The British Retail Consortium has claimed that e-crime is the biggest threat to online stores, highlighting a need for a clearer analysis of cyber crime.
According to the BRC’s study, the effects of e-crime on businesses are significant both in direct cost and prevention, setting them back a total of £205.4 million between 2011-12.
The most expensive form of e-crime for retailers was personal identification related frauds, producing £20 million of losses between 2011-12. Card fraud caused £15 million losses to retailers over the same period, while refund frauds were responsible for £1.2 million of losses.
Much of the cost is through the less easily quantifiable, however, with the BRC claiming that £111.6 million worth of business is rejected due to crime prevention measures. This could mean, for example, honest customers being deterred from online purchases because of additional security measures.
One online retailer, Jennifer Hakim, director of online fashion store the Retrosphere, told TechEye that e-crime is a serious problem, particularly for businesses that aren’t aware of the dangers that exist.
“When you open an online store it is definitely something you need to think about,” Hakim said. “It is not something I particularly thought about when I started, but it did happen. I made a big sale online, early on with the website. I sent two designer pieces, I received the money, but checked with my bank and realised it was card fraud.”
“The person had tried several cards and it was really obvious it was stolen cards,” she said. “This meant I had to pay back what was taken from the person’s account.”
This led to significant costs for the business.
“I pay a fee for a transaction, so the bigger the transaction the more I pay,” she said.
Such stories are not uncommon, and the government has its work cut out in trying to stem the wave of cyber crime as sales through online stores increase at double digit rates each month, while criminals modernise fraud techniques.
Cabinet Office figures have previously estimated the total cost of cybercrime for the UK to be £27 billion. This figure has been debated, and it is often difficult to arrive at an exact figure when collating information on the matter.
According to David Emm, senior regional researcher at Kaspersky Labs, the BRC report shows that more is needed to be done to give an accurate representation of the threat landscape.
“One of the things that comes out of this is that e-crime is not that easy to measure,” Emm said. “One of the things that the British Retail Consortium is urging is that we have a more effective way for gathering information on what the losses are, because obviously you can’t really manage something unless you can first measure what its impact is.”
“The government needs to make sure that it is measuring, and that there is a reporting mechanism,” he said. And such figures can be hard to pin down in real terms.
“One of the dangers when you see figures like these is that sometimes they get used to dramatise the impact of something,” he said. “Sometimes the personal impact to an individual, or to an online store, can get lost in the huge numbers.”
“£27 billion – or in this case £205.4 million – its a number,” Emm said, “but unless you bring it down to what the impact is to you then it starts to lose a bit of meaning. I don’t necessarily object to numbers being published but I tend to take them with a pinch of salt.”
What is important is raising the awareness of individual companies and how they are being affected.
“Any business will say that the real interesting thing is the impact your organisation,” Emm said. “If you look back over the last six months, the past quarter, what impact has e-crime had?
“Whatever the figure is for your business, that is what is really meaningful, and whether it has increased is more important than any overall figures,” he said.