Wednesday, 11 February 2009

Balancing fraud and profit

I received an interesting email from an Amsterdam-based company, Directness, which is running a Risk v Reward: Balancing Fraud and Profit conference for retailers in Amsterdam tomorrow.

Organiser, Adam Dorrell, said that the event was triggered by retailers such as Nike, Philips and Sony getting fed up with the cost of fraud. The problem for many retailers is that they have to invest considerable sums in automated solutions for combating credit card fraud, but the return on investment is uncertain in that they may be spending more to acquire customers, only to lose them to fraud or "charge-backs".

Do the risks outweigh the rewards? Well if you believe what you read in the newspapers and various surveys that are published, the risks, particularly in the online shopping world appear to be significant. This appears to have convinced a significantly large proportion (41%) of the UK population not to shop online, according to CyberSource's latest annual survey of more than 150 merchants and 1000 consumers.

Security was an issue for the 41% of UK consumers that said they did not shop online. Out of the total sample, including those that did shop online, 66% said they were concerned about the level of risk. Given that most online shopping sites now carry a secure padlock icon or the green VeriSign bar which demonstrates that the web site has met more stringent standards around web site integrity, this is still a surprisingly high number.

Some of the other basic precautions online shoppers can take is signing up to the MasterCard SecureCode or Verified by Visa programmes, which adds an additional authentication layer by asking for a password, but not all shopping sites carry this and arguably it is still open to abuse if the password is easy to guess or replicate.

CHIP and PIN while reducing fraud when the card is presented, has only served to increase the incidence of fraud in card-not-present transactions (online or over the telephone). Some security vendors suggest that one-time passwords are more secure, but there has been no uptake of this by the card companies.

Another problem is that the cost of fraud is borne by the poor retailer who has to foot the cost of charge backs and fraud in general, as well as investing in anti-fraud measures. It will be interesting to hear what comes out of the event in Amsterdam tomorrow and whether retailers can come up with a joint industry solution to combat fraud. We hope to provide you with coverage after the event.

No comments: