Online Fraudsters Focus Attention on Large Merchants

Research conducted for the fourth annual CyberSource UK Online Fraud Report has shown that sophisticated criminals are focusing their attention on high-value wins from larger merchants.

Meanwhile, small merchants are being targeted with simpler approaches that rely more on luck than ingenuity to succeed. Specific examples given by merchants in the telephone survey also suggest that fraudsters are becoming increasingly bold.

42% of large merchants say they recognised fraudsters targeting specific products that could be easily sold and 25% documented fraudsters testing and exploiting 'ceiling' and 'floor' limits for transactions, outside of which purchases are more likely to be reviewed before approval.

By contrast, only 23% of small merchants saw specific product targeting, and only 3% recognised the practice of testing ceiling and floor limits.

Small merchants are subject to many more attempts by fraudsters to use card generators - software that generates possible card numbers against a specific set of customer data.

48% recognised this type of fraud versus just 22% of large merchants.

Small merchants also saw a higher incidence of multiple identities being tried against a single card number (42% vs 31% for large merchants).

Both of these exploits rely on luck and multiple attempts to succeed, and are much less deliberate and planned than those tactics experienced by larger merchants.

"Fraudsters are constantly reacting to whatever barriers are placed in their path, finding new ways to beat the system," said Simon Stokes, managing director of CyberSource.

"This year's report shows that online retail fraud has reached a level of sophistication where we can recognise different patterns of behaviour and different targets for 'professional' and 'rookie' fraudsters."

Nearly half of all businesses have seen fraud levels rise in the last twelve months; 38% have seen them stay static.

Large and very large merchants have been hit hardest: over a quarter have recorded losses up more than 10% on last year.

Specific examples from respondents to the telephone survey suggest fraudsters are becoming increasingly brazen in their attempts to defraud retailers.

Merchants report incidents of orders being placed with stolen identities, followed by the fraudster waiting outside the address of the ID fraud victim for a package to be delivered.

Just 17% of overall respondents agreed that the police are effectively tackling online retail fraud today.

"Online retail continues to grow at a phenomenal rate, and the infrastructure to support it cannot always keep up," commented Jo Evans, managing director of the Interactive Media in Retail Group (IMRG).

"At the moment law enforcement policies and practices may be lagging behind but as an industry we also need to look at ways that we can work together more effectively to tackle the issue of fraud."

Merchants of all sizes have typically implemented between five and six different lines of defence, comprising simple checks on addresses (Address Verification Service or AVS) and card details (Card Verification Number or CVN), as well as more sophisticated tools including rules-based automated decision engines, such as CyberSource Decision Manager.

165 retailers were surveyed for the report by independent research company Vanson Bourne. 38% of the respondents came from medium sized businesses (£1m-£10m turnover). The remainder were divided evenly between small (£0-1m), large (£10m-50m) and very large businesses (£50m+).