The retail sites for Amazon.com, Apple, Best Buy, Target and Wal-Mart each saw more than 4 million unique visits Friday, comScore said, with Amazon receiving the most traffic (up 28% from 2008). Apple, Best Buy and Wal-Mart sites also experienced double-digit traffic gains. According to Experian Hitwise, another Web monitoring firm, other e-commerce standouts included Sears, Staples and Dell.

These results are welcome news for retailers who have been concerned that fear of identity theft could have a noticeably negative impact on sales. Just last week SC Magazine predicted overall online spending to be down this year because of such fears. Luckily, so far, this does not appear to be the case.

With online commerce looking healthy, online retailers can now turn their focus from enticing online shoppers to ensuring that the orders that are coming in are valid. With the increase in shopping will inevitably come an increase in fraud. Unfortunately, as the volume of orders increases, it often involves increased time spent on manual reviews to distinguish the fraudulent orders from the legitimate ones.

Periods of high volume online shopping, such as now, underline the need for effective tools that can identify fraud more quickly with less manual intervention. Running checks on the device history, in addition to credit, identity, and shipping information, are all important steps in finding (and stopping) online criminals and repeat offenders.

We at iovation wish all online retailers a profitable and fraud-free online shopping season!

But while that kind of fraud certainly does exist, there is another type of fraud that can be equally troublesome and, to some extent, even harder to combat: fraud committed by individuals using their own legitimate information. A very common example of this kind of crime is shipping fraud and it takes several different forms. Here are a few examples and tips on how companies can address this problem.

• Denying receipt of goods – In this case, an individual will legitimately place an order and actually receive the goods, but then turn around and deny that they were received. Strangely enough, people will even do this more than once for the same good after another item has been shipped. Online businesses that ship high-value goods often combat this by requiring signatures for receipt of goods. For many businesses, however, this is isn’t a practical solution. Ideally, organizations would like to be able to identify individuals who have a habit of doing this on any site.
• Denying the purchase – In this era of rampant identity theft, many individuals are using it to their advantage, claiming that their credit card was stolen and they were not the ones who made the purchase, therefore they should not have to pay for it. This is a hard type of fraud to detect and defeat, and the only real solution is to require a signature, or have an internal tracking system to identify repeat fraud.
• Returning the wrong good – I have talked with merchants before who have had individuals return old or damaged goods in place of the new ones they ordered and then demand a refund. These cases can be easier to address by simply refusing to refund the purchase, but they are still a problem that businesses would like to be able to address before shipping.

All in all, shipping fraud can be difficult to detect and defeat, but it is worth considering that typically individuals who do this once don’t quit while they’re ahead. Instead they become repeat offenders, targeting multiple online merchants. Tracking the activity of online criminals and sharing that information among a network of online businesses can significantly reduce this type of fraud. Imagine the benefit if businesses could identify the computer before a purchase was completed, and determine if that computer already has a history of shipping fraud.

There’s an old adage that applies here: “Fool me once, shame on you. Fool me twice, shame on me.”  When it comes to online fraud, businesses would do well to track fraudulent activity, learn from past experiences, and work together to minimize fraud this shopping season.

President Obama makes some important points indicating that our networks and IT infrastructure are important national assets and it is imperative to protect them. Acknowledging the growing strength of online spending, President Obama says, “The Internet and e-commerce are keys to our economic competitiveness.”

Cyber thieves are costing the U.S. and other countries billions of dollars in fraud losses every year; this is in addition to the significant impact that individuals suffer as a result of identity theft and the propagation of malware on personal computers. Obama calls on a public/private partnership to address this threat and secure our networks.

Regardless of your political leanings, providing a safe environment for online business is an important goal for our country and the rest of the world. There is no doubt that our online activities are under siege and jeopardized by an increasing cyber threat. Thwarting this threat and providing a safe environment for online businesses and individuals is a key mission for iovation and our customers.

The Merchant Risk Council (MRC) represents the largest and most influential constituency focused exclusively on making eCommerce more safe and secure. iovation is a proud sponsor of the Merchant Risk Council and brings you this interview and podcast with Executive Director, Tom Donlea.

Listen to the Podcast >

iovation: This is Scott Olson on behalf of iovation. I am here with Tom Donlea, the Executive Director of the Merchant Risk Council. Hi Tom.

Tom Donlea: Hi Scott.

iovation: Tom, as the Executive Director of the Merchant Risk Council, you lead this trade association made up of merchants, vendors, e-commerce management professionals, and law enforcement. I imagine this role gives you a great deal of insight into the key issues facing online merchants. After having just completed the Merchant Risk Council semi-annual platinum meeting and now preparing for the upcoming conference in March, is there one topic you would say is getting more attention than others?

