Wednesday, December 10, 2008

Lost: $4 Billion Online

Results of the tenth annual CyberSource Corporation survey of eCommerce fraud, released today, show merchants expect to lose a record $4 billion to online fraud in 2008.   All  the news today is pointing towards how pragmatic it would be to bring PIN based transactions online.
Fraudsters Filch $4 Billion Online in 2008

Record fraud losses for U.S. eCommerce; 10th annual CyberSource survey shows merchants shift priorities in down economy

They go on to report on the key take-aways from this year's survey which included:
  • Projected dollar losses to U.S. eCommerce will hit a record $4 billion in 2008 (up from $3.7 billion in 2007).
  • Merchants expect to lose 1.4% of their online revenue to fraud--this rate has held constant for the last 3 years.
  • This year merchants accepted a higher percentage of orders--working more aggressively to boost top line sales.
  • Though eCommerce sales are still increasing, 87% of merchants say they must fight fraud with the same or less staff in 2009.
  • Merchants showed a dramatically increased interest in more sophisticated automation tools.
  • Contrary to popular view, eCommerce is hardly hands-off. For each of the past 6 years, approximately 1 out of 4 online orders have been manually reviewed.
  • International orders continue to have over 3 times the fraud risk of orders from the U.S. and Canada.
continue reading

Reblog this post [with Zemanta]

Paradigm Shift E-vidence

The graphic on the left suggests that a  paradigm shift is occurring when it comes to where US Internet users choose to shop.  Retail or e-tail.  See: "Paradigm Shift - Retails 70%-22% Lead Evaporates." 

To further underscore this viewpoint, new numbers from Goldman Sachs indicate that e-tail sales volume packs a mean punch  as it has left a huge dent in  chain store sales compared to the same period last year.

Apply the numbers released Monday from comScore and it translates as follows:

Online sales  volume growth enjoys 22.5 times the growth rate of sales at comparative chain stores

That sounds like some heavy shifting.  Here's further e-vidence, as reported by Internet Retailer: 

Sales at chain stores last week were virtually unchanged from the corresponding week a year ago, rising a minuscule 0.4%, reports the Goldman Sachs weekly sales index.

By contrast, online sales last week were up 9% over the same week a year earlier, comScore Inc. reported Monday.

For the week that included the Friday after Thanksgiving, the traditional start of the holiday shopping season, sales were up 1.3% over the year-earlier week. Sales fell 0.8% from Thanksgiving week to the following week, according to the Shopping Center Council/Goldman Sachs index.

The tough economic and retail environment, which continued into early December, is likely to dominate the full month`s sales performance as well, says 'Michael P. Niemira, the shopping center council's chief economist. Given this, ICSC Research expects monthly comparable-store sales will be flat to up 1% for December with late holiday shopping driving the month`s overall performance.

The index represents comparable store sales.

Signature Debit Wrestles Fraud, Get's PIN'd

After reading articles like this, which basically state what everyone already knows... signature debit is much less secure than PIN debit, I wrestle with the idea that there must be forces in play who want to keep online debit (PIN debit) offline... It makes absolutely no sense.

Think about it...offline debit for online shopping is oxymoronic.  "Online debit for Online shopping" is about as pragmatic as it gets.

Again, PIN debit is preferred by merchants and consumers alike, and,  because it's more secure, interchange fees are 50% lower. Combine those facts with the global movement against Visa/MC to lower interchange and "online debit" for "online shopping" appears to be a no-brainer. Obviously, Avivah Litan is correct in her analysis that it all comes down to the fact that the forces that be, want the fees they derive from pushing (and rewarding the use of) a less secure "signature" product. It's nuts to me. Why fight high interchange when you can switch to PIN Debit and cut interchange in half?  Are retailers, thus their online counterparts fighting the wrong fight?

Visa bids farewell to signatures | Australian IT

VISA Australia plans to replace signatures with electronic identification for credit card transactions in an attempt to combat fraud.

