E-crime cost UK retailers stg£205.4m last year

24 Aug 2012

Retailers in the UK lost stg£205.4m as a result of e-crime, according to the British Retail Consortium. This comprises stg£77.3m in terms of direct costs, stg£16.5m spent on security against e-crime and stg£111.6m in lost revenue.

E-commerce is worth stg£25bn a year to the UK economy, according to the British Retail Consortium.

The key components making up the direct costs of e-crime included identity fraud such as account takeovers resulting in at least stg£20m, card and card not present frauds which cost stg£15m to the sector and refund frauds which cost stg£1.2m.

The costs of e-crime to the sector were further inflated by the need to guard or restore systems because of threats like distributed denial of services (DDOS) attacks, hacking and malware.

Repairing and restoring systems after DDOS attacks now costs up to stg£100,000 on average.

The most common fraud experienced by retailers was card not present fraud, with nearly 80pc of retailers surveyed admitting this was common or very common.

Fifty percent of retailers said that identification-related fraud involving false ID was a very common tactic in attempts to defraud their online systems.

Increased threats to e-commerce were also found to be linked to distruption caused by attacks on online trading systems. For example, over 20pc of retailers reported that DDOS attacks caused serious or very serious disruptions to their systems.

Phishing is a particular problem for UK retailers with some respondents indicating that a single phishing attack could have caused the company stg£2m to deal with.

After US companies, UK brands and companies are now the second most targeted globally.

While more sophisticated phishing or hacking attacks are often carried out by perpetrators outside the UK, the majority of retailers (86pc) believe frauds originate domestically within the UK.

Security methods used by retailers to defend against e-crime

Around 8pc of the current losses from e-crime relate to security costs, with the survey indicating that firms across the retail sector spent at least stg£16.5 million on internal and external security provision.

The most significant component of this figure was staffing security systems which cost the sector at least stg£10.5 million in 2011-12. Investment in security technology amounted to around stg£6 million for the same period.

Online security is managed through both internal and external provisions with third party screening continuing to be the most common, and most expensive, option. The data was not sufficiently robust to enable an overall projection of costs for outsourcing security provision to third parties, however some respondents indicated that this could be as high as 7 pence per transaction.

The majority of respondents (71pc) supplemented third party screening with other automated methods of security such as 3D Secure. Around 71 pc of retailers were also deploying the Address Verification System (AVS).

Manual methods of security also continue to be important, with 78pc of respondents stating that they use customer order history to make online purchases more secure. The research found that 64pc of respondents also contact the customer or card issuer directly to verify the details of a purchase.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years