Tom Donlea: Yes, Scott. I think for the MRC it has clearly been the economy. A lot of our merchants are increasingly focused on managing their costs and minimizing losses. They are getting a lot of pressure, so they are coming to the MRC with some very specific requests; three in fact. The first thing is they are looking for benchmarking data. They want to look at their costs, the resources they are using, and investments that they should put toward managing fraud risk.

Another piece of this, another part of the membership value, is utilizing the newest and most proven technologies available. They want to make sure that they have the right things in place, whether it is the device recognition, IP geolocation, or some of the other new technologies that are really key for the merchants.

The third thing that merchants are looking for is figuring out how to squeeze every dollar possible out of their program and their operational expenses. We are helping them connect with other members and learn about industry best practices to make sure that they are as efficient as they can be.

iovation: In recent e-commerce fraud surveys, Merchant Risk Council members show consistently lower fraud rates than the industry average. So from your experience, what are these businesses doing right?

Tom Donlea: Belonging to an organization like the MRC allows our member merchants to collaborate and then determine and discover best practices. Through our organization, the merchants have access to industry leaders. And through those presentations and forums, they are staying on top of the latest services from solution providers.

We introduce those topics and issues through webinars that we hold. We do about 20 a year right now. We hold two big conferences each year and we also have a wide enough member base from the merchant community that allows deep collaboration. Merchants from travel, gaming, the apparel industry, electronics—they are all able to gain a greater understanding of the solutions that are most widely adopted and are benefiting the bottom line, and that are, of course, appropriate for the business model.

Increasingly, merchants are looking to the MRC for advocacy. When we gather folks from the travel industry, for example, and we are hearing common issues that they have that are industry-wide issues, the MRC is positioning itself to go to battle, to cause positive change in the industry on behalf of those merchants. And we are excited to play that role.

iovation: You have followed iovation as one of the vendors and the growing interest in device-based fraud solutions for several years now. Would you say the use of this technology is now being considered a best practice for your members?

Tom Donlea: Yes, absolutely. On an annual basis, we do a fraud survey. Every year that we conduct this survey we ask our members, “What sort of third-party solutions or technology solutions are you adding to your arsenal of fraud detection tools?” Device reputation technology is one of the latest advances, and we see our merchants increasingly utilizing that type of technology to develop and enhance their fraud screening tools.

Of course, our merchants know that there is no single silver bullet that is going to eliminate fraud risk when it comes to accepting payments online. But they do know that they have got to have a diverse portfolio of tools. Not only do our members have lower fraud rates than the general industry standards for companies at the same level of revenue, but they also employ more tools than your typical e-commerce company. Through the MRC, and through meeting companies like iovation, they have learned that they must have a broad array of tools in order to meet the challenges of taking diverse payments online.

iovation: Speaking of tools and the different fraud types that your members address, most people think the Merchant Risk Council members deal primarily with financial fraud such as fraudulent chargebacks and payment fraud. What are the other risks that your Merchants are addressing?

Tom Donlea: It’s interesting that both security and authentication are becoming important issues. We’ve seen in recent headlines that data security is more and more of an issue with retailers and with consumers. The challenge for many of our e-commerce and multi-channel retailers is that they not only want to offer an inviting and convenient shopping environment for the consumer, they also want to provide the safety and security for that customer’s personal data. It’s a huge motivator for us to boost that consumer confidence in e-commerce as a channel; a focus on security is a part of that. We know that it’s important for the customers, as well as our members. The shoppers who are conducting business online, they’ve got to trust those MRC members before, during, and after placing an online transaction.

We’ve been very proactive in providing programs and events to educate retailers on the root causes of the data breaches, the regulatory issues involving the Payment Card Industry—or PCI, as we call it —and then providing them examples of compromised systems. What could have been done in advance to avoid that? Then, certainly, the remediation that happens following mistakes like the TJX breach, for example.

Authentication is another issue that we’re really focused on. Of course, authentication for financial transactions is always paramount for our members. I know iovation has lots of clients in the dating, social networking, gaming area. This has become an increasing percentage of our membership as well. For those companies, the customer experience, again, is paramount, which includes: “if I become a member of a social networking site, I want to avoid any sort of predatory behavior, phishing or any scams that are going on.” That non-financial authentication is a very, very big deal for those companies because they have to make sure that the customer experience is continually excellent.

iovation: Earlier, you mentioned that the economy was one of the major issues, and this past year, certainly, has been very challenging for a great majority of retailers across all categories. Yet the Merchant Risk Council has grown in both membership and participation. Why do you think this is?

Tom Donlea: Well, I like to think that our membership base is savvy enough to understand that it’s more vital to address fraud risk, security risk, and electronic payment issues during these hard times. They’re trying to squeeze cost out of operational systems, maximize the number of transactions they can take online, and the consumers, where they are as far as their level of safety with doing business online. MRC is bridging the gap between the merchant community and the issuer community, which includes financial institutions, who often times provide the primary interactions for that consumer in relationship to making payments online.

