In Down Times, Are Employees Approving Too Many Suspect Transactions?

Online retailers are relying too little on automation to thwart online fraud, meaning too many employee hours are spent reviewing orders that shouldn't have raised any flags of suspicion, according to a new report from security vendor CyberSource. In publishing the results of its 10th annual survey of E-Commerce fraud, the California company said E-tailers continue to lose 1.4 percent of their online revenue to fraud (the same rate of loss CyberSource has seen since 2006) and they compound those losses by failing to sufficiently trust fraud-detection technology. Retailers told CyberSource they ended up accepting 73 percent of the online orders they manually reviewed this year. "They are looking at too many good orders and they should try to be smarter as to what they give to the manual review team for review," said Doug Schwegman, CyberSource director of market and customer intelligence. According to CyberSource's research, in companies that use people to review online orders, about a third of all orders are scanned by those people. With the downcast economy forcing layoffs at many retailers, it could be argued (and not only by those in the business of automated fraud scanning) that employee energy could be better spent. Although companies have been reluctant to trust technology to sniff out crooks, CyberSource said the squeamishness does seem to be fading. "This year's survey asked merchants about their plans to implement 14 tools that had also been studied in 2007," the report said. "In every case, the intent to implement increased — in some cases by as much as two to three times." CyberSource said retailers figure they lost a record $4 billion in 2008 to online fraud. Last year's figure was $3.7 billion. This year, in their struggle to find revenue, retailers accepted a higher percentage of orders compared with last year, and the number of orders that were rejected due to suspicion of fraud declined significantly. CyberSource said order rejection rates held steady at about 4 percent for several years. But in 2008, that rate dropped to 2.9 percent. "Falling rejection rates coupled with steady fraud rates imply that merchants are more successful this year than in previous years at fighting fraud," CyberSource noted. Either that or they're willing to take a lot more chances in a down market. Most large retailers told CyberSource they automatically reject orders if their fraud-detection technology determines the customer is risky or an outright deadbeat. "Most require some other flag to be raised in the auto-screening process," Schwegman said. "Maybe the billing address doesn't match with the cardholder." In 2008, CyberSource saw increased usage of some newer fraud-detection tools such as device fingerprinting that issues alerts based on information gleaned from the consumer's Web browser. This technology is most helpful at thwarting fraudsters using the same computer to place multiple orders with different names. Schwegman said CyberSource believes companies that try can win one out of four challenges to credit-card chargeback attempts. "That's just money to your bottom line," he said. "You need to automate around that. It's another big area where IT can help merchants bring more profit to the bottom line."