More than $700 million in online sales were lost to fraud in 2001, representing 1.14 percent of total annual online sales of $61.8 billion, according to GartnerG2, Stamford, Conn.
Online fraud losses for 2001 were 19 times as high, dollar for dollar, as fraud losses resulting from offline sales. A new survey by GartnerG2 showed that adult consumers in the United States are beginning to adopt credit card company solutions designed to protect against online fraud.
Fraud is staying constant as a percentage of online sales, according to Gartner, but the complexity of the attacks is growing. So merchants have to do more to fight it.
A recent Gartner Internet survey of more than 1,000 adult U.S. online consumers, showed that 5.2 percent of respondents were victimized by credit card fraud in 2001 and 1.9 percent were victimized by identity theft (although respondents do not know whether the theft occurred on-line or offline).
More than 18 percent of respondents are attempting to fight fraud by embracing two new credit card protection systems: Visa's Verified by Visa and MasterCard's Universal Cardholder Authentication Field (UCAF) standard and Secure Payment Application (SPA).
"After years of missteps, the credit card companies have finally got it right with their consumer authentication technology. Consumers are willing to adopt the easy-to-use password-based applications," said Avivah Litan, Gartner G2 Vice President.
"Other security schemes, including public key infrastructure (PKI), smart cards (that the credit card firms also support) and disposable card numbers, receive far less consumer support," Litan said. "Most consumers are unwilling to take the extra steps required to use PKI, as the failure of the previous MasterCard/VISA sponsored PKI-based Secure Electronic Transactions (SET) standard clearly demonstrated. Consumers also believe the new Visa and MasterCard systems offer better protection than PKI or smart cards, showing that branding is far more important than technically robust security schemes."
The credit card companies are, however, not yet willing to take the next major step, according to Gartner, which recommends that they universally lower merchant fees. MasterCard does plan to partially incent U.S. merchants by making issuers, rather than merchants, liable for UCAF-protected transactions beginning in November 2002.
Visa plans a similar shift in liability rules in mid-2003. U.S. merchants will, however, continue to pay higher fees for Internet transactions, which average approximately 2.5 percent vs. 1.5 percent for in-store sales, according to Gartner.
"Consumers are interested in using these new security systems, which can significantly reduce online fraud. The credit card companies should, however, back up their belief in these systems by lowering fees for all merchants who support them," Litan said. "This would guarantee even more widespread adoption."
However, in the U.S., Litan doesn't expect fees to be lowered for another three to five years, despite the complaints by Wal-Mart and other retailers. There are over 900 million credit cards in the U.S.
"People have to be convinced they want it, then they have to get consumers to do it," Litan said.
However, merchants could hasten adoption by incenting consumers with discounts or other perks to use the security enhanced systems, Litan added.