Risk Management
Online Fraud - The Stakes Are Rising

by Ellen Silver

   Remember the good old days when the biggest threat to a retail business was that kid in the baggy sweatshirt? Long gone. Robbery, to use the politically insensitive term, is way more likely to occur online than it ever was in a store.
   A survey sponsored by CyberSource Corporation late last year shows online credit card fraud continues to be a major challenge for merchants of all types and sizes. Sure, on the face of it, there is good news in the findings: fraud levels are expected to stay at a constant rate. In 2001, merchants said they figured about 3% of sales would be siphoned off to fraud problems. In the 2002 findings‹they said just about exactly the same.
   But this hardly shows the fraud problem stabilizing. In another finding, the survey reveals merchants are investing substantially more resources to fight the problem. 65% say they are taking more precautions this year than the last. But the anticipated fraud number is identical. Translation: online sellers are swimming harder just to stay in the same place. And that doesn't convert well to revenues. Online commerce is growing at a rate of about 30% this year. A constant fraud rate (3% of that increasing number) means that actual dollars lost are piling up fast.
   And like all averages, that 3% number can be deceptive. Fully 22% of merchants report a "serious" fraud problem. This group says fraud captures anywhere from 5% to as high as 20% of their online revenues. This "serious problem" group grew from year to year as well. Last year, the number saying they had fraud in this dimension was only 20%.

The Layered Approach

   Merchants are implementing a layered approach in combating fraud, taking advantage of fraud checks within the payment authorization, building or outsourcing for fraud screens and decision rules, and relying on manually reviewing online orders. According to the survey, Address Verification Service led the list of fraud prevention tools implemented in 2002. This was followed closely by merchants planning to ask buyers to locate and provide the card verification numbers on their credit cards during the checkout process. Also, nearly 40% of surveyed merchants say they plan to adopt new Visa and MasterCard authentication systems this year. These procedures‹effective April of this year--ask online shoppers to provide a password during the checkout process, enabling issuing banks to authenticate the cardholder directly.
   On average, merchants manually reviewed one out of every five online orders in 2002, up 1% from the numbers reported in 2001. Surprisingly, this method was not limited to smaller merchants who process fewer orders. It was also used by many of the country's largest online retailers. Does a mere 1% increase provide fodder for optimism? Are merchants worrying less? Sadly, the answer is no again. That's 1% more of online purchasing, a phenomenon growing at 30% per year. Many more orders will be manually reviewed. It's likely that online merchants, in response to this, can incur future additional staff costs, as in increased hiring and overtime, to review that growing pile of orders.
   While most of this appears practical, merchants are understandably wary of incorporating further steps into a checkout process for fear of alienating customers. Generally speaking, retailers move slowly into the use of any customer-involving tools.

Avoiding Costs to the Consumer

   The last thing online sellers want to do is make purchasers jump through hoops. One of the key reasons people came to ecommerce, after all, was to avoid hassles, but fraud refuses to cooperate. Fear of it can and will mean there is going to be more to the purchase process than merely providing info and hitting the "BUY" button. Contacting customers by phone or email were two of the top three manual review techniques employed by vendors. In fact, most manual review processes involve some form of re-contacting the customer to validate or collect information. This means customers are directly inconvenienced. They have to get additional information; they have to wait longer for approvals. Orders they thought completed are once again up for consideration. It is conceivable, over time, merchant reliance on manual review will result in lost sales or fewer repeat customers.

What About A Solution?

   Clearly, just boosting the number of anti-fraud tools is not enough. There is no single tried and true, silver-bullet solution to the problem of managing and reducing the costs of online fraud. Just as "perps" use a variety of ever-changing techniques to commit online credit card thievery, so merchants must use a variety of methods to manage the problem in a cost effective way. The challenges merchants face include keeping fraud tools and strategies tuned and up-to-date on a regular basis, as well as intelligently applying the variety of tools required.
   Does all this work? It certainly can. One such story can be found on the CyberSource website (www.cybersource.com., "Resources‹CompUSA case study"). Many online merchants, of all sizes and shapes, have managed to reduce their fraud rates significantly below 3% of revenue all the while maximizing their order acceptance. By applying best practices such as those discussed in the case study, merchants can achieve a more effective fraud management system and actually reach the full potential of their e-commerce initiatives.