Web merchants are usually the ones to take the loss from online credit card fraud. CyberSource, a provider of secure electronic payment and risk management solutions to organizations, estimates that in 2006 Web merchants in the US and Canada will lose $3.0 billion to online payment fraud. While the volume of online fraud is increasing, its percentage of online retail sales is decreasing annually. In 2006 the value of online fraud will be 1.4% of total online sales, down from 1.6% in 2005 and 3.6% in 2000.

Fraudulent orders can be presented to merchants in two ways: as a chargeback from the merchant bank or as a direct request from a consumer for credit. In 2006, 65% of fraud claims were from customer credits, compared with 35% from chargebacks. By dealing directly with customers, retailers avoid penalty fees levied by the credit card issuers and show losses that understate the real amount of fraud.

The cost to retailers of online payment fraud is higher than the $3.0 billion in 2006 attributed to the monetary value of stolen goods and associated delivery/fulfillment costs. CyberSource found that the median amount Web merchants spend on fraud management is 0.3% of annual online revenues, with 16% of e-tailers spending as much as 4% or more of online revenues to manage fraud, up from 12% in 2005. The bulk of fraud management spending (46%) is for staff to review orders manually. This percentage increases to an average of 59% for merchants with greater than $25 million in online revenues. The remainder of fraud management is allocated to third-party tools (28%) and internal tools and systems (26%). Tools constantly need to be upgraded to keep up with increasingly sophisticated criminal techniques.

Small retailers are hit hardest by online fraud. As larger retailers improve their fraud-prevention capabilities, criminals shift their attention to smaller merchants who lack the resources to combat fraud with the same vigor as their bigger peers. In trying to head off fraud before it happens, online retailers end up rejecting a certain percentage of valid orders that appear suspicious. CyberSource found that for every 100 orders received in 2006, Web merchants rejected four of them due to suspicion of fraud. Web merchants try to strike a balance between accepting fraudulent orders and rejecting valid ones that will maximize their sales and profits. Overall, online retailers have decreased their order-rejection rate from 5.9% in 2004 to 4.1% in 2006, even though this is a slight rise above the 3.9% rate reported in 2005. The lower rejection rates since 2004 are attributable to retailers realizing that too much control of fraud losses might be suppressing sales and profits.

International orders carry the highest risk of being fraudulent. In 2006, 2.7% of orders accepted from outside North America were fraudulent, compared with 1.1% of all online orders. After reporting a drop in the total and foreign rate of fraudulent orders accepted in 2005, both rates rose in 2006, suggesting that fraudsters are finding new ways to get around the latest fraud-management tools.

 

More here.