AddThis

Study: 45% of retailers have no online fraud prevention

San Jose, Calif. -- Forty percent of retailers have no online fraud prevention in place, despite the fact that 85% consider online fraud prevention a high priority, according to a survey by ThreatMetrix, a provider of integrated cybercrime prevention solutions.

The study, “The ThreatMetrix 2012 State of Cybercrime Study,” was conducted by Info-Tech Research Group and surveyed U.S. business managers and IT executives within retail and financial services organizations on the level of cybersecurity solutions they have in place.

The most common IT security attacks retailers experienced in the last year are malware, Trojan and phishing attacks. Of the retailers surveyed46% experienced at least one malware attack in the past year, and 45% experienced at least one Trojan attack.

Despite these attacks, retailers barely spend any time researching IT security threats to stay ahead of cybercriminals. Nearly half (47%) of retail organizations surveyed spend less than five hours researching security threats each month, while 14% spend no time on preventative research.

“Retailers need to improve online fraud and cybercrime prevention practices or risk losing customers and revenue,” said Andreas Baumhof, chief technology officer, ThreatMetrix. “When consumers are hacked on e-commerce sites, they often avoid those merchants in the future. By implementing integrated cybercrime prevention solutions, e-retailers can provide a more secure experience for customers.”

In an effort to provide the safest transactions for consumers, retailers need to:

  • Screen transactions using previous transaction data to make better decisions about account takeover attacks. By tracking devices and accounts that have a history of fraudulent activity, retailers can block those devices from transactions.
  • Track transactions that are originating from a different country or IP address than where the account was created.
  • Screen for customer identification verification at both account login and prior to transaction completion.