Online fraud steadies but dangers remain

Online fraud in the UK may have levelled off, but firms must continue to strengthen their defences

Chip and PIN has cut high-street fraud

Online fraud has not grown in the past year, according to figures released by UK payments clearing organisation Apacs this week. However, e-traders cannot afford to let their guard down, experts warned.

Total card fraud fell by 13 percent last year, thanks mainly to the success of chip and PIN, but the figure for internet fraud remained the same at £117m, according to Apacs. The total for card-not-present (CNP) fraud increased by 21 percent.

"These figures might suggest that more businesses are taking online security more seriously, but there is still a lot of work to do," said Apacs’ Jemma Smith. "It is businesses who stand to lose out and pay up for fraud, so it is in their interests to have a belt-and-braces approach [to online security]."

As IT Week reported last month, Apacs is trying to encourage firms to support an online chip and PIN system with handheld readers, which home shoppers would deploy to securely verify transactions.

In the meantime, Apacs said online merchants should look at third-party payment system suppliers for off-the-shelf tools, and consider signing up to initiatives that use the 3-D Secure protocol, such as Verified by Visa.

Chris Barling of e-commerce software vendor Actinic said that the main barriers to the success of 3-D Secure and chip and PIN devices are the extra cost to merchants or banks, and the deterrent effect on customers due to greater complexity and more time-consuming transactions.

"Once the online fraud problem becomes too dangerous, [solutions] will be mandated and it will happen," Barling said. "The problem is always allowed to grow until it becomes significant [as with high street fraud] and then the fixes are put in place."

Barling urged merchants to do more to prevent online fraud by adding an extra level of buyer verification to their transaction procedures, which could involve calling the customer to check their purchasing details.

Nathan Jackson, managing director of fraud detection specialist CyberSource, said, “According to our research, the merchants who are combating fraud most successfully are taking a toolkit approach, using on average of four different tools to fight online fraud. This is important, because the longer a fraud-prevention tool or tactic has been in place, the more likely fraudsters are to be able to establish ways of defeating the system. Merchants need to employ additional methods of identifying and managing suspicious orders to offset the increasing sophistication of fraudsters.

“The continuing reliance on manual review is [the] most worrying [trend]. One in five orders is still referred for manual review, yet for most merchants over 80 percent of these orders go on to be accepted. This system has a very high human resource cost, and cannot be scaled effectively to meet the demand from a booming online retail industry.”