SMEs not taking security seriously

Traders should adopt a suite of activities

Security experts at a roundtable event have warned that many retailers are still not deploying enough layers of protection to guard against online fraud. They also called for changes to the law so that merchants and banks could share information more easily and thus verify cardholder identities more effectively.

The event was hosted by payment systems provider eFunds to coincide with the release of its white paper on card-not-present (CNP) fraud. Riten Gohil of payment clearing organisation Apacs said that small and medium-sized enterprises [SMEs] are especially at risk because they often underestimate the impact of online fraud.

"Our message is that traders should adopt a suite of activities," he said. " The largest merchants are using secure code, address verification systems and in-house [solutions] and they all need to work in conjunction." Katherine Hutchison of eFunds added that mid-tier retailers are more likely to be targeted by criminals because these firms are less technology-savvy and often do not have big budgets for security.

"A single kind of screening mechanism can't control the variety of mechanisms fraudsters use," Hutchison said. "Each [solution] stops them temporarily and then they react to it, so every solution has a finite shelf life."

Hutchison explained that criminals are increasingly sharing information and even bartering for each other's specialist services via internet chat rooms, so retailers also need to "play it as a team".

Apacs' Gohil said that current data protection laws make it hard for merchants and banks to share information. "The merchants must think about risk-profiling their transactions better, and if they shared data better, [online CNP fraud would reduce]," he added.

Meanwhile, e-payment systems vendor CyberSource has published survey results indicating that 65 percent of retailers had seen losses from online fraud stay the same or fall in the past 12 months.