Online fraudsters target large merchants

Hackers are focusing on larger online resellers to deliver highly sophisticated attacks, according to the fourth annual UK Online Fraud Report from CyberSource.

The research found that 42 per cent of large online merchants had been aware of fraudsters targeting specific products that could be easily sold.

A further 25 per cent documented fraudsters trying to find and exploit upper and lower transaction limits before orders are manually reviewed by staff.

By contrast, only 23 per cent of small merchants had experienced specific product targeting, and only three per cent recognised the practice of testing transaction limits.

On the other hand, small merchants were targeted by simpler attacks which rely more on luck than ingenuity to succeed.

These included schemes such as card generators, which create possible card numbers against a specific set of customer data, or multiple identities being tried against a single card number.

"Fraudsters are constantly reacting to whatever barriers are placed in their path and finding new ways to beat the system," said Simon Stokes, managing director of CyberSource.

"This year's report shows that online retail fraud has reached a level of sophistication where we can recognise different patterns of behaviour and different targets for 'professional' and 'rookie' fraudsters."

Regardless of the level of sophistication, online fraud continues to grow. Nearly half of all businesses have seen fraud levels rise in the past 12 months, and 38 per cent reported no change in the level of activity.

Large and very large merchants were hit hardest, and over a quarter have recorded losses up more than 10 per cent on last year.

To make matters worse, specific examples from respondents suggest that fraudsters are becoming increasingly brazen in their attempts to defraud retailers.

Merchants reported incidents of orders being placed with stolen identities, followed by the fraudster waiting outside the address of the victim for a package to be delivered.

"Online retail continues to grow at a phenomenal rate, and the infrastructure to support it cannot always keep up," said Jo Evans, managing director of the Interactive Media in Retail Group.

"At the moment law enforcement policies and practices may be lagging behind, but as an industry we also need to look at ways that we can work together more effectively to tackle fraud."

Merchants of all sizes have now typically implemented five or six different lines of defence, including simple checks on addresses and card details, as well as more sophisticated tools such as rules-based automated decision engines.

Only 17 per cent of respondents agreed that the police are effectively tackling online retail fraud.