July 18, 2014
UK small and medium-sized businesses are losing more than £22bn a year as a result of fraudulent transactions. That's the sobering claim made by Sage Pay in Payments Landscape Report, its in-depth study of payments industry trends.
According to the report, more than 40% of UK businesses have experienced fraudulent activity in the past year, with average loss equalling £4,515. Yet 39% of businesses don't spend anything on fraud prevention measures, while 21% don't know which fraud prevention tools they use and 42% are unsure if they comply with Payment Card Industry Data Security Standards.
Although such figures give great cause for concern, according to Sage Pay CEO Simon Black, some level of fraud is healthy. "Fraud levels are spiralling out of control and more must be done to reduce the amount of money lost each year," he said.
"But companies must be pragmatic – eradicating fraud completely could be damaging. Experiencing no fraud may mean your controls are too tight and legitimate transactions are being rejected. Many businesses simply void the transaction immediately if they suspect fraud, rather than undertake further checks. In doing so, they're likely to be turning away some genuine customers who have simply entered their details incorrectly.
"Although it can be tempting to tighten security controls in the face of fraud, it's worth keeping in mind that for every extra action a consumer is asked to make, you're prolonging their journey – and increasing the risk that they will drop out of the buying process."
Black recommended businesses trial protection tools to ensure they have the right systems to avoid hefty losses and rejection of genuine purchases. He added: "Beware of orders placed late night or early morning, as well as orders of high quantity or value. Always check that the delivery address is valid. Fraudsters will often try to get businesses to deliver to bogus addresses. PO boxes should always be avoided. Invest in geo-location technology to find the shopper's exact location, so you know whether the order is coming from a 'high risk' country.
"Cyber criminals are increasingly targeting the cardholder data you hold on your customers, so use 'tokenisation' to avoid storing payment data that can be compromised. Finally, analyse customer information and purchasing behaviour to build profiles that will help recognise genuine orders and alert you to fraudulent ones. These measures will go a long way to protecting merchants against online fraud via stolen cards and identity theft."