The use of personal identification numbers (PINs) is part of a seven-pronged initiative to tighten the security of payment systems within the next five years, the company said.

In mid-year some merchants began accepting PINs as an alternative authorization method.

According to Chris Clark, Visa Australia general manager, the introduction of PIN as the cardholder verification method will add another layer of security for card present transactions. In addition, all online merchants in Australia will be required to check the three-digit security code on the back of the card, Visa said.

Data security protection for merchants processing less than 20,000 Visa e-commerce transactions annually will also be strengthened. Visa will also ensure all automated teller machines are chip-enabled and activated by 2013.

"The initiatives planned for the next five years will help to combat further all types of fraud and make the system quicker and easier to use," Mr Clark said. "While these initiatives are being implemented, consumers can continue to use the system, as they have done for years, with confidence."

He said the introduction of PIN as the cardholder verification method will add another layer of security for card present transactions.

Editor's Note: Thus, also introducing it for "card not present" transactions, (for which there's exponentially more fraud) also seems to be nothing short of simply a pragmatic move.

Visa plans to have discussions with the financial and merchant communities to set deadlines for the implementation of its security initiatives. According to the Australian Payments Clearing Association, fraud on locally issued credit cards jumped to $111.5 million last year, up from $85 million in 2006. Fraud involving credit cards used on the internet or in phone or mail transactions, known as card not present, hit $53.5 million, up from $32 million during the same period.

Reblog this post [with Zemanta]

"Just Another Mega Monday" Followup

'Mega Monday' Lived Up To Its Billing Say Online Retailers | Business | Sky News

'Mega Monday' turned out to be just that for online retailers as consumers flocked to buy their Christmas presents.

With sales volumes up 18% to £320m it was the biggest online shopping day of the year so far. But it was not the busiest, according to electronic retail industry body IMRG.

Research from IMRG member Hitwise showed traffic to retail sites amounted to 12.32% of all UK online visits. That made Monday December 8 the third busiest day in the sector, despite the high sales volumes.

Analysts say this suggests consumers have been busy at weekends researching gifts both in stores and online before purchasing the items on the internet the day after.

James Roper CEO of IMRG said: "Online sales are holding up well, considering the economic conditions, with both volumes and values significantly higher than last year.

"The ratio of researching to buying is also much greater, and researching started earlier this year, as Christmas shoppers work hard to track down the best deals."

But Jon Prideaux of payments service provider SecureTrading said it was a day of mixed fortunes for traders.

"The averages conceal that a significant number of retailers are facing a bleak Christmas with sales below last year - for others it's a bonanza with sales up very sharply.

"It is the first time that anyone can really say that about the e-commerce space where things generally just seem to get better and better for everyone. This Christmas is sorting out the wheat from the chaff."

'Mega Monday' followed the busiest weekend of the year on the high street with retailers offering huge discounts.

An estimated 1.5 million people flocked to London's Oxford Street and Regent Street on Saturday after the area was closed to traffic for the day.
Reblog this post [with Zemanta]

Skimmers Arrested in Sin City

Obviously this is relevant to the blog as I've posted many times about skimming, but, in all honesty, there are underlying reasons for this post...not the least being that it gave me my first opportunity to post a picture of Jessica Alba... :)

LAS VEGAS – State and federal authorities said Tuesday they arrested nearly two dozen people, many with ties to Eastern Europe, in a credit card fraud and identity theft scheme that cost Las Vegas businesses and consumers about $1.5 million.

Greg Brower, U.S. attorney for Nevada, said 13 people were arrested on federal charges Monday in southern Nevada and Los Angeles. Las Vegas police said 10 were arrested on state charges, including forgery, credit card fraud and weapons and drug possession.

The arrests were the first for a Eurasian organized crime task force based in Las Vegas. The task force was formed two years ago in response to "the influx and influence and activity of Eurasian-based gang-type criminals" in southern Nevada, Brower said.

