Fraudsters are moving more of their business online, following merchants as they go digital.
Fraudulent purchases total 1.47 percent of merchants’ revenues, according to the LexisNexis Risk Solutions True Cost of Fraud report, set to be released next month at the Card Not Present Expo. That’s up from 1.32 percent a year ago and a big jump from 0.68 percent two years ago.
Mobile commerce and international companies were the hardest hit, with fraud totaling 1.69 percent of sales.
Aaron Press, director of e-commerce and payments at LexisNexis Risk Solutions, said there is no one right number, but that best practices for the area would suggest that fraud between 0.3 percent and 0.6 percent of sales is the sweet spot.
“One percent lost to fraud, that starts to set off certain kinds of signals,” Press said. “That’s sort of the upper limit that everybody’s trying to stay below.”
There’s a balance to be struck, though.
“Zero fraud isn’t hard — you would just have zero sales,” Press said. “There’s a certain amount that is tolerable, and is a cost of doing business. You want to manage that certain level.”
The LexisNexis study included a February survey of 1,007 risk and fraud executives at multichannel retailers and e-commerce firms.
It also found that:
• The volume of successful fraudulence rose 32 percent, at all kinds of merchants, over a year earlier, with an average of 206 fraudulent transactions per month.
• The value of successful fraudulent transactions increased 29.2 percent, to $146.
• Every dollar of fraud cost merchants $2.40, up from $2.23 a year ago, according to the LexisNexis Fraud Multiplier.
• The number of prevented fraudulent transactions rose 33 percent, to 236 per month.
Press said the bad guys have been moving to fraud on the go, particularly as merchants shift in stores to the more-secure EMV cards, which create a unique number for each transaction.
“What we’ve been seeing for a while is, mobile creates a lot of complexity,” Press said. “It makes it harder for the merchants to collect the same kinds of information that they’re used to collecting. Anytime you change something about the environment, somebody’s going to find a [security] hole.”