According to a study by Sage Pay, more than 40 per cent of businesses have experienced fraudulent activity in the past year, with each losing an average of £4,515.
Despite this, more than one third (39 per cent) of businesses don’t spend any money on fraud prevention, while 21 per cent don’t know what fraud prevention tools they use. Some 42 per cent of companies don’t know if they are PCI DSS compliant.
The findings have been released as part of Sage Pay’s Payments Landscape Report, an in-depth study looking at trends in the payments industry.
But while the statistics are alarming, there is such a thing as a ‘healthy’ level of fraud, according to Sage Pay CEO Simon Black.
He says, ‘Eradicating fraud completely could be damaging for a business. Experiencing no fraud may mean controls are too tight and legitimate transactions are being rejected. Many businesses simply void the transaction immediately if they suspect fraud, rather than undertake further checks. In doing so, they’re likely to be turning away genuine customers who have simply entered their details incorrectly.’
Black adds that although it can be tempting to tighten security controls in the face of fraud, it is worth keeping in mind that for every extra action a consumer is asked to make, you are prolonging the customer journey and therefore increasing the risk that the customer will drop out of the buying process.
In order to reduce online stolen card and identity fraud, Sage Pay encourages businesses to beware of orders that are placed late night or early morning, and orders of high quantity or value.
Additionally, companies should always check that the delivery address is valid. Fraudsters will often try to get businesses to deliver to bogus addresses. PO boxes, for example, should always be avoided.
The organisation also advises investment in geolocation technology to find the shopper’s exact location, to identify whether the order is coming from a ‘high risk’ country.
Black adds, ‘These measures will go a long way to protecting merchants against online fraud via stolen cards and identity theft. The other key area to combat fraud relates to the security of websites in terms of cyber-attacks and data breaches to obtain customer card numbers.’