Researchers and risk-control firms have been monitoring the increase in e-commerce fraud for years, and it’s hit home for a group of merchants surveyed by American Express Co. A newly released AmEx survey that included 400 business leaders says they estimate 27% of their firms’ annual online sales are fraudulent transactions, up from 18% in 2018.
The findings are in AmEx’s 2019 Digital Payments Survey. AmEx noted the merchant part covered fraud on other payment types, not just on AmEx cards. Besides the businesses, AmEx polled 1,004 consumers in August and September who had made three or more online purchases in the past 12 months, with the respondent pool weighted according to U.S. Census Bureau demographics based on gender, age, education, race, and region.
New York City-based AmEx didn’t reveal details about the merchant sample, but said the responding executives have decision-making responsibility for customer-payment options, IT and data security, or online sales strategy and planning. The respondent companies also must offer credit/debit card and online/mobile-payment options.
Nearly 77% of business respondents said their company has been a victim of some type of fraud, including stolen (37%) or counterfeit (33%) credit cards; card skimming, 29%; employee fraud, 36%; chargeback (36%) or return fraud (31%); and gift card fraud, 32%.
While the survey report doesn’t go into detail about the reasons behind the online-fraud increase, Robin Trickel, AmEx vice president of global network operations, says several factors are involved. They include the much-documented migration of fraud to online channels thanks to the introduction of EMV chip cards in the U.S., which has made once-common counterfeit card fraud at the point of sale much harder to commit.
“With the introduction of the chip card, we are now instead seeing growth in online or card-not-present fraud,” Trickel tells Digital Transactions News by email. “From theft of log-in credentials at scale, to vishing [fraudulent phone calls or voice mails intended to get a consumer to reveal card numbers or other financial and personal data], phishing and malware attacks, the ways that fraudsters are operating is becoming increasingly sophisticated.”
For merchants, these trends mean “significant fraud losses and higher disruptions at checkout, resulting in customers abandoning their purchases altogether,” Trickel says.
Aite Group LLC recently predicted U.S. card-not-present fraud will increase from an estimated $5.5 billion this year to $6.4 billion in 2021.
While they’re experiencing a wave of online fraud, many merchant respondents admitted they don’t use all available prevention tools. For example, 87% believe CVV [card verification value] codes are effective in thwarting fraud, but only 53% require customers to enter them at checkout. Nearly as many, 85%, believe Web-site data encryption is effective, but only 44% use it on their sites. Seventy percent of respondents said they believe tokenization increases security, but just 19% “put this tactic into practice,” the survey report says.
Why usage of fraud-control tools greatly trails merchants’ enthusiasm for them is partly explained by the desire of online retailers to balance security with customer convenience at checkout. But Trickel also says “dealing with fraud can be challenging, particularly since many third-party fraud vendors are cost-prohibitive for small businesses. This is one reason we made sure our fraud tools are free to merchants—to remove barriers and increase likelihood of adoption, and to help erase any cost-versus-benefit decision.”
AmEx has implemented machine-learning models Trickel says are effective in monitoring and preventing fraudulent transactions in real time. Other AmEx risk-control services include Enhanced Authorization, SafeKey 2.0 and Card Member Notifications. “However, these tools are only effective when we can partner with merchants to increase the flow of information both ways in the name of fraud prevention,” Trickel says.