Stopping fraud does not have to mean cutting off potential customers, warns EY, as busiest online shopping week arrives
London, 29 November 2011: EY have today put out a stark warning to on-line retailers that a misdirected approach to fraud prevention could mean firms rejecting genuine transactions and losing customers.
With Britons set to spend billions on-line this week, EY warns that too many retailers are taking a ‘crude and naive’ approach to blocking fraud whilst still not providing effective protection where the real threats to the business lie.
Fraud attacks can be disguised by the change in trading patterns over the seasonal period and retailers often respond to this by suddenly raising fraud thresholds resulting in lost and dissatisfied customers.
Richard Quick, Senior Manager at EY’s Forensic Data Analytics, says: “Fraud prevention should be balanced so for every bit of additional risk accepted, the maximum increase in orders should be achieved. Low fraud doesn’t always mean good risk management is in place – a firm could be blocking potential orders which could otherwise be accepted with little or no risk.
“Retailers need to analyse previous years trading patterns, or compare against industry trends, to create a ‘profile’ of trading which when applied, allows the seasonal increase in trade to continue, but also detects potentially damaging fraud.”
Overall retail fraud, which costs £4.9 billion a year according to the 2011 Retail Theft Barometer is set to increase online as the high-street shoppers and consumers look to finding great deals which may involve browsing unfamiliar sites. Fraudsters and criminals are well aware of this and will target websites with weak or non-existent controls.
Other dangers for retailers can also include ‘overloading’ where a marked increase in traffic leaves security personnel overwhelmed which leads to purchases bypassing many normally conducted security checks. Criminals can use this to their advantage and push through large orders for high value items.
EY advises retailers to take a measured approach in anticipation of a potential fraud and if the worst happens, to be prepared to have targeted increased security for the affected part of the site with as little disruption to the overall website.