We’re developing forums that are allowing these communities to communicate with each other, and break down artificial walls that really do affect the consumer’s experience of placing a transaction online. We want the banks who are issuing credit cards and the retailers who are hoping to accept those legitimate transactions to have open communication and improve the industry through those efforts. We also provide active year-round forums for networking, for education, and then for advocating on behalf of our merchant members. The members that belong to the MRC, they benefit from having a distribution list that allows them to interact with their peers and competitors in a non-competitive way.

We provide benchmarking studies. We provide online learning. We have in-person conferences. We’re also expanding into Europe. I’m not sure that we talked about that but it’s very exciting for us. Then, we also have active year-round committees where folks are, again, focusing on common issues that need to be addressed by an industry group in order to improve the industry for the better. Now, more than ever, the MRC is providing resources that allow our members to address their current fraud and secured payment processes, improve their productivity, and increase profitability. Really, what we’re trying to do is make sure our members are looking out further on the horizon and are prepared for those challenges in our three program areas for fraud, security issues, and related payments on a global basis so that they’re really prepared for the future.

iovation: Certainly, the Merchant Risk Council plays a very important role in addressing online fraud and abuse. I really appreciate you taking the time today, Tom, to share with us some of the insights from the Merchant Risk Council and your members.

Tom Donlea: That’s great, Scott. We appreciate the chance to talk with you and we appreciate iovation’s involvement in the MRC.

To learn more about iovation’s fraud-fighting solutions that enable online retailers to prevent thousands of fraudulent activities each day—including credit card fraud, shipping fraud, identity theft, carding and more—watch this video, titled Preventing Fraud and Abuse in Online Retail.

There are many types of security threats out there that get significant press. Whether it is identity theft, credit card theft, account takeover, romance scams or money laundering, online crime is a very prevalent and understood component of the Internet.

But one type of fraud that isn’t often talked about—despite being a huge challenge for online merchants—is friendly fraud. Many of our customers struggle with friendly fraud on a regular basis.

Friendly fraud occurs when an individual makes a purchase online and then denies the purchase with their card company after they have received the goods. The chargeback is processed leaving the merchant ultimately responsible for the purchase. This can often coincide with denial of receipt of the goods or return of something other than the new goods that were purchased.

There are two basic challenges to catching friendly fraud. First off, standard identity and credit card checks won’t catch the fraud because the online consumer is the actual card holder. Then, in addition, there’s generally a significant time lapse between when the original purchase is made and when the chargeback is processed. During the months that it can take for a chargeback to show up, the person committing the fraud can make multiple purchases.

This is where a shared device reputation service, like that offered by iovation, can make a big difference and offer some very unique value. Typically, repeat friendly fraudsters do not limit themselves to one company. Instead they spread their purchases across multiple online merchants in an effort to acquire as many goods as possible without arousing suspicions.

The fact that these fraudsters are targeting multiple merchants at once makes the ability for those merchants to share fraud information extremely valuable. A shared device reputation service allows online merchants to benefit from the knowledge and experience of their peers so that if an individual commits friendly fraud at one merchant site, and then shows up at a second site, also protected by iovation, that second merchant will be alerted. With over 140 million devices in iovation’s Device Reputation Authority and over 2 billion online transactions checked for fraud, we at iovation offer a unique value to our customers. This is even more compelling because friendly fraud is a specific type of fraud we track among the 32 overall categories of fraud and abuse.

Friendly fraud isn’t so friendly and it is even harder to stop. The key to fighting cross-merchant fraud is being able to work together and benefit from the experiences of your peers.

Week at a Glance:

• March 9 – Opening Party at Blush Boutique, Wynn, co-sponsored by iovation
• March 10 – Platinum Member Meeting co-sponsored by iovation
• March 11 – General Conference & Exhibits (iovation booth #304)
• March 12 – General Conference & Exhibits (iovation booth #304)

On Wednesday, March 11th, iovation veteran Cory Swick will demonstrate how fraudsters are extending their scams and what online businesses can do to stop them. Emerging strategies of cybercrime will be discussed—from individuals targeting specific markets and organized rings of collusion to maturing fraud economies.

Presentation Details:

• Title:  Criminal Diversification: A Look at the Emerging Strategies of Cybercrime
• When:  Wednesday, March 11, 2009, 2:15 p.m. – 3:00 p.m. PT
• Where:  Wynn Las Vegas, Room – Lafite 6
• Speaker:  Cory Swick, Senior Enterprise Sales Executive

To meet with iovation at the event, please schedule a meeting through our website.