Home → Publications → Reports → Research and public policy series → 60 → Section 5: Experience of online credit card fraud (in: Online credit card fraud against small businesses)

Online credit card fraud against small businesses

Kate Charlton and Natalie Taylor
ISBN 0 642 53846 8 ; ISSN 1326-6004
Canberra: Australian Institute of Criminology: 2004
(Research and public policy series, no. 60)

Download

PDF print version : Section 5 (PDF 222kB)
Download full report as a single file (PDF 583kB)

Section 5: Experience of online credit card fraud

Online credit card fraud has previously been estimated at between five and 25 per cent of all internet transactions. This is higher than has been found in the physical domain, where fraudulent transactions normally constitute approximately one per cent of sales (Abru 1999; Attorney-General's Department & OSCA 2000). It has also been argued that businesses have seen credit card fraud occurring 10 times more often online than in the physical environment (Tomlinson 2002). Other reports have suggested a lower level of victimisation overseas. For example, chargebacks (the refund of the amount of goods which retailers have to forfeit in the event of online credit card fraud) have been said to account for approximately three per cent of online purchases in the US (Shankar & Walker 2001).

Other surveys of businesses overseas regarding online credit card fraud have also reported the following findings:

approximately 70 per cent of businesses in a UK survey reported that less than five per cent of their transactions were fraudulent (Experian 2001); and
on average, three per cent of US online orders were fraudulent in 2002 (Cybersource 2002) with only one per cent being fraudulent in 2003 (Cybersource 2003).

Unfortunately, the data are patchy and none of these sources report on the percentage of online retailers who have experienced online fraud, either at all or in a given time period.

Fraud victimisation

One of the most important questions included in the AIC online credit card fraud survey referred to the experiences of both current and previous online retailers with respect to online credit card fraud. Of retailers within the five business types currently trading online, the following had experienced at least one incident of online credit card fraud since trading online:

28 per cent of florists;
43 per cent of booksellers;
26 per cent of recorded music retailers;
33 per cent of toy and game retailers;
30 per cent of computer hardware retailers.

Overall one-third of all retailers who had ever sold products online have been the victim of online fraud at some stage. Table 3 shows the estimated number of online traders across Australia and fraud prevalence rates.

Table 3: Number and percent of victims of online credit card fraud by business type in Australia
	Currently trading online		Previously traded online
Business type	n	% victims	n	% victims
Florists	296	28	24	0
Book sellers	181	43	15	33
Recorded music retailers	77	26	15	17
Toy and game retailers	72	33	9	100
Computer hardware retailers	215	30	32	50
Total	841	32	95	34
Source: Australian Institute of Criminology, Online credit card fraud against small business 2003 [computer file, weighted data]

In addition to lifetime prevalence, online traders were also asked whether they had experienced online credit card fraud in 2001 and/or 2002. Prevalence varied by business type as follows:

16 per cent of florists experienced fraud in 2001 and 12 per cent in 2002;
22 per cent of booksellers in 2001 and 2002;
19 per cent of recorded music retailers in 2001 and 13 per cent in 2002;
25 per cent of toy and game retailers in 2001 and 17 per cent in 2002; and
15 per cent of computer hardware retailers in 2001 and 2002.

Incidents in 2001 and 2002

The number of incidents estimated to have been experienced by current online traders in 2001 and 2002 in Australia is given in Figure 4. Across Australia, florists and computer hardware retailers show the highest number of incidents (of the five retail categories) in total in both 2001 and 2002. It is also apparent that the total number of incidents reduced slightly in 2002 compared to 2001.

Repeat victimisation

Repeat victimisation is a well-known phenomenon in criminological research; it refers to the hypothesis that those persons who experience one incident of a particular crime are at a greater risk of being victimised again than those who have not been victimised (Farrell 1995; Taylor & Mayhew 2002).

Figure 4: Number of incidents experienced in Australia in 2001 and 2002

Source: Australian Institute of Criminology, Online credit card fraud against small business 2003 [computer file, weighted data]

The present study found that of all online traders who had ever experienced online credit card fraud, 51 per cent had experienced more than one incident over 2001 and 2002. Overall, 18 per cent of victims accounted for 38 per cent of all incidents. Repeat victimisation also varied across business type, with recorded music retailers and toy and game retailers indicating a higher mean number of incidents per victim in 2002 than the other business types, and booksellers indicating an average of less than two incidents per victim in 2001 and 2002 (see Figure 5).

Figure 5: Mean number of incidents per victim in Australia in 2001 and 2002

Source: Australian Institute of Criminology, Online credit card fraud against small business 2003 [computer file, weighted data]

Table 4: Logistic regression predicting online credit card fraud risk
Variable	Odds ratio	95% CI (lower)	95% CI (upper)
Demographic variables
Number of employees	1.01	0.87	1.15
>10% turnover attributed to online trading (0=no, 1=yes) (a)	9.42*	17.93	20.90
Number of locations	1.15	0.42	1.88
Sex (female=0, male=1)	6.34*	5.12	7.56
Months trading online (b)	1.01	0.99	1.03
Florist (versus computer retailers)	7.88*	6.28	9.47
Bookseller (versus computer retailers)	9.77*	8.18	11.37
Recorded music retailer (versus computer retailers)	3.18	1.34	5.02
Toy and game retailer (versus computer retailers)	1.51	-0.42	3.44
Behavioural variable (c)
Degree to which retailer authorises transactions electronically	1.23	0.74	1.72
Attitudinal variables (d)
Having staff manually check internet orders for fraud impacts on business productivity	1.70*	1.22	2.19
Confirming legitimate internet orders hurts customer relations	1.04	0.61	1.46

