A recent survey by online information provider 192.com Business Services found that 70 percent of online retailers do not report fraud losses or attempted fraud, and that this could be a factor in the rise of card-not-present (CNP) fraud.

The latest figures from UK payments association Apacs show CNP fraud losses of £212m in 2006, a rise of 74 percent since 2003. According to 192.com, firms' reluctance to report fraud attempts may be impeding the search for a solution to the problem.

Experts supported this view, arguing that poor reporting channels and other pressures may be contributing to the reluctance of e-commerce vendors to be more vocal about attacks.

Kristian Bromley, customer service manager for online gadget specialist Firebox, said that although the firm takes fraud very seriously, he has a limited amount of time to report cases of fraud, and even less for attempts that have already been successfully prevented.

"At Christmas, when fraud gets even higher, we have even less time to deal with it," Bromley explained. "Only during the quieter months do we have more time to investigate."

The poor response from law enforcement to online fraud complaints has also led to apathy and disillusionment among many e-commerce vendors, Bromley added.
"People around the industry in customer services and fraud areas are making sure they pull together because weíre used to government initiatives that don't come to anything," explained Bromley.

Dave Pope of 192.com argued that even if firms had the time and the inclination, there is nowhere to report to, and police forces generally do not list online fraud as one of their top three strategy priorities. All survey respondents said they would support a national online fraud reporting system for retailers.

"Things are changing though - the Fraud Act led to the creation of a National Fraud Reporting Centre, and a National E-crime Co-ordination Centre is being led by the Met police," Pope said. "In addition, the National Hi-Tech Crime Unit is getting more operational resources [to combat fraud] now it is part of Soca."

However, currently the sharing of information about fraudsters is being carried out mainly through industry initiatives because of a lack of leadership from government or law enforcement, according to Firebox's Bromley. "Organised crime is turning to online fraud because it is a free lunch," he argued.

Pope added that 192.com is working on a new service that will allow retailers to send out an alert if they have stopped a fraudulent transaction, which will prevent the same card being used in other attempts at different vendors. "The industry should be working harder to share information," he added.

David Porter, head of security practice at IT consultancy Detica, argued that until firms are comfortable reporting fraud, the scale of the problem will be underestimated and not dealt with appropriately.

"This vicious circle has to be broken. But Iím not convinced [firms] know what to report or who to report to, or if the people they report it to care - it's an unsatisfactory situation," Porter explained. "It's important that they do something useful with the data. If you share it quickly, there is a chance of shutting down the fraudster," Porter added.