Report: Merchants Race To Outpace Online Fraudsters

More than US$700 million in online sales was lost to fraud in 2001, according to a report released Monday by GartnerG2.

Last year's online fraud losses represented 1.14 percent of total annual online sales of $61.8 billion, the report stated. Those losses were 19 times higher than fraud losses resulting from offline sales .

"Fraudsters are getting more sophisticated and more active, but merchants are also getting more sophisticated in fighting fraud," GartnerG2 senior analyst Kenneth Kerr told the E-Commerce Times. "Merchants that are doing nothing are in trouble."

All told, the battle against online fraud is gaining steam as consumers begin to embrace new credit card protection systems from Visa and MasterCard.

Safety Numbers

In 2001, 5.2 percent of U.S. online consumers were victimized by credit card fraud and 1.9 percent were victimized by identity theft, according to GartnerG2.

To protect themselves, more than 18 percent of online consumers are turning to Visa's Verified by Visa program and MasterCard's Universal Cardholder Authentication Field (UCAF) standard and Secure Payment Application (SPA).

These new security initiatives rely on passwords to authenticate cardholders during online transactions.

"After years of missteps, the credit card companies have finally got it right with their consumer authentication technology," GartnerG2 vice president and research director Avivah Litan said. "Consumers are willing to adopt the easy-to-use password-based applications."

Up for Adoption

So far, Visa is outpacing MasterCard in rolling out its security system. Kerr estimated that Visa will sign up the top 50 U.S. retailers as Verified by Visa participants by the end of 2002.

"Consumers want to know their online purchases are secure, and getting that security should not be an inconvenience," said Todd Penner, online marketing director of Dell's Consumer Group (Nasdaq: DELL) and a Verified by Visa participant. "Greater consumer confidence in e-commerce ultimately means increased online sales."

But to accelerate the merchant adoption rate, GartnerG2 suggested that both Visa and MasterCard should lower merchants' transaction fees.

As preliminary adoption incentives, the two credit card companies have said they plan to make issuers, rather than merchants, liable for transactions.

U.S. merchants, however, will continue to pay higher fees for Internet transactions, which average approximately 2.5 percent versus 1.5 percent for in-store sales.

Miles To Go

While analysts view password-based security systems as critical advances in the anti-fraud campaign, complete expulsion of such crime is still years away.

"Credit card passwords will not wipe out fraud as we know it until they become the required method of online commerce," Kerr said. "Right now, consumers are protected only at sites that accept passwords."

Since adjusting online payment systems to accept passwords initially will prove too costly for some smaller retailers, opportunistic criminals will still ferret out the loopholes, Kerr added.

Trusted Names

Password-based security systems garnered far more consumer support than more complex systems, such as public key infrastructure (PKI), smart cards and disposable card numbers, Litan said.

"Most consumers are unwilling to take the extra steps required to use PKI," she added, citing the failure of the MasterCard/Visa-sponsored, PKI-based Secure Electronic Transactions standard.

What is more, consumers believe the password-based Visa and MasterCard systems offer better protection than PKI or smart cards, said Litan. This erroneous belief shows that branding may be more important than technically robust security schemes.