Companies must do more to protect themselves, but shouldn’t eradicate fraud completely, says Sage Pay
- Average cost of fraud per small- to medium-sized business is £4,515
- 39% don’t spend any money at all on fraud prevention
- Sage Pay says a degree of fraud is healthy for businesses
SMBs are losing £22bn every year to fraudulent transactions. According to a study by Sage Pay, more than 40 per cent of businesses have experienced fraudulent activity in the past year, with each losing an average of £4,515.
Despite this, more than one third (39%) of businesses don’t spend any money on fraud prevention, while 21% of businesses don’t know what fraud prevention tools they use. 42% of companies don’t know if they are PCI DSS compliant.
The findings have been released as part of Sage Pay’s Payments Landscape Report, an in-depth study looking at trends in the payments industry.
But while the statistics are alarming, Sage Pay believes a little fraud can be good for business. Urgent action needs to be taken to protect a business’ profits, its reputation and its customers, but there is such a thing as a ‘healthy’ level of fraud, according to Simon Black, CEO at Sage Pay.
“This study shows that fraud levels are spiralling out of control and more must be done to reduce the amount of money lost each year,” said Black. “But companies need to be pragmatic – eradicating fraud completely could be damaging for a business. Experiencing no fraud may mean controls are too tight and legitimate transactions are being rejected. Many businesses simply void the transaction immediately if they suspect fraud, rather than undertake further checks. In doing so, they’re likely to be turning away genuine customers who have simply entered their details incorrectly.”
“Although it can be tempting to tighten security controls in the face of fraud, it is worth keeping in mind that for every extra action a consumer is asked to make, you are prolonging the customer journey and therefore increasing the risk that the customer will drop out of the buying process.”
While one size most definitely does not fit all when it comes to structuring your fraud prevention, trialling protection tools to ensure you have the right systems in place will help you to avoid hefty fraud losses or the rejection of genuine purchases.”
Sage Pay encourages businesses to take the following five key steps to reduce online stolen card and identity fraud:
- Beware of orders that are placed late night or early morning, and orders of high quantity or value.
- Always check that the delivery address is valid. Fraudsters will often try to get businesses to deliver to bogus addresses. PO boxes, for example, should always be avoided.
- Invest in geo-location technology to find the shopper’s exact location, to identify whether the order is coming from a ‘high risk’ country. You can create rulebases which auto-block orders from these countries.
- Cyber criminals are increasingly targeting the cardholder data you hold on your customers. Use tokenisation to avoid storing payment data that can be compromised.
- Analyse customer information and purchasing behaviour to build profiles that will help recognise genuine orders and alert you to fraudulent ones.
Simon Black adds: “These measures will go a long way to protecting merchants against online fraud via stolen cards and identity theft. The other key area to combat fraud relates to the security of websites in terms of cyber-attacks and data breaches to obtain customer card numbers.”
The full report can be found here
Notes to editors:
The study surveyed 1124 UK business decision-makers, made up of both Sage Pay and non-Sage Pay customers, and 1042 consumers. The interviews were conducted by Redshift Research in February 2014. Where it has added value, data from Sage Pay’s customer base of over 50,000 businesses has also been used.
About Sage Pay
Sage Pay is Europe’s leading independent payment service provider (PSP) and is one of the most trusted payment brands. Every year Sage Pay processes billions of pounds worth of secure payments for its 50,000+ customers and makes the process of accepting payments online, over the phone, or in person simpler, faster, safer and more profitable for businesses.
Sage Pay is a subsidiary of FTSE 100 business management software and services company The Sage Group plc. For further information please visit: www.sagepay.com
 The Payment Card Industry Data Security Standard (PCI DSS) is a set of best practice standards designed to help protect businesses and shoppers from data theft and fraud.