Wednesday, 14 December 2016 06:46

Online fraud attacks in the U.S. are growing at an alarming rate


This story was delivered to BI Intelligence "E-Commerce Industry Insider" subscribers. To learn more and subscribe, please click here.

U.S. retailers moved to EMV chip-enabled credit and debit cards in October in order to enhance security on physical card transactions, but this move had an unfortunate side effect.

Online fraud attacks have risen 11% since October's EMV migration, according to a report from PYMNTS. And these attacks are costing retailers on multiple fronts.

There were 27 fraud attacks for every 1,000 e-commerce transactions in the fourth quarter 2015, an 11% increase from the third quarter and a staggering 215% increase from the first quarter. Digital goods were the most frequent targets of these attacks at a 2.5% rate in Q4, up from slightly less than 1% in Q1.

The report also indicates that $4.79 of every $100 spent online is at risk of a fraud attack, up 150% from $2.90 of every $100 in Q1.

Most of these online fraud attempts stem from "suspected botnets" that hack into a system (such as an online retailer's site) and actually finish a transaction without the user actually knowing it.

E-commerce fraud cost retailers $32 billion in 2014, and estimates say U.S. retailers lost 1.3% of all revenue due to fraud in 2015. That is more than double the 2014 rate.

To combat this growing problem, online retailers must enhance their security. Target's widely publicized data breach in 2013 cost the retail giant more than $250 million. Some of that money was allocated toward bank and credit unions, consumer protection services, and credit card issuers.

Retailers are, however, spending more on cyber insurance. Retailers on average paid 32% more for cyber insurance in the first six months of 2015 than in 2014, according to global insurance broker Marsh.

As the fraud epidemic grows, payment companies and merchants are implementing new payment protocols that could finally help mitigate fraud.

John Heggestuen, senior research analyst for BI Intelligence, Business Insider's premium research service, has compiled a detailed report on payment security that looks at how the dynamics of fraud are shifting across in-store and online channels and explains the top new types of security that are gaining traction across each of these channels, including on Apple Pay.

Payments Security Report Cover

Here are some of the key takeaways from the report:

  • EMV cards are being rolled out with an embedded microchip for added security. The microchip carries out real-time risk assessments on a person's card purchase activity based on the card user's profile. The chip also generates dynamic cryptograms when the card is inserted into a payment terminal. Because these cryptograms change with every purchase, it makes it difficult for fraudsters to make counterfeit cards that can be used for in-store transactions.

  • To bolster security throughout the payments chain encryption of payments data is being widely implemented. Encryption degrades valuable data by using an algorithm to translate card numbers into new values. This makes it difficult for fraudsters to harvest the payments data for use in future transactions.

  • Point-to-point encryption is the most tightly defined form of payments encryption. In this scheme, sensitive payment data is encrypted from the point of capture at the payments terminal all the way through to the gateway or acquirer. This makes it much more difficult for fraudsters to harvest usable data from transactions in stores and online.

  • Tokenization increases the security of transactions made online and in stores. Tokenization schemes assign a random value to payment data, making it effectively impossible for hackers to access the sensitive data from the token itself. Tokens are often "multiuse," meaning merchants don't have to force consumers to re-enter their payment details. Apple Pay uses an emerging form of tokenization.

  • 3D Secure is an imperfect answer to user authentication online. One difficulty in fighting online fraud is that it is hard to tell whether the person using card data is actually the cardholder. 3D Secure adds a level of user authentication by requiring the customer to enter a passcode or biometric data in addition to payment data to complete a transaction online. Merchants who implement 3D Secure risk higher shopping-cart abandonment.

In full, the report:

  • Assesses the fraud cost to US retailers and how that fraud is expected to shift in coming years

  • Provides 5 high-level explanations of the top payment security protocols

  • Includes 7 infographics illustrating what the transaction flow looks like when each type of security is implemented.

  • Analyzes the strengths and weakness of each payment security protocol and the reasons why particular protocols are being put in place at different types of merchants

To get your copy of this invaluable guide, choose one of these options:

  1. Subscribe to an ALL-ACCESS Membership with BI Intelligence and gain immediate access to this report AND over 100 other expertly researched deep-dive reports, subscriptions to all of our daily newsletters, and much more.
  2. Purchase the report and download it immediately from our research store.

The choice is yours. But however you decide to acquire this report, you’ve given yourself a powerful advantage in your understanding of payments security.

Author : Andrew Meola

Source :


World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.