Unlike bricks-and-mortar stores, whose fraud losses are covered by credit card companies including Visa (V) - Get Report and MasterCard (MA) - Get Report , online retailers are on their own. That means retailers with big online presences such as Nordstrom (JWN) - Get Report and Macy's (M) - Get Report have to reimburse customers whose credit card numbers were used fraudulently to buy merchandise on the Internet. Online-only retailers including Amazon.com (AMZN) - Get Report are on the hook for everything bought fraudulently.
So online retailers are now looking at fraud-detection software to analyze purchases for patterns -- "a dumbed-down version of what most banks and card processors [already] use," says Nikki Baird, managing partner at Retail Systems Research. This software looks for suspicious behavior such as a small gift card purchase on a new account followed by a large purchase, or a purchase from a new IP address in a foreign country.
While retailers have long been aware of the threat, online fraud is likely to keep growing, especially when the U.S. moves to cards with microchips later this year. These cards, known as EMVs, are better at preventing fraud in stores, but do nothing to prevent online fraud, where card numbers will still be used.
According to LexisNexis, overall fraud cost retailers $32 billion in 2014, a 38% increase from 2013, partly driven by a rise in fraud online, and specifically on mobile devices. And 42% of merchants with an online presence reported an increase in fraud. On mobile devices, the cost can be even worse, taxing merchants $3.34 for every dollar of fraudulent activity.
But the impact goes beyond the transaction itself. Retailers shell out tons of cash toward systems that can manual flagging fraud -- employing real human beings to go through shady-looking purchases and make sure they're legitimate. This takes time, which can delay the delivery of products to consumers.
Then there's the negative impact on customer relations from false positives, when a legitimate customer gets accused of fraud. The customer experience can also be harmed by the prevention methods themselves. Many retailers use what's called 3D Secure to securely process payments and transfer liability to payment card companies, but the process adds extra steps for the customer, which could end up preventing conversions.
Last but not least, combating fraud takes away precious time and energy that could be used in other areas of the business.
"Online retail is supposed to focus on growth and entering new markets and actual retailing, and instead of that, they're dealing with things that are not in their core expertise," said Noam Inbar, vice president of business development at Forter, a fraud-prevention company.
Forter's service is an example of a third-party solution that is trying to take some of the burden away from retailers by introducing technology and data to the picture. The company works with online retailers such as Jomashop.com and Heels.com to combat fraud in more efficient ways that provide real-time analysis to retailers.
Forter's technology recognizes patterns in real time and synthesizes data points such as social networks, demographics, mouse movements, browsing habits and purchasing power analytics. This helps it make a quick call on whether or not a purchase looks shady.
"The challenge -- the real nut to crack for fraud prevention -- is an online-based two-factor authentication," Baird said. "For example, there might be a future where you enter your credit card number to transact online, and then you receive a text message with a verification code that you would also have to enter."
Simply asking for the CCV number from the back of a credit card won't cut it anymore.
"Identity and access management, done correctly, can protect customers' privacy, save the enterprise millions in fraud costs, counter threats from malicious insiders, and thwart sophisticated cyberattacks -- without hurting employee and partner productivity, business agility, or customer experience," Forrester analyst Andras Cser wrote in a report titled Predictions 2015: Identity Management, Fraud Management, and Cybersecurity Converge.
Cser warns that fraud cannot be viewed in a silo as it often leads to or is connected to data breach. Knowing that, retailers should prioritize fraud prevention, and look into new technologies to create a multilayered approach to it. That may mean employing a third-party service like Forter, or it may involve using biometrics or two-factor authentication to verify mobile users. For instance, the iPhone 6 and 6 Plus let retailers use fingerprints to verify a shopper's identity.
Authentication can also take into account IP addresses, device fingerprints, time of day, clickstream data or other contextual factors. All of this data can be used to create a fuller picture of a customer and more easily flag fraudulent behavior.
"Fraudsters are not going to disappear," Inbar said. "The barriers to entry in e-commerce are easier. It's going to increase fraud rate. The problem is going to get much bigger.
"Fraudsters are much more agile and fast than any big organization," she said. "Big organizations are unfortunately a bit slower to respond to these threats. The organizations will have to react a bit faster."
--Written by Rebecca Borison in New York
>Contact by Email.