The sixth annual survey of e-commerce fraud recently released by CyberSource Corp. reported that U.S. merchants expected to lose an estimated $2.6 billion to online fraud in 2004, $700 million more than in 2003. Actual losses aren�t known until several months after the end of each year. The new estimate beats the prior fraud loss record of $2.1 billion established in 2002.
    Though merchants feel they are limiting the rate of fraud loss by keeping it at 1.8% of sales (compared to 1.7% in 2003), e-commerce revenue is growing so fast that a steady fraud rate means ballooning dollar losses. And fraudsters tend to be attracted to higher ticket price items.
    The median price on fraudulently ordered merchandise in 2004 was $150 while the median amount for a legitimate purchase was $100.
    Hardest hit are the mid-range companies, those with annual online revenues between $500,000 and $5 million. This group says it expected to lose up to 2.5 percent of its online revenue to fraud, compared to 1.9 percent in the previous year.
    Larger companies fare better. Those with revenues between $5 million and $25 million expected a loss rate of 1.5%, identical to the year before. Companies with annual revenues greater than $25 million anticipated losses of 1.1%, slightly less than last the previous year�s 1.3% loss.
    Doug Schwegman, CyberSource director of market intelligence called that a �predictable� finding. "Most companies achieving high levels of growth over a number of years acquire a level of sophistication in fraud prevention that renders the problem more manageable," Schwegman added.
    There was good news in the survey as well. Electronic commerce continues to grow. Merchants surveyed expect their eCommerce revenues to increase by 39% in 2005. And, on average, fraud rates have slightly decreased.
    Among all the orders merchants accept, on average, 1.3% turn out to be fraudulent, which has been unchanged for a couple of years.
    �The simple fraud rate is going down, especially for larger, more sophisticated merchants,� says Schwegman. �We noted the beginning of this trend in 2001 and it has continued. So on one front, merchants can claim a real success. The problem lies in how much that success is really costing.�

The Cost of Controlling Fraud

    The highest costs associated with the management of fraud are typically loss of potential revenue and wages. A key source of revenue loss occurs when good orders are rejected for fear of fraud. According to the survey, rejection rates during 2004 were nearly 6%, up from 4.6% last year.
    So for every confirmed fraudulent order, merchants are refusing to accept another four or five orders on suspicion of fraud. Significant revenue is being left on the table even if only a small portion of these orders are valid.
    Manual order review and its associated costs are equally threatening to merchant profits. In what should be an automated sales environment, 73% of merchants are manually checking orders today, up 12% 12 months ago.
    Across all surveyed merchants, the number of orders being manually examined increased by 20%. Twenty-seven percent of all orders were manually reviewed in 2004 versus 23% of all orders 2003.
    This leads to obvious questions about merchant capability of coping with continuing e-commerce growth. According to the survey, only 21% of merchants expect to increase the size of their review staff in 2005, so greater productivity among order checkers is clearly required.
    Merchants' use of fraud tools is at an all-time high now. In addition to manual review, 82% of merchants use address verification service, 56% use card verification number checking, and 53% use internally built fraud screens. The number of merchants using commercial fraud screening solutions grew 55% from the year before.
    The median number of fraud-fighting tools in use now is five, and 40% of merchants are using six or more. Large merchants are the most likely to invest in automation, with 79% of those with $25 million or more in revenue having automated order screening systems.
    �Businesses are telling us they're seeing more sophisticated fraud attempts,� says Schwegman. �Though many are succeeding in containing fraudulent order rates, the strain is showing in their rejection and review rates and their need for more tools.�

    MasterCard International and NameProtect, Inc. are helping federal law enforcement agencies to stop scam artists from stealing donations to tsunami relief efforts.
    Recently, many law enforcement agencies and consumer advocacy organizations issued warnings that con artists were using phishing attacks to prey upon the outpouring of generosity for victims of the Indian Ocean tsunami. In these attacks, fraudulent e-mails disguised as e-mails from seemingly legitimate tsunami relief agencies are sent to unsuspecting consumers, attempting to trick them into going to a fraudulent Web site designed to steal credit card and other personal information.
    MasterCard and NameProtect are collaborating to use NameProtect's Internet detection technology and systems to quickly identify these phishing attacks for the federal law enforcement agencies to investigate. To date, the companies have found 133 potential tsunami-related phishing sites that the federal law enforcement agencies are now investigating.