Nagelkerke R Square	0.42

N	129
CI = confidence interval (a) This variable was originally coded as an ordinal variable with 11 response categories for percentage turnover attributed to online trading; to make the variable conducive to calculating risk, it was recoded as dichotomous (b) Square root transformation was performed on this variable to normalise the distribution, however this made no difference to the model (c) Behavioural variable measured on a scale of 1 to 5, 1=never and 5=always (d) Attitudinal variables measured on a scale of 1 to 5, 1=strongly disagree and 5=strongly agree * Statistically significant to p<=.05 Source: Australian Institute of Criminology, Online credit card fraud against small business 2003 [computer file, weighted data]

Predictors of victimisation

Why do some businesses experience fraud and others do not? This question was examined in a logistic regression model (see Table 4). It should be noted that as the experience of fraud predicts the use of fraud prevention measures rather than the other way around (prevention measures tend to be implemented after fraud has occurred), the use of fraud prevention measures are not entered as a predictor in this model.²

Table 5: Coefficients for risk victimisation model
Variable	Coefficient	Standard error	Odds ratio
Sex of retailer (male)	1.85	0.62	6.34
Bookseller	2.28	0.81	9.77
>10% of turnover attributed to online trading	2.97	0.76	19.42
Believes manual checking impacts negatively	0.53	0.25	1.70
Constant	-7.06
Source: Australian Institute of Criminology, Online credit card fraud against small business 2003 [computer file, weighted data]

Online credit card fraud was more likely to have ever been experienced by:

businesses that attributed a higher percentage of annual turnover to online trading - higher online turnover presumably reflects greater opportunity for fraud;
male proprietors; and
retailers who believed that staff manually checking orders reduced productivity.

Risk of victimisation for each business type

Levels of risk of fraud for individual retail businesses will vary depending on the individual characteristics of the business. Based on the coefficients provided in Table 5, levels of risk of online credit card fraud can be calculated for retailers depending on their ratings on various risk factors (see Figure 6). Clearly, a combination of factors produces increased risk, with male booksellers at considerably more risk of fraud when combined with other factors such as the belief that manual checking has a negative impact on productivity and the business attributing more than 10 per cent of their turnover to online trading.

Estimating online credit card fraud risk

Estimated probability of online fraud = 1/1 + e^{-(constant + coefficient + coefficient)}

Example

Estimated probability of fraud for male bookseller who believes (rating of 4 on a 1-5 scale) manual checking has a negative impact on business productivity

= 1/1 + e^{-(-7.06 + 1.85 + 2.28 + 4(0.53))}
= 0.31

Figure 6: Probability of experiencing online credit card fraud

Source: Australian Institute of Criminology, Online credit card fraud against small business 2003 [computer file, weighted data]

Beliefs about fraud prevalence

Thirty-three per cent of retailers who were currently selling goods online, or had ever done so, had experienced credit card fraud at some stage. Nonetheless, when asked about their perceptions of the extent of online credit card fraud in general, approximately half agreed that it was very common.

Online traders also commented on how their experience of fraud compared with the expectations they had prior to commencing online trading:

56 per cent stated that the level of credit card fraud they had experienced since retailing online was lower than they had expected;
32 per cent believed that the fraud they had experienced was equal to what they had expected;
6 per cent believed the fraud they had experienced was higher than their initial expectations; and
6 per cent were unable to comment.

Reporting online credit card fraud to police

The degree of under-reporting of crime to police by small retail businesses has been a focus of research in recent years (Fisher & Looye 2000; Taylor 2003). A senior detective in the area of computer crime was recently quoted as saying that many traders simply 'soak up' the costs of fraud and do not consider it important or useful to report the crime to police (Kennedy 2000). A UK study found that 57 per cent of businesses had reported online credit card fraud incidents to police (Experian 2001).

In the AIC online credit card fraud survey, those retailers who indicated that they had experienced online credit card fraud during either 2001 and/or 2002 were asked how many incidents they had reported to the police. It was found that:

35 per cent of incidents were reported to police in Australia in 2001; and
21 per cent of incidents were reported in 2002.

These numbers for reporting online credit card fraud appear to be consistent with the low levels of reporting found in previous research. It is clear that retailers are not yet reporting on a regular basis to police and this is of concern, given that police and other authorities will not be made aware of the nature and extent of the problem if incidents are rarely reported officially.

² In business surveys which cover a particular time period it is common to find that prevention predicts crime and not vice versa. This does not mean that prevention measures are not useful in preventing crime. Rather, such findings reflect the fact that survey periods do not allow for crime measurement after prevention is implemented. Experimental studies are better at evaluating effectiveness of fraud prevention measures than surveys.

Next section: Section 6: Losses associated with online credit card fraud
Previous section: Section 4 : Fraud prevention
Contents