The Green Sheet Online Edition
November 09, 2015 • Issue 15:11:01
Losses mount from fraud, cyber-attacks
Retailer losses to fraud this year will amount to 1.32 percent of revenues, a whopping 94 percent increase over 2014 losses, according to the latest LexisNexis True Cost of Fraud Study. The biggest losers will be mobile and international merchants, according to the study.
In a separate study, the Ponemon Institute, which tracks online crimes, reported that the average cost to an organization in the United States that gets attacked by cyber-criminals is $15 million. That represents a 20 percent increase over 2014 costs and an 82 percent increase over the course of six years. Additionally, the average time it takes to resolve a cyber-attack (at 46 days) has grown by 30 percent over the last six years, said Dr. Larry Ponemon, founder and Chairman of the Ponemon Institute.
"As organizations increasingly invest in new technologies like mobile, cloud and the Internet of Things, the attack surface for more sophisticated adversaries continues to expand," said Sue Barsamian, Senior Vice President and General Manager for Enterprise Security Products at technology giant Hewlett-Packard Co. HP sponsored the Ponemon study, which is now in its sixth year.
Debit card fraud on the rise
The LexisNexis report, meanwhile, revealed a recent surge in debit card fraud, suggesting that crooks are making last-ditch efforts to use stolen card data in the runup to widespread Euorpay, MasterCard and Visa (EMV) implementation in the United States. Merchants accepting debit cards attribute 30 percent of fraud in 2015 to stolen card numbers; in 2014 it was only 16 percent, LexisNexis reported.
Merchants are not the only businesses suffering the consequences of increasing fraud threats. "Consistent with merchant trends, financial institutions agree that debit card fraud is a growing challenge facing their industry," LexisNexis reported.
Cleveland Brown, Chief Executive Officer at Payscout Inc., a Los Angeles-based ISO that focuses on e-commerce and international merchants, described the reported increase in debit card fraud as "a last grab" on the part of fraudsters before EMV makes stolen card numbers less attractive. Next up: e-tailers and smaller firms. Most big-box stores now use point-to-point encryption to further protect customer card information. "The crooks are looking at smaller businesses that lack sophisticated security measures like encryption. Those are going to be their next targets," Brown said.
Too many manual reviews?
Another unsettling trend uncovered by LexisNexis is growing merchant dependence on manual processing for items flagged as suspicious. "Manual reviews are time-consuming and expensive," said Dennis Becker, Vice President for Corporate Markets at LexisNexis Risk Solutions. Yet, he noted, nearly half (46 percent) of flagged transactions are reviewed manually.
"Financial industry executives are split on their assessment of chargebacks," the LexisNexis study report noted. "[O]ne executive maintaining that they saw fewer chargebacks from merchants in 2015, another executive asserted success in transferring liability to merchants."
Monica Eaton-Cardone, Chief Operating Officer at Chargebacks911, a chargeback and risk mitigation firm, suggested that plenty of businesses remain in the dark when it comes to dealing with fraud. "Many businesses still don't know how to fight against chargebacks and other forms of fraud in a healthy, cost-effective manner," she said. "Utilizing technology where it exists will help drive down the costs of fraud by lessening the need for manual review."
This will become especially apparent with the upcoming holiday season. "Black Friday and Cyber Monday are peak days for shopping, but they're also typically rife with fraud," Eaton-Cardone noted.
Brown believes ISOs and acquirers must do more to help get merchants up to speed on fraud threats. "It's critical in our industry that customers are consistently educated about what's going on with fraud," he said.
This is the seventh true cost of fraud study prepared by LexisNexis in as many years. The study draws from a survey of 959 risk and fraud experts and was conducted by Javelin Strategy & Research. A key feature of the annual study is its analysis of the all-in cost per dollar of payment fraud (direct and indirect costs combined). This year merchants are spending $2.23 dealing with every $1 in fraud.
That's down from $3.08 in 2014, but LexisNexis warned the decline is not necessarily cause for celebration. "With the surge in fraud through remote channels, merchants were increasingly liable for a greater portion of chargebacks," the company stated. "This has the effect of driving down the multiplier cost as it increases the direct losses relative to other fraud-related expenses."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.