When it comes to fraud in e-commerce, there are victims on both sides of the fence. Shady shops and crooked consumers are both culpable in an almighty criminal economy that costs the UK billions of pounds each year.
Fraud takes many shapes online and the largely unregulated nature of the internet means more and more criminals are taking the opportunity to move their crooked business on to the web.
Public confidence in online purchases is at an all-time high and growth in internet-based sales has outstripped the high street for many years. Yet the web’s popularity is creating fertile ground for criminals and retail fraud online leapt 23 per cent in the UK last year alone, according to the National Fraud Authority.
About £1.3 billion-worth of counterfeit goods will be traded in the UK during 2013, much of it online, and items for sale range from film and music downloads to fake brands of clothes, booze, cigarettes, even medicine.
Consumers are often innocent. A recent study by MarkMonitor shows that for every knowing purchase of fake goods, 20 purchases are made by bargain hunters.
Tell-tale signs of cybercriminal activity are observable in forums and comment pages across the internet, with posts promoting illicit trade either directly in sales-type messages or through rogue links accompanying unrelated comments.
The growing number of consumers shopping on mobile phones is adding impetus to the crime
“Not only are these cybercrime traders sophisticated business owners in their own right, many are exploiting the vulnerabilities of legitimate small businesses to promote their illegal services,” says Raj Samani, chief technology officer at McAfee EMEA [Europe, the Middle East and Africa].
For the millions of owners of legitimate e-commerce businesses, the ramifications of fraud can be profound. Research by Chase Paymentech Europe shows that every £100-worth of fraudulent purchases costs honest retailers £270 in chargebacks, fees, interest and fines, as well as loss of stock.
Criminals – often organised international gangs – use increasingly sophisticated techniques to steal merchandise from retailers using fake credit cards, fake identities or fake claims for compensation. Scams range from the basic “I didn’t receive my order, please send another” to intricate swindles involving stolen credit cards and proxy servers masking scammers’ locations.
CyberSource’s 2013 UK e-Commerce Fraud Report calculates that 0.9 per cent of transactions are fraudulent and the cost to retailers of lost revenue went up 3 per cent last year alone. The growing number of consumers shopping on mobile phones is adding impetus to the crime.
“Although the percentage of fraudulent orders is low, the increasing use of mobile, which is more vulnerable to fraud, indicates that it is growing, especially in terms of monetary value as the volume of online sales goes up online,” says Philip James, joint head of technology at Pitmans.
Fighting the fraudsters means adopting a multi-layered approach to security, which covers the full suite of potential vulnerabilities. It also means striking a balance between tightening up, while maintaining a good experience for genuine customers.
“As far as limiting the dangers resulting from a fraud involving data theft, analyst firms such as Gartner and government regulators such as the UK ICO, agree on a few basics,” says Pravin Kothari, chief executive of cloud information protection company, CipherCloud.
“Deploy the strongest level of encryption available, which right now is offered by the AES 256-bit standard, to scramble sensitive data into gibberish. Then enable the customer to retain the encryption keys so that no third parties can access data in its clear text form.”