December 13, 2017 By Derek Brink 3 min read

This is the second installment in a two-part series about e-commerce fraud during the holiday shopping season. Be sure to read part 1 for the full story.

The holiday season means major booms for retail sales, especially for e-commerce merchants who have to deal with the Santa Claus problem of figuring out whether a given online transaction is naughty or nice (e.g., fraudulent or legitimate) quickly and effectively.

Recent research from Aberdeen revealed that while e-commerce merchants are generally doing a good job at minimizing the impact of the naughty (e.g., fraudulent transactions that should not have been accepted, which lead to chargebacks), they are missing out on too much of the nice (e.g., legitimate transactions that are not accepted, which lead to false declines).

Altogether, e-commerce fraud costs retailers between 45 and 60 cents for every dollar in overall industry profitability. These figures include not only the cost of fraud, such as declines and chargebacks, but also the cost of making decisions about fraud (e.g., people, tools and data).

Making Faster, Better Decisions About E-Commerce Fraud

As everyone knows, Santa Claus himself keeps track of naughty and nice by making a list and checking it twice — but even he can’t take too long to make these decisions and still meet the expectations of his recipients for on-time delivery. The same is true for e-commerce merchants: Just a few seconds of delay in the buyer’s online experience or unacceptably slow delivery of purchased goods and services can lead online buyers to take their business elsewhere.

Capabilities for making better, more cost-effective and faster decisions about e-commerce fraud can help online merchants:

  • Minimize the negative impact of fraudulent transactions (e.g., manage the costs of chargebacks to an acceptable level).
  • Maximize the positive impact of legitimate transactions (e.g., increase top-line revenue by cutting down on false declines).
  • Reduce the likelihood of abandoned transactions (e.g., improve the buyer’s online experience by making approval decisions that don’t affect buyer expectations for web performance).
  • Increase the likelihood of repeat business (e.g., improve the buyer’s overall satisfaction by making approval decisions that don’t affect buyer expectations for physical delivery).
  • Manage the total cost of e-commerce fraud (e.g., achieve a balance of all of the above to reflect strategic business objectives).

Slow Decision-Making Leads to Late Deliveries

To illustrate the impact of how long it takes to make business decisions about e-commerce fraud, consider the following empirical findings from the Aberdeen report for online merchants in the consumer electronics market segment. For research purposes, consumer electronics includes items as varied as televisions, laptop computers, digital cameras, flash drives, drones, electric scooters, hoverboards and wireless earbuds. If it’s powered by batteries — with the exception of vehicles — it likely falls into this category.

Source: Aberdeen

As shown in the chart above, the time to make business decisions about e-commerce fraud is currently chewing up a significant portion of the typical order-to-shipment targets.

  • For an order-to-shipment target of 72 hours, the impact of making business decisions about e-commerce fraud ranges from 11 percent to 67 percent, with a median of 33 percent.
  • For an order-to-shipment target of 48 hours, the impact of making business decisions about e-commerce fraud ranges from 17 percent to 100 percent, with a median of 49 percent.
  • For an order-to-shipment target of 24 hours, the impact of making business decisions about e-commerce fraud ranges from 33 percent to 200 percent, with a median of 99 percent.

In other words, although the current level of performance for making decisions generally fits within an order-to-shipment target of 72 hours, this is a problem that will only grow worse under market pressure for faster delivery. In fact, it eventually becomes untenable: For an order-to-shipment target of 24 hours, the empirical data shows that online merchants will miss their target and ship late literally half of the time.

These numbers highlight the importance of implementing robust fraud protection solutions to safeguard both retailers and consumers, and to ensure that fraudsters find nothing but coal in their stockings this holiday season.

Do Faster Payments Mean Faster Fraud? Read the white paper

More from Fraud Protection

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today