In five indictments unsealed Tuesday, prosecutors describe an operation using "skimming equipment" at restaurants, smoke shops and convenience stores to obtain credit card numbers and personal identification numbers. Cashiers involved in the scam would use the device, known as a "wedge," to scan the card and capture information in the magnetic strip. (not the Las Vegas strip) The information would then be used to create counterfeit credit cards, the indictment said.

Authorities said they were uncertain of the defendants' immigration statuses and could not name their nationalities. Authorities said no businesses were implicated in the scheme. More than 1,000 credit and debit cards were compromised. The indictments handed down last month accuse 13 people of charges including producing, using and trafficking counterfeit credit cards, identity theft and criminal forfeiture.

Women Dominate for First Time Online - Press release - Deutsche Card Services- Women Predominate in European Online Retail for the first Time
Pago Retail Report 2008 - published by Deutsche Card Services - reveals large-scale changes in purchasing and payment behavior

Women predominate in European online retail for the first time. 53.40% of all transactions were initiated by women, 46.60% by men.

This is the result revealed by the Pago Retail Report 2008, which was just published by Deutsche Card Services, a member of Deutsche Bank Group. In the preceding year men still had a lead of more than 11%. In contrast to other research, this report of "Purchasing and Payment Behaviour in Online Retail" is based on real-life purchase transactions and not on the analysis of polls and surveys. The Pago Retail Report is based on the evaluation of about 7.5 million retail purchase transactions processed through the Pago platform between October 2006 and September 2007. The data analysis of purchasing and payment behaviour and non-payment risk was supported by experts from the University of Karlsruhe.

Weekend has caught up in overall European retailing

German female online customers have increased their lead more than their counterparts in Europe as a whole. They dominate retail at a rate of 55% versus 45%. For comparison: Men lead in the UK (52% versus 48%) and the rest of Europe (64% versus 36%). There is also a gender imbalance in terms of the preferred days for online retail purchasing. Women prefer Wednesdays with 17.41% of their retail transactions while Mondays are men's favourite days (17.15%). This purchasing day has replaced Wednesday as number one in overall e-commerce. By the way, Saturdays are least attractive for both women and men, with a share of only 10% according to the Pago Retail Report 2008. Generally, however, the weekend has caught up in European retail. In fact, consumers buy more in German shops on Saturdays than on Fridays (13.37% versus 13.29% of all weekly transactions).

German consumers prefer working hours for online shopping

What is the favorite time of the day for shopping? German consumers accomplish most of their transactions (e.g. 59.74%) during working hours between 8am and 6pm - not only in retail but also in overall e-commerce. This figure beats its counterpart for overall e-commerce (53.10%), which also covers segments such as gambling (gambling and sport bets), services (telecommunications and internet) and travel & entertainment. In the UK the preference for office hours is even more obvious (64.48%). This was to be expected, as this period was also top in overall e-commerce according to the Pago Report 2008.

"Erika Mustermann vs. John Smith"

German consumers' purchasing behaviour in online shops considerably differs from UK consumers as the comparison of "the typical German" with "the typical Brit" demonstrates. For example, "Erika Mustermann" prefers ordering her new winter boots for about EUR 70 in a popular German online shop on a cold December Monday during her lunch time between noon and 2pm. Whereas "John Smith from Sheffield" searches an online shop for home entertainment on a Tuesday a few days before Christmas just between 2pm and 4pm and buys at least a portable music player for the equivalent of about EUR 135.

Dutch consumers surprisingly active in European retail

According to the Pago Retail Report 2008 Dutch people are most active in retail purchases as far as the rest of Europe is concerned, just behind German and UK consumers. They achieve a rate of 27.33% and rank ahead of the Austrian and French consumers, who are placed third in overall European e-commerce. A look at the infrastructural basis in the Netherlands shows that their good ranking is not astonishing: According to the ComScore analysis 2008, 82% of the Dutch aged above 15 are online - the highest proportion in all of Europe, 32.8% use DSL - the highest proportion all over the world.

