Who is affected by fraud depends on the product margin, the basket price, the geographic scope of the market, the sector and type of activity, the volume of orders... Through this post we look at the evolution of risk according to these factors and in particular, we look at the basket price .
If you are an artisan or a young e-commerce site, fraud is unlikely to hit you because your volume of sales is low, what you sell is specific, and you are not a well known brand.
But what happens when you do not trade locally anymore, but nationally and eventually internationally. Unsurprisingly risk increases. By two. By three. Ten ... To the point where you refuse customers according to their geographical area of origin.
Then, high baskets prices are often associated with fraud. But this is not the case . High baskets are not those with the most frauds. In contrast low baskets, such as micro-payments, give e-retailers a false sense of security. Why would a fraudster give into the pain of making a fraud on such a small payment?
If fraud on high baskets tend to crystallize attention of experts, online retailers, media and the general public, in reality risk decreases when the price baskets increases.
If this is counter-intuitive at first glance. When reflecting on it. It makes sense.
First e-retailers and their experts tend to look high baskets with more attention than the average baskets. Meanwhile, fraudsters have grasped that it was better to hide in the mass rather than to draw attention on unsually high basket prices.
In the field of micro-payment there is:
- Telephone refills from Lebara or Bouygues 5-10€,
- Video on demand for 2-3€ by Netflix or Orange,
- Or the phone for 1€ by OVH (Fax, Sip) .
This area has two characteristics:
- the low amount of each transactions and
- the needed volume to generate revenue .
For e-merchants and issuing banks (i.e. the bank issuing the card of the customer of e-commerce sites), to detect fraud on micro-payments and to escalate those to card associations like Visa and MasterCard, costs them more than to absorb the losses in their P&L...
Structurally, fraud on micropayments tend, therefore, to be underestimated and overlooked. while they are not without risk for e-retailers. Far from that. See the next example.
In October 2014, Redbox Instant by Verizon (a Netflix equivalent) shutdown. Why? Because automata were registering (stolen) databases of real people to the service.
The purpose of this attack was to test credit card numbers in industrial quanties, so that those cards whose payment was authorized, could be resold on the black market with the label "tested card". This way, fraudsters multiplied the value of their final product (the stolen card) by two, ten, or a hundred times . Depending on arrivals.
In conclusion, in this post we have analyzed Who is concerned with the fraud. We talked of risk factors such as the product specificity of e-retailers, the geographic extent of their market, and the mean price of their baskets.
However it is clear that our "robot portrait" of fraud is erroneous since we believe that high baskets are more likely to be fraud (which is untrue), and we tend to underestimate fraud on small amounts.
In this regard, our next post will address the recent trends of fraud in the e-commerce, including the industrialization of the professionalization of the fraud.
- Livre Blanc, Fraude à la Carte Bancaire, Certisim, 2013
- Why the writing may be on the wall for Redbox Instant, Sep 30, 2014
- How E-Merchants Enable the Sale of Stolen Cards, Sep 30, 2014