The British Retail Consortium (BRC) has released a new report showing that the total cost of e-crime to the retail sector was £205.4 million during the year 2011-12. The report, published under the title Counting the cost of e-crime, calls e-crime the “biggest emerging threat” to retailers.
The UK is the world leader in per-capita internet spending and accounts for 11 per cent of global retail sales so it is no surprise to find we are currently the second biggest target for cyber criminals after the USA. The ONS says e-commerce sales grew by 15 per cent in 2011, accounting for 10 per cent of total retail spending. Online retailing growth is expected to continue, so unless something is done the impact of cybercrime will also grow.
Comparing retailers’ losses online to their losses due to conventional crimes it seems that cybercrime is twice as rampant. The BRC study estimates that online retailers lost 0.75 per cent of the value of online sales but in general retailing only 0.36 per cent of sales value was lost to fraud/crime.
BRC Director General Stephen Robertson said retailers can’t do everything themselves; “Retailers are investing significantly to protect customers and reduce the costs of e-crime but law makers and enforcers need to show a similarly strong commitment.” Retailers need more support to help support the British economy “Online retailing has the potential for huge future commercial expansion but Government and police need to take e-crime more seriously if the sector is to maximise its contribution to national economic growth.”
The costs of cybercrime are made up of direct losses due to fraud, the costs of prevention to try and clamp down on fraudulent behaviour and the lost revenue due to security measures. The BRC breaks down the £205.4 million losses into these three main components as follows;
- E-Crime
Overall, the UK retail sector lost £77.3 million as a result of the direct costs of e-crime. This is made up of ID fraud, card fraud, card-not-present fraud and refund frauds. - Security
Data provided by retailers questioned in this survey suggests that, in 2011-12, at least £16.5 million was spent by the retail sector to provide better protective security for customers against e-crime. This figure excludes payments to banks for systems such as 3D Secure and ‘chargebacks’. - Lost revenue
Estimated losses in revenue experienced as a result of legitimate business being rejected through online fraud prevention measures came to £111.6 million in 2011-12.
Most interestingly the biggest proportion of losses from retailing online are from legitimate buyers getting fed up or bewildered by the extra online fraud prevention measures and just deciding to abandon their shopping carts/baskets (point 3 above). This accounts for over half of the losses. This is why the best online retailers make it as easy as possible for customers to check out; witness Amazon’s slick “One Click” purchasing. I think this particular statistic shows other businesses, for example those that use DRM to protect games, music and videos, the extent to which a heavy handed approach to security deters legitimate customers from purchasing. We had news yesterday about Ubisoft complaining about piracy and lack of sales of it’s heavily DRMed games.
These figures from the BRC don’t show all the impacts of cybercrime. Retailers currently don’t collect data on the costs incurred by having their websites and servers hacked, being affected by malware or DDoS attacks and other such “mischievous” not for fraud inconveniences.