Report: E-Shopper Fears of Online Fraud Are Distorted

Although online credit card fraud is not a myth, its frequency has been greatly exaggerated, according to a survey released Wednesday by Jupiter Media Metrix.

The report, "Overhyped and Misunderstood: The Fraud of Online Fraud," said that the attention focused on online security incidents has led consumers to believe that fraud is approximately 12 times more prevalent on the Internet than off.

However, Jupiter's research found that online credit card fraud rates are actually about three or four times that of overall commerce fraud.

"Consumers' concern about online fraud, though based more on fear of the unknown than on the true risk of security, is the most significant hurdle for online merchants," Jupiter said. "This concern is not surprising, given the publicity that online security incidents receive and the lack of clarity provided when describing these events."

Myth and Reality

According to Visa, online credit-card fraud rates are between 25 U.S. cents and 28 cents per every $100 charged, compared to 7 cents for all transactions.

Jupiter said that credit-card companies have the most accurate information about online credit-card fraud, because they have access to transaction data from both cardholders and e-tailers.

Jupiter also pointed out that the U.S. Federal Bureau of Investigation (FBI) classifies only 26 percent of all complaints about online transactions in the fraud category.

Despite these facts, according to Jupiter, "media sources use more frightening numbers derived from attitudinal surveys that make their way into articles and reports, alarming customers and causing them to delay conducting financial affairs online."

Alarmed Customers

Consumers are "overwhelmingly" fearful about the theft of credit-card data online, the report said. Indeed, Jupiter found that three out of five most common shopper fears about making purchases online center around credit-card fraud.

Eighty-one percent of consumers fear that their credit data will be intercepted, 77 percent are afraid the data will be sold, and 59 percent fear "misuse" of their credit cards, the report said.

Concerns about receiving junk mail or spam, and fears about making payments to an anonymous merchant, rounded out the top five fears of e-shoppers, Jupiter said.

In addition, of the consumers surveyed, 58 percent said they have decided not to make a purchase at a specific Web site because of security concerns.

Fighting Fear

To combat misinformation about the risks of online fraud, Jupiter said that financial institutions and payment industries should adopt specific terminology to label different types of security incidents.

"Fraud-related issues take a variety of forms, and the overuse of the label 'fraud' undermines the viability of all commerce-related firms," the report said.

Jupiter recommended that businesses clearly classify online security incidents into one of three categories or phases:

• Threat. A security threat is defined as a situation in which experts have discovered a potential risk to payment records, but no consumers have reported a known breach. For example, Jupiter said that a hack attack on Egghead.com late last year should have been classified as a threat because a hacker tried to break into the database, but did not access or steal any user information.

• Breach. At the next level is a security breach, which is defined as a situation in which security has been compromised, allowing actual unauthorized access to payment records, but no misuse of credit-card data has been reported. As an example of a security breach, Jupiter pointed to the case of online bookseller Bibliofind in which crackers downloaded credit-card data from the site, but no consumers reported misuse of the data.

• Fraud. The last level is actual fraud, which is defined as a situation in which security is compromised, unauthorized access to private records has occurred, and there has been misuse of the credit data. For example, according to Jupiter, fraud occurred in the Creditcards.com case because after the hacker stole approximately 60,000 credit-card numbers from the site, he or she posted the numbers on the Internet and fraudulent activity was reported on several of the credit cards.

The use of clear classifications can lead to higher levels of customer confidence in online shopping and a "relatively graceful recovery from potentially disastrous situations," Jupiter said.