E-tailers express online fraud fears

E-tailers are increasingly fearful of fraudulent transactions as the holiday season approaches, according to the results of a new survey. Some 83 per cent of the US respondents considered online fraud to be a problem, up from 75 per cent last year.

The survey was commissioned by CyberSource, a supplier of ecommerce services, and conducted by Mindwave Research. More than 100 randomly selected firms responded to the survey, including such diverse brands as Ford, Nike, Starbucks, 4Sure.com and Letstalk.com.

Nearly half the companies had both an online and bricks and mortar presence, and those responding ranged in web experience from first year operators to some of the largest e-tailers on the internet. The survey base included small, medium and large operations.

The survey reported that the number one negative impact from online fraud is the loss of customer goodwill, but that this is not the only loss retailers can sustain from fraudulent transactions.

An online credit card sale is considered by the card issuers as a 'card not present' transaction, according to William Donahoo, vice president of marketing at CyberSource. Merchants are therefore obliged to absorb all the costs of the fraud.

On average, respondents estimated that four per cent of online transactions are fraudulent, with average revenue losses thought to be at about the same rate.

"Old line bricks and mortar retailers have generally been slow to grasp all that is needed to function in the online world, but quickly learn. Those with catalogue revenue streams are a lot more aware of the 'card not present' problem than those without that type of business," said Donahoo. The survey found that the rate of fraud was about the same in both environments.

CyberSource has put together the following tips to help ebusinesses make online shopping safer this Christmas.

1. Develop and publish a comprehensive privacy policy.
2. Ensure that employees are trained in the policy.
3. Monitor the policy and your compliance with it.
4. Only ask customers for information that is absolutely necessary to complete a transaction.
5. Store only absolutely necessary data elements; once a payment is complete, there is no reason to maintain payment information in readable form.
6. Verify that the payment system you implement deletes temporary data files with payment records.
7. Ensure that server log files do not inadvertently store customer payment information.
8. Limit employee access to payment systems, and monitor those who have access to those systems or to any other sensitive data.
9. Use technology tuned for the internet to detect potential fraud.
10. Investigate suspicious transactions and immediately report any breach or loss of computer systems to police.