December 13, 2017 By Derek Brink 3 min read

This is the second installment in a two-part series about e-commerce fraud during the holiday shopping season. Be sure to read part 1 for the full story.

The holiday season means major booms for retail sales, especially for e-commerce merchants who have to deal with the Santa Claus problem of figuring out whether a given online transaction is naughty or nice (e.g., fraudulent or legitimate) quickly and effectively.

Recent research from Aberdeen revealed that while e-commerce merchants are generally doing a good job at minimizing the impact of the naughty (e.g., fraudulent transactions that should not have been accepted, which lead to chargebacks), they are missing out on too much of the nice (e.g., legitimate transactions that are not accepted, which lead to false declines).

Altogether, e-commerce fraud costs retailers between 45 and 60 cents for every dollar in overall industry profitability. These figures include not only the cost of fraud, such as declines and chargebacks, but also the cost of making decisions about fraud (e.g., people, tools and data).

Making Faster, Better Decisions About E-Commerce Fraud

As everyone knows, Santa Claus himself keeps track of naughty and nice by making a list and checking it twice — but even he can’t take too long to make these decisions and still meet the expectations of his recipients for on-time delivery. The same is true for e-commerce merchants: Just a few seconds of delay in the buyer’s online experience or unacceptably slow delivery of purchased goods and services can lead online buyers to take their business elsewhere.

Capabilities for making better, more cost-effective and faster decisions about e-commerce fraud can help online merchants:

  • Minimize the negative impact of fraudulent transactions (e.g., manage the costs of chargebacks to an acceptable level).
  • Maximize the positive impact of legitimate transactions (e.g., increase top-line revenue by cutting down on false declines).
  • Reduce the likelihood of abandoned transactions (e.g., improve the buyer’s online experience by making approval decisions that don’t affect buyer expectations for web performance).
  • Increase the likelihood of repeat business (e.g., improve the buyer’s overall satisfaction by making approval decisions that don’t affect buyer expectations for physical delivery).
  • Manage the total cost of e-commerce fraud (e.g., achieve a balance of all of the above to reflect strategic business objectives).

Slow Decision-Making Leads to Late Deliveries

To illustrate the impact of how long it takes to make business decisions about e-commerce fraud, consider the following empirical findings from the Aberdeen report for online merchants in the consumer electronics market segment. For research purposes, consumer electronics includes items as varied as televisions, laptop computers, digital cameras, flash drives, drones, electric scooters, hoverboards and wireless earbuds. If it’s powered by batteries — with the exception of vehicles — it likely falls into this category.


Source: Aberdeen

As shown in the chart above, the time to make business decisions about e-commerce fraud is currently chewing up a significant portion of the typical order-to-shipment targets.

  • For an order-to-shipment target of 72 hours, the impact of making business decisions about e-commerce fraud ranges from 11 percent to 67 percent, with a median of 33 percent.
  • For an order-to-shipment target of 48 hours, the impact of making business decisions about e-commerce fraud ranges from 17 percent to 100 percent, with a median of 49 percent.
  • For an order-to-shipment target of 24 hours, the impact of making business decisions about e-commerce fraud ranges from 33 percent to 200 percent, with a median of 99 percent.

In other words, although the current level of performance for making decisions generally fits within an order-to-shipment target of 72 hours, this is a problem that will only grow worse under market pressure for faster delivery. In fact, it eventually becomes untenable: For an order-to-shipment target of 24 hours, the empirical data shows that online merchants will miss their target and ship late literally half of the time.

These numbers highlight the importance of implementing robust fraud protection solutions to safeguard both retailers and consumers, and to ensure that fraudsters find nothing but coal in their stockings this holiday season.

Do Faster Payments Mean Faster Fraud? Read the white paper

More from Fraud Protection

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today