The sixth annual survey of e-commerce fraud recently released by
CyberSource Corp. reported that U.S. merchants expected to lose an
estimated $2.6 billion to online fraud in 2004, $700 million more than
in 2003. Actual losses aren’t known until several months after the end
of each year. The new estimate beats the prior fraud loss record of
$2.1 billion established in 2002.
Though merchants feel they are limiting the rate of fraud loss by
keeping it at 1.8% of sales (compared to 1.7% in 2003), e-commerce
revenue is growing so fast that a steady fraud rate means ballooning
dollar losses. And fraudsters tend to be attracted to higher ticket
The median price on fraudulently ordered merchandise in 2004 was $150
while the median amount for a legitimate purchase was $100.
Hardest hit are the mid-range companies, those with annual online
revenues between $500,000 and $5 million. This group says it expected
to lose up to 2.5 percent of its online revenue to fraud, compared to
1.9 percent in the previous year.
Larger companies fare better. Those with revenues between $5 million
and $25 million expected a loss rate of 1.5%, identical to the year
before. Companies with annual revenues greater than $25 million
anticipated losses of 1.1%, slightly less than last the previous year’s
Doug Schwegman, CyberSource director of market intelligence called that
a “predictable” finding. "Most companies achieving high levels of
growth over a number of years acquire a level of sophistication in
fraud prevention that renders the problem more manageable," Schwegman
There was good news in the survey as well. Electronic commerce
continues to grow. Merchants surveyed expect their eCommerce revenues
to increase by 39% in 2005. And, on average, fraud rates have slightly
Among all the orders merchants accept, on average, 1.3% turn out to be
fraudulent, which has been unchanged for a couple of years.
“The simple fraud rate is going down, especially for larger, more
sophisticated merchants,” says Schwegman. “We noted the beginning of
this trend in 2001 and it has continued. So on one front, merchants
can claim a real success. The problem lies in how much that success is
The Cost of Controlling Fraud
The highest costs associated with the management of fraud are typically
loss of potential revenue and wages. A key source of revenue loss
occurs when good orders are rejected for fear of fraud. According to
the survey, rejection rates during 2004 were nearly 6%, up from 4.6%
So for every confirmed fraudulent order, merchants are refusing to
accept another four or five orders on suspicion of fraud. Significant
revenue is being left on the table even if only a small portion of
these orders are valid.
Manual order review and its associated costs are equally threatening to
merchant profits. In what should be an automated sales environment,
73% of merchants are manually checking orders today, up 12% 12 months
Across all surveyed merchants, the number of orders being manually
examined increased by 20%. Twenty-seven percent of all orders were
manually reviewed in 2004 versus 23% of all orders 2003.
This leads to obvious questions about merchant capability of coping
with continuing e-commerce growth. According to the survey, only 21% of
merchants expect to increase the size of their review staff in 2005, so
greater productivity among order checkers is clearly required.
Merchants' use of fraud tools is at an all-time high now. In
addition to manual review, 82% of merchants use address verification
service, 56% use card verification number checking, and 53% use
internally built fraud screens. The number of merchants using
commercial fraud screening solutions grew 55% from the year before.
The median number of fraud-fighting tools in use now is five, and 40%
of merchants are using six or more. Large merchants are the most
likely to invest in automation, with 79% of those with $25 million or
more in revenue having automated order screening systems.
“Businesses are telling us they're seeing more sophisticated fraud
attempts,” says Schwegman. “Though many are succeeding in containing
fraudulent order rates, the strain is showing in their rejection and
review rates and their need for more tools.”
MasterCard International and NameProtect, Inc. are helping federal law
enforcement agencies to stop scam artists from stealing donations to
tsunami relief efforts.
Recently, many law enforcement agencies and consumer advocacy
organizations issued warnings that con artists were using phishing
attacks to prey upon the outpouring of generosity for victims of the
Indian Ocean tsunami. In these attacks, fraudulent e-mails disguised as
e-mails from seemingly legitimate tsunami relief agencies are sent to
unsuspecting consumers, attempting to trick them into going to a
fraudulent Web site designed to steal credit card and other personal
MasterCard and NameProtect are collaborating to use NameProtect's
Internet detection technology and systems to quickly identify these
phishing attacks for the federal law enforcement agencies to
investigate. To date, the companies have found 133 potential
tsunami-related phishing sites that the federal law enforcement
agencies are now investigating.