Study respondents are not only aware of fraud, a full 65% are attempting to address it through active verification systems like Verified by Visa and MasterCard SecureCode. That's an admirable effort, said SignatureLink CEO Greg Wooten, but it's often a case of the cure being worse than the disease.
"We applaud the many merchants using active authentication techniques," Wooten stated, "but the user experience could be improved among legitimate customers by deploying risk-based passive authentication to invoke active authentication."
The study also showed that 52% of merchants are performing pre-fraud screening, typically geolocation of the customer's IP address. Unfortunately, fraudsters can easily manipulate those screening solutions.
"Very few merchants are using second-generation geolocation solutions," explained Wooten. "The problem is that a fraudster with any skill whatsoever simply spoofs his IP address and easily bypasses a first-generation geolocation filter. The merchant ends up with a false sense of security while remaining vulnerable to fraud."
Perhaps the greatest opportunity for merchants to shore up their e-commerce fraud fighting efforts lies in chargeback prevention and management. The atudy revealed that only 10% of merchants collect the buyer's consent to their terms and conditions (T&Cs) and refund policies through voice or signed consent. Of the remaining 90% of merchants, 50% simply require the customer to check a box during the online checkout process, and 40% never require the buyer to consent to anything at all.
That means 90% of merchants engaging in e-commerce are leaving themselves wide open to cybershoplifting, where the customer makes a purchase, receives the merchandise, and then disputes the transaction with his or her credit card company, triggering chargebacks for merchants.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.