Friday, September 16, 2011
A new LexisNexis Risk Solutions study conducted by Javelin Strategy & Research looked at how fraud impacts U.S. retail and financial industries and consumers. It also assessed the impact of fraud on U.S. merchants doing business internationally.
The report contains good news in that it found a decline in fraud rates and fraudulent transactions as total retail sales grew over the last year. Consumers saw a decline in losses.
On the negative side of the ledger, consumer fraud loss still amounted to more than $100 billion last year and the average dollar amount of fraudulent transactions rose. The study found cyber thieves are getting more sophisticated and are heavily involved in emerging payment markets. The report also discovered it took 57 percent longer to recover from fraud damage last year, compared with the prior year, while the cost of recovering from cyber theft rose by an average of $244.
The study also found, "Midsize to large merchants are bearing higher proportions of fraud losses due to chargebacks and also paying an additional $2 for every dollar lost in fraud." Midsize merchants are defined as earning between $5 million and $50 million a year. Large merchants earn more than $50 million or have 1,000 or more employees.
Another finding is that fraud could be poised for an upswing because of the higher dollar amount of thefts, indicating the nature of transactions is becoming more severe. "The most lucrative areas of growth for retail merchants – international, mobile and e-commerce – tend also to be the most susceptible to fraud and face the greatest risks," the report said. "Small merchants show increased interest in adoption of alternative and mobile payments; they also seem most vulnerable and least equipped to handle the threats posed by these emerging channels."
Additionally, the study revealed the costs of cyber theft to e-commerce and mobile merchants are "large in dollar amount." Large merchants are particularly targeted by large-dollar fraudulent transactions, the report's authors said. Similarly those firms venturing into international markets find they lack control and are targets for identity theft and other forms of cyber fraud.
The report also indicates merchants are becoming complacent. "Merchants report significantly higher levels of satisfaction with existing online fraud detection tools over last year, even though higher-dollar-value fraudulent transactions are seeping through this year," the report said. "They also report lowered use of these tools."
The LexisNexis/Javelin study survey included a panel of 1,006 merchants and more than 5,000 U.S. consumers. It can be downloaded here: solutions.lexisnexis.com/forms/em10retail2010tcfwebinarfall42302 .
In testimony delivered Sept. 15, 2011, before the House Financial Services Committee's Subcommittee on Financial Institutions and Consumer Credit, Gordon Snow, Assistant Director of the FBI's Cyber Division, delivered a fraud assessment that reached the much the same conclusions as the LexisNexis study: cyber crime will get worse before it gets better.
"The number and sophistication of malicious incidents has increased dramatically over the past five years and is expected to continue to grow," he told the committee. "As business and financial institutions continue to adopt Internet-based commerce systems, the opportunities for cyber crime increase at retail and consumer levels."
Snow told the committee he believes cyber criminals can "significantly threaten" the U.S. economy. "Given the abundance of potential victims and profits, cyber criminals will likely continue to target these entities," he testified.
Snow said the most common frauds occur in money transfers and card counterfeiting against financial institutions, payment processors and merchants. The FBI is currently investigating 400 alleged account takeovers in which unauthorized automated clearing house and wire transfers were made from U.S. bank accounts.
Snow said payment processors are a favorite target of hackers looking for the personally identifiable information (PII) of millions of individuals. This information can include everything from name and Social Security number to bank account numbers, phone numbers and local address.
Thieves are also targeting ATMs and POS terminals with skimmers, which are fake terminals that criminals swap with legitimate terminals in order to capture or steal PII. The skimmers mirror the actions of real terminals but record and, if they are Bluetooth-enabled, instantly transmit the information to the fraudsters.
Snow reported criminals have been able to duplicate the look of ATM anti-skimming tools. Thieves were able to attach the devices to ATMs to make them look identical to machines with the new high-security devices. He testified POS terminals are particularly vulnerable to fraud to the point where cyber criminals successfully installed sophisticated "sniffer" programs into "smart" cash registers that stole PII resulting in a loss of $600,000.
Snow said the losses to fraud are difficult to calculate. "Often, businesses are unable to recoup their losses, and it may be impossible to estimate their damage," he said. "Many companies prefer not to disclose that their systems have been compromised, so they absorb the loss, making it impossible to accurately calculate damages."
According to Snow, improving security and risk management practices can mitigate the impact of fraud, but risk will remain high until consumers become more security conscious. He promised the FBI would continue it efforts to stop cyber crime by continuing to share information and conduct strategy sessions with government and industry to ensure cyber threats are dealt with quickly and effectively.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.