Pago Retail Report 2008 is extending the results of the Pago Report 2008

The Pago Retail Report 2008 differentiates between consumers from Germany, the UK, the rest of Europe and countries outside Europe. Due to Deutsche Card Services' licensing area the merchants come only from European countries. That is why the first interpretation of newer payment methods such as giropay and Maestro becomes even more obvious. They achieve remarkable rates outside of Germany. Only retail shops which offer certain goods and resemble traditional mail-order businesses are included into the evaluation. So the Pago Retail Report is extending the Pago Report 2008, which deals with the overall e-commerce and was published earlier in 2008.

The Pago Retail Report 2008 is available at a price of EUR 250 (plus VAT). For more information please visit

Reblog this post [with Zemanta]

More on PCI and Tiers 1, 2 and 3

The Payment Card Industry (PCI) compliance regulation affects almost all merchants that accept credit and debit card payments, with the goal of securing cardholders against vulnerabilities to card data theft, misuse or loss. The driving forces behind PCI compliance policies are the major credit card payment processors -- Visa, MasterCard, American Express, Discover Card and JCB International -- which formed the PCI Security Standards Council to define how retailers should protect transactional data and monitor their data security performance.

Each PCI Council member has defined categories of merchants based on the number of transactions submitted per year, along with PCI audit and reporting requirements pertaining to each category. The precise definition of each category varies between the credit card companies, but we will use Visa's categories to illustrate the scale (MasterCard and American Express generally have lower thresholds for each category):

  • Tier 1: The highest volume merchants, which submit 6 million or more transactions per year.
  • Tier 2: Merchants that submit 1-6 million transactions per year.
  • Tier 3: Merchants that submit 20,000 to 1 million e-commerce transactions per year.
  • Level 4: Merchants submitting less than 20,000 e-commerce transactions per year, and all other merchants up to 1 million transactions per year
Rightfully, merchants submitting higher volumes of transactions face the most stringent PCI compliance standards and penalties, due to the risks associated with the quantity of data they possess.   However, Visa reports that cardholder data is compromised more frequently among Level 4 merchants than by Tier 1, 2 and 3 combined -- small wonder, because 99% of the merchants that accept Visa cards are Level 4 merchants. 
When we talk about PCI compliance, organizations are often misled by five common myths about becoming compliant with the Data Security Standard (DSS) as outlined by the Payment Card Industry (PCI). Here, we break some of these common myths related to the PCI DSS.
Myth 1: Varying degrees of compliance are required.

The most common misconception is that there are varying degrees of compliance required, depending upon a merchant’s particular level which is determined by their annual number of transactions. The reality is quite the opposite. All merchants, regardless of whether they are a Level 4 with less than 20,000 transactions per year, or a Level 1 merchant with over 6 Million transactions per year, are all ultimately required to be compliant with the PCI Data Security Standard, (PCI DSS) as established by the PCI Security Standards Council. However, it is true that the timing of when compliance is required can vary depending upon a particular merchant level. Regardless of the actual deadline for a merchant, the PCI DSS outlines a comprehensive set of requirements that are focused on the following areas:

• Build and maintain a secure network.
• Protect cardholder data.
• Maintain a Vulnerability Management Program.
• Implement strong access control measures.
• Regularly monitor and test networks.
• Maintain an Information Security Policy.

Read more about PCI Data Security Standard on the PCI Security Standards Council’s website.

Myth 2: Only Level 1 Merchants are targeted for attacks or security breaches.
According to Visa, “Large (Level 1) merchants and processor breaches account for the majority of compromised accounts, yet small (Level 4) merchants account for over 85 percent of compromise events.”

Myth 3
: PCI Compliance is something that only the IT Department needs to worry about.
Requirement 12 states that an Information Security Policy must be maintained, which can impact every level and function within an organization.

Myth 4
: All PCI Data needs to be retained.
Not all PCI data may need to be retained. All too often, access to sensitive credit card data is restricted within an organization, but the retention of that data is not well-defined based upon a true business need. Organizations routinely do restrict access, but still allow a few individuals complete access to all unencrypted PCI data, which opens a wide door for a security breach or potential for data theft.

