common problem.

Improperly secured e-commerce sites have also been responsible for feeding the alarming growth in identity theft, said Dan Clements, who runs a Malibu, Calif.-based organization called CardCops.Com, which shares information on stolen credit cards with merchants and consumers. “The threat we see is that of merchants being continually hacked and losing credit card and personal information,” Clements said. “In turn, those cards are used on other merchants who bear the responsibility for the order and chargeback.”

But the growing availability of fraud-detection tools and services should help alleviate some of these concerns, said Julie Fergerson, co-chair of the Merchant Risk Council, a fraud-fighting group in New York.

So-called geo-locational tools are available, for instance, that enable merchants to use IP addresses to identify and flag orders that are being placed from outside the country, she said. Similarly, new card verification methods are available from all of the major credit card companies that allow merchants to ensure that the person entering the card number actually has the card in his possession. And fraud-detection services, which cost between US$0.05 and US$1 per transaction, let merchants automatically flag suspicious transactions, she said.

Anaconda Sports Inc., a Kingston, N.Y.-based online sporting goods retailer, has signed up for one such service from VeriSign. For US$0.08 per transaction, VeriSign filters Anaconda’s transactions, looking for stolen credit cards, matching addresses or identifying purchases attempted from outside the country.

The service has helped reduce bad debt and chargebacks because of fraudulent transactions, said Robert Meyer, director of infrastructure operations at Anaconda.

Related Download
The Fast Path to Software-Defined Networks Sponsor: F5 Networks
The Fast Path to Software-Defined Networks
Download this white paper to learn how new partnerships are pioneering ways to ensure that they can transfer knowledge to enterprise IT staff.
Register Now