April 2, 2016
For a long time, there has been growing concern amongst merchants about the degree to which they are footing the cost of the rapidly increasing fraud problem. Trying to put a figure on what that cost is tough and fraught with difficulty. Individual merchants only have limited insight into the whole picture and many do not want to admit to having a problem with fraud in case it encourages more fraudsters to target it. Instead, we have an ongoing situation where the banks and consumers are largely protected from the worst aspects of fraud by the system of chargebacks. For those unfamiliar, the chargeback system operates by charging the merchant the cost of the fraudulent transactions along with an administration fee. This system spares the cardholder or bank from paying anything in the event of fraudulent activity and passes the responsibility on to the merchant, unless there is a liability shift via 3D Secure. The merchant can dispute the claim but there is a limited possibility of success and there is a cost for challenging it. For many, chargebacks are simply the cost of doing business and therefore, they invest in products and strategies aimed at stopping them before they happen. But what is this total cost that merchants have to bear? In the UK, the true picture is starting to emerge and it is pretty staggering. UK Office of Statistics reveals the startling size of online fraud There have been many multi-billion-dollar statistics that have been published claiming to know the cost but often, their origins are not credible or are being used promotionally rather than to inform the public. Recently, however, the Office of National Statistics released some numbers they found by surveying the public through the annual UK Crime Survey. They reported that there were an estimated 5.1 million incidents of fraud, with 3.8 million adult victims in England and Wales in the 12 months prior to interview – just over half of these incidents involved some initial financial loss to the victim, and includes those who subsequently received compensation in part or full. Their numbers are much higher than the official statistics recorded by the UK Police for fraud-related crimes. The reason for this discrepancy is because reporting rates are likely to be lower in cases where there is low or no harm, but mere inconvenience, to the victim. But, who is the victim in cases where there is no harm other than inconvenience? Surely, it's the party which suffers the financial loss and hence, not the consumer but the merchant. Therefore, why is it that the victim does not take a more active role in reporting the crime? Why the conspiracy of silence? If the merchants are the ones who suffer the most repercussions in fraud, then why aren't they taking a more active role in prosecuting the crime? Especially since it is often larger businesses that are targeted even though they have the resources to monitor all transactions. After all, a physical store wouldn't hesitate to prosecute shoplifters and restaurants would certainly call the police if someone dined and ducked. So why are they less vigilant in e-commerce?
The truth is that merchants themselves have little incentive to record the crime for multiple reasons:
-Declaring themselves vulnerable to credit card fraud may attract more fraudsters -Inaction by police once the crime has been reported -Significant follow-on costs in pursuing cases through the courts- -Lack of awareness of the scale of fraud; there is a feeling of being unlucky rather than systematically targeted by criminals
We have spoken to many merchants that have reported fraud once and sworn never to do it again after factoring in the indifference by police, the legal costs, court time, etc. Surprisingly, police indifference seems to be the biggest factor. The fact that most crime does not appear in official stats means there is little incentive by the police to pursue it. Additionally, there is little outcry from the public because in 62% of cases of fraud, the public is compensated. Merchant’s defence
So what options does a merchant have in cases of fraud? Where possible, a merchant should report a crime to the police or through initiatives like Action Fraud. Our own figures show that fraudsters will attack a merchant 19 times on average before being stopped. Therefore, actually having a fraudster arrested will stop not just one but multiple crimes. However, the chances of a successful prosecution remain slim. To make sure they're really protected, merchants need to invest in a fraud strategy. At Ravelin, we help businesses that need to make rapid decisions for large datasets using sophisticated techniques like machine learning and graph networks. Smaller merchants should have some rules in place within their payment system to flag up worrying-looking transactions. It is an arms race and the only way to win is to pay attention to the problem and stay ahead of the fraudsters. For when it comes to online payment fraud, sadly, the merchant largely stands alone.