Myth 5: Executives may view PCI Compliance as done after an annual audit or after the completion of the annual self-assessment questionnaire.
Adherence to the PCI DSS needs to be embraced as part of the ongoing monitoring processes within an organization. Organizations that acknowledge the fact that security must be incorporated into every process recognize that it’s much more than an annual exercise.

Reblog this post [with Zemanta]

Will NFC Answer the Call?

NFC no answer for mobile, but alternatives offer promise

Once, NFC (Near Field Communication) was the leading contender among technologies that could enable mobile payments. But NFC has developed more slowly than anticipated, and will not offer viable large-scale mobile payment solutions for at least six years. In the mean time three existing technologies - SMS, mobile Internet and downloadable mobile applications - have the potential to deliver what NFC (so far) cannot.

"About half of all purchases made by consumers last year were made with cash," notes ABI Research senior analyst Mark Beccue. "Consumers would in many cases prefer cashless transactions when away from home. So around the world solutions providers have leveraged SMS, mobile Internet and downloadable mobile applications to enable mobile commerce and payments. ABI Research calculates the potential revenue in 2013 from mobile transactions using these methods at about $18 billion: a significant opportunity for payment processors."

A new ABI Research study examines the potential for mobile payments in four key vertical markets that will drive adoption: taxis, parking, movies, and Internet shopping. While the latter is usually done using credit cards anyway, the first three are areas in which mobile payments could replace cash transactions. The research found that Internet shopping would account for almost three quarters of this mobile commerce revenue in 2013. A further 15% would come from parking, with the balance split about evenly between taxi fares and movie tickets.

Beccue concludes, "Companies already seizing this mobile payment opportunity include parking solutions provider Verrus, Bharti Airtel and movie theater operators in India, and notably eBay and Amazon - the world's largest e-commerce merchants - which have enthusiastically embraced mobile transactions with very comprehensive offerings."

The new ABI Research study "Mobile Commerce and Payments" examines several emerging markets in which consumers are or will be using their mobile devices to purchase goods or services using SMS and mobile Internet. I

t highlights important players within the space, suggests who should play and who will benefit, and outlines what MNOs, merchants, and financial services providers can do to take advantage of these opportunities.

ABI Research is a leading market research firm focused on the impact of emerging technologies on global consumer and business markets. Utilizing a unique blend of market intelligence, primary research, and expert assessment from its worldwide team of industry analysts, ABI Research assists hundreds of clients each year with their strategic growth initiatives.

For information, visit , or call +1.516.624.2500.

Source: Company press release.

Reblog this post [with Zemanta]

China/Motorola Set Up m-Commerce Lab

Motorola, CIECC to Set Up M-Commerce Laboratory in China

Motorola has opened China's first M-Commerce Laboratory in Beijing by joining hands with China International Electronic Commerce Center (CIECC), an agency under China's Ministry of Commerce. The objective is to accelerate mobile commerce development in China.

The M-Commerce Laboratory, according to Motorola, is designed to bridge the gap among industry, government and academia to facilitate certain aspects in the M-Commerce environment such as research and commercialization of mobile applications, mobile payment and security, and enterprise mobile commerce application. By providing an environment to study, develop and promote projects in the mobile commerce domain, the laboratory can help to enhance end-to-end innovation capabilities, believes Motorola.

"M-Commerce will play an important role in China's economic growth, specifically when the country is focusing on driving domestic demand," said Liu Junsheng, general director of CIECC. "Our goal is to develop key enablers, nurture the M-Commerce practice and business environment, and provide services to help enterprises mobilize their business. The establishment of M-Commerce Laboratory will play a vital role in facilitating mobile commerce development in China."

The laboratory will create a platform for the industry players to communicate and cooperate with each other. In addition to regular workshops and forums, the laboratory will also help members to screen out and identify projects for further commercial operation, speeding up the transition process from theory to commercial applications with the help of industry experts and academic institutions.

