The new chip credit cards that shoppers are getting in their mailboxes may prevent criminals from stealing from stores, but many thieves are expected to move their operations online. Small businesses could be the most vulnerable.
Online fraud in the U.S. is expected to nearly double to $19 billion by 2018 from $10 billion in 2014, according to Javelin Strategy & Research, a consulting company based in Pleasanton,California. In Britain, which began shifting to chip cards in 2001, online fraud rose 55 percent from 2005 to 2008, according to the UK Cards Association, an industry group.
“It’s inevitable it will happen,” says Steve Platt, an executive vice president at Experian, the credit reporting company.
Banks and other card issuers are sending consumers the new cards because the chips embedded in them are harder to counterfeit than magnetic stripes. Issuers began sending replacement cards in the last year because, as of Oct. 1, merchants are responsible for financial losses from fraud committed with chip cards if they don’t use new equipment to process chip card payments.
Small businesses are likely to be most vulnerable because many can’t afford the sophisticated software big retailers use to quickly determine whether transactions are fraudulent. Banks no longer have the liability in such cases. And there’s another wrinkle that could make operating difficult for businesses that experience a lot of online fraud: Companies that exceed a limit on fraudulent transactions — usually 1 percent of their total transactions — may be barred from accepting credit cards.
People attempting to commit fraud online buy card numbers and other information from hackers who invaded computers systems at companies such as Target Corp. and Home Depot Corp. Then they use the stolen card numbers to make online purchases.
To stop the criminals, Allen Walton examines orders at his surveillance equipment company, SpyGuy Security, one by one.
“We manually scan all orders for anything suspicious, like fake names, requests for overnight delivery, and high-ticket orders,” says Walton, whose company is based in Dallas. He finds fraudulent orders several times a month.
The increase in online fraud is likely to happen over time, partly because the switch to chip cards is ongoing and expected to continue into 2016.
“The crooks tend to go where there’s less security,” says Ken Paterson, a vice president at the consulting firm Mercator Advisory Group in Maynard, Massachusetts.
Technology can help companies root out fraud with software that analyzes a number of factors in a transaction: whether shipping and billing addresses match, whether the order is placed from an unfamiliar computer or device and whether the email address associated with the order is unfamiliar. A high number of transactions in a short time is another red flag, says Tom Donlea, director of e-commerce at Whitepages, a Seattle-based company whose services include address verification for online businesses. When several suspicious factors are present, the software flags a transaction so a retailer can investigate.
EliteFixtures.com, a retailer of lighting fixtures and other products in Hillsborough, New Jersey, has built a fraud detection system that it says has almost completely eliminated fraudulent transactions.
“If someone is ordering a $10,000 chandelier and it’s going to a ZIP code where the median home price is $130,000,” says owner Steven Annese, “that doesn’t make sense.”