Fraud findings

Separate reports released by CyberSource Corp. and Trustwave in early 2012 detailed incidents and costs of data breaches and online fraud in 2011.

CyberSource's survey

Visa Inc. owned CyberSource issued the 2012 edition of its Online Fraud Report on Jan. 24. The 13th annual report of its kind, it takes a slightly different analysis of fraud than other, similar reports in that it calculates total fraud rates based on chargebacks and credits issued to customers by merchants instead of assessing chargeback activity only. A total of 325 electronic e-commerce companies, representing $83.3 billion in online sales, responded to the survey. Here are some of the CyberSource statistical findings:

CyberSource report highlights

• In 2011 merchants lost 1 percent, approximately $3.4 billion, to fraud.
• The percentage of orders lost to fraud in 2011 decreased 33 percent, but the $3.4 billion lost to fraud during the same time period is a $700 million increase over 2010.
• Order rejection rates due to suspected fraud increased in 2011 to 2.8 percent.
• Chargebacks accounted for an average 41 percent of fraud loss. The majority of fraud loss was the result of merchants crediting accounts from customers who claimed to have had their accounts hijacked.
• Merchants rejected international orders three times as often as domestic orders (7.3 percent versus 2.8 percent) due to the perception that international orders are riskier than domestic ones.
• Merchants are turning more to manual reviews of charges to combat fraud. Seventy-five percent of merchants surveyed said they conducted the expensive, time and resource consuming manual reviews in 2011. This is up from 72 percent in 2009 and 2010
• Merchants who conducted manual reviews in 2011 did so with 27 percent of their orders, on average. This is an increase from 24 percent in 2010.
• Eighty-two percent of merchants said their fraud budgets will stay the same or decrease in 2012.
• Ninety-two percent of merchants don't know what their mobile fraud rate is; 7 percent believe mobile fraud is lower than or the same as their online fraud; 1 percent believe their mobile fraud is slightly higher than their online fraud.

For more on information the CyberSource report go to: www.cybersource.com/fraudreport2012 .

Trustwave's analysis

Information security company Trustwave analyzed more than 300 suspected 2011 data breaches drawn from more than 2,000 penetration tests it performed for clients around the world to compile the Trustwave 2012 Global Security Report issued Feb. 6. This is the third year the company has issued a report on global security.

Nicholas Percoco, Trustwave Senior Vice President and Head of Trustwave's research arm, SpiderLabs, said the new study found law enforcement is doing a better job of detecting data breaches, the number of breach incidents in the hospitality industry has "dropped significantly" in 2011 from a peak in 2009, and the restaurant industry continues to suffer a significant number of breaches.

Trustwave report highlights

Here are some of the Trustwave findings:

• Attackers target personal information of customers in 89 percent of breach incidents.
• Forty-four percent of breach investigations were performed for the restaurant (food and beverage) industry.
• More than 33 percent of breach investigations were conducted for a franchise business.
• In 78 percent of Trustwave's incident response investigations a third party responsible for system support, development and/or maintenance was responsible for security problems.
• Law enforcement's detection of breach incidents climbed from 7 percent in 2010 to 33 percent in 2011.
• In 62.5 percent of breach incidents, criminals were successful in embedding malware to capture information "in-transit" within the victim's technology environment.
• Anti-virus programs were successful in finding malware in "less than 12 percent" of the investigations.
• Structured query language injection attacks remained the preferred method for data breach criminals in 2011 for the fourth year in a row.
• "Password" is "the most common password used by global businesses … because it satisfies the default Microsoft Active Directory complexity setting," the report said.

Percoco noted that only 16 percent of data breach incidents were self-detected. "In restaurants there was very little incident of attacks as a result of malicious insiders," he said. "The majority of data breaches, 61.7 percent, were the result of remote access systems."

For more information, data analysis and strategy recommendations download the report here: www.trustwave.com/global-security-report .

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.