These efforts, says Motorola, will not only cultivate the mobile commerce environments, but also create real business opportunities for all companies who want to leverage M-Commerce.

Reblog this post [with Zemanta]

Mercator Study on Japanese Payment Market

Mercator maps 2008 Japanese payment card market

Boston, Dec. 9, 2008 -- With close to 800 million credit and debit cards in circulation at the end of 2007, Japan is one of the countries with the highest payment card penetration. Japanese residents on average have 6.2 credit or debit cards per person, higher than their peers in most card markets around the world including the United States where an average resident has 3.6 cards. However, the usage of these payment cards is quite low compared to their large numbers. An average Japanese resident spent just about $30 (US) on their credit and debit cards in 2007 while the number was close to $180 (US) in the US. As a result, Japan remains a cash-centric society and the payment market opportunities remain largely untapped by electronic payments.

The relatively low card usage in Japan can be attributed to a variety of factors, including but not limited to culture, industry infrastructure, card acceptance, and regulatory environment, among many others. For Japanese consumers, however, the reason could be as simple as that: it just doesn't provide enough value in terms of service quality, convenience, and flexibility for consumers to change their preference of cash.

As a result, despite credit card's relatively healthy growth in the past 5 years, it still has a long way to go in terms of becoming Japanese consumer's preferred payment method at POS. The industry has been undergoing a series of major restructuring and consolidation to adapt to changes in the market, competitive landscape and regulatory environment. As for debit cards, the market struggled in the past three years after the initial high-speed growth in the first several years after it was officially introduced in 2000.

However, the emergence of electronic money, namely payment cards and devices powered by a contactless chip, could bring a fundamental change to the way Japanese consumers make payments. Backed by prepaid card accounts as well as credit card accounts, e-Money services, have quickly become the most popular payment method at POS (besides cash of course, at least for now).

Terry Xie, Director of Mercator Advisory Group's International Advisory Service and principal analyst on the report, comments,"The e-Money services will be key to tomorrow's Japan payment card market. Its impact on the increasing use of prepaid cards are well known. But its implications are much more far-reaching than many have realized. For the first time in the history of Japan payment card market, electronic payment methods have become a really viable alternative to cash for payment at POS with its un-precedent level of convenience and flexibility. This will fundamentally change Japanese consumers' perception of electronic payments and its importance cannot be over-estimated. It is the critical market for not just prepaid cards but also credit and debit card industries in Japan. Especially for debit cards, unless the debit card industry figures out a way to get a piece of the fast growing e-Money market, their current struggles will continue."

The most recent report from Mercator's Credit Advisory Service provides an update of the Japan credit card market since 2002, which is the last year discussed in our previous Japan report. Key issues discussed in the report include market growth, profitability, changes in regulation, competitive landscape, recent restructuring, and consolidation activities, plus increasingly active international players. Key market stats, key strategic issues, and their implications on the overall market development are also discussed.

Highlights from this report include:

* Cash remains king in Japan, but this situation could change if Japan's payment card industry could find a way to offer the value proposition of cash replacements in different scenarios.

* Credit cards enjoy the highest usage rate among electronic payment products in Japan, but profit margins remain relatively thin despite high merchant fees. Japanese consumers have been using credit cards like charge cards, thus limiting the interest income potentials. Recent changes in consumer lending law do not help the cause.

* Debit card usage rates have remained low in Japan despite initial rapid growth immediately after the J-Debit scheme was introduced. Unless the industry could improve services and offer more convenience, it could face significant challenges going forward.

* E-Money emerged as the fastest growing market segment and its implications are far reaching. At the same time, there are critical issues that still need to be addressed.

* Restructuring and consolidation in the industry, and the increasing roles of non-bank and international players will significantly alter the competitive landscape in the Japanese payment card industry.

This report contains 27 pages and 7 exhibits.

Reblog this post [with Zemanta]

Disqus for ePayment News