Most online retailers have suffered cyber attacks over the last year, the British Retail Consortium (BRC) suggests, while most fraud suffered by retailers also takes place online.
The BRC’s British Retail Crime Survey 2013 found that 63% of online retailers said they had experienced hacking while 50% had faced denial of service attacks in 2012-13. The most common attacks were from computer viruses and malware, experienced by four in five retailers.
The report welcomed the recent creation of the National Cyber Crime Unit (NCCU) in the National Crime Agency. “Making the UK more resilient to cyber attack is crucial to ensuring the UK remains a good place to do business online,” said the report.
At the same time, found the survey, most of the fraud that retailers experienced over the year took place online. Online payment card fraud accounted for 63% of total retail payment card fraud, online account credit fraud for 77% of all retail fraud using this mechanism, online refund fraud for 60% and voucher or gift card fraud for 53% of all fraud committed in this way.
Asked what measures they took to counter fraud, 70% of respondents named 3D Secure, while around 59% used third party screening, about 53% CVV2, and the same proportion used in-house screening. Around 28% said they used other mechanisms, around 21% AVS address verification and around 15% used device recognition.
“Given that so much fraud is committed in this way,” said the report, “more police and retailers’ resources need to be tailored to tackling it.”
In all, fraud accounted for 15% of total retail crime, measured by number of incidents, making it the second most frequent type of retail crime. The most frequent crime was customer theft, at 82%.
But, warned the report’s authors, under reporting of retail crime was still “a significant challenge,” with 60% of burglaries reported to police, 46% of fraud, and 9% of customer theft. One in three said the reason for that lay in lack of confidence in the police response.
Helen Dickinson, director general of the BRC , called for the adoption of a single national definition of business crime in order to understand the scale of the problem.
And, she added, “There needs to be a step change in the capacity of law enforcement to deal with fraud, from the reporting process through to prosecution. At present, law enforcement is simply not keeping pace with the scale of criminal activity in this area.”