The Merchant Risk Council (MRC), in collaboration with Visa Acceptance Solutions and Verifi, released their 2024 Global eCommerce Payments and Fraud Survey, detailing a picture of the state of e-commerce payments and fraud from the perspective of merchants around the world.
The report surveyed 1,166 merchants in 37 countries – all with a broad representation of revenue tiers, sales channels and e-commerce categories. Of those surveyed, 47 percent were large enterprises that generate over $50 million in annual e-commerce revenue, along with SMBs (30%) and mid-market merchants (23%).
Key insights reveal that payment acceptance offerings are evolving, with many merchants accepting four to five types of payment methods. Globally, nearly 75% of ecommerce merchants accept card and digital wallet payments, while most also accept debit transfers and mobile payments. As payment acceptance grows, fraud also increases, and digital wallet payments, mobile payments and debit transfers pulled in the highest fraud rates for ecommerce merchants. – page 8
To combat fraud, 90% of surveyed e-commerce merchants often promote preferred payment methods at checkout, with the goal of providing a secure and seamless payment experience for the customer. Today’s merchants are also utilizing tools to strengthen payment security and maximize authorization rates, with nearly two-thirds of ecommerce merchants utilizing tokenization as a tactic. – page 7.
Fraud – Threats and Implications
Fraud is particularly problematic for enterprise merchants in North America and for MRC members, as they report a significantly larger volume and variety of fraud attacks. Refund/discount abuse and first-party misuse now top the list as the most common forms of fraud, each impacting nearly half of merchants globally, while phishing, card testing, and identity theft remain prevalent threats.
Today’s e-commerce merchants understand the fraud threat. Brand reputation, customer loyalty, strained partner relationships, and the overall costs of a data breach – globally reported by IBM at $4.45 million USD per breach in 2023 – are perhaps the drivers to merchant adoption of tokenization.
Tokenization
Tokenization replaces sensitive customer data with a unique identifier; using gateway tokens sponsored by payment gateways or by using network tokens sponsored by major card networks. – page 21
Driving the adoption of tokenization are enterprise merchants, with 79% indicating that they use both gateway and network tokenization. MRC members – 8 out of 10 – show a much stronger preference for using gateway tokens than non-MRC enterprises at 57%. Less than half of MRC members use network tokens, compared with 56% of non-MRC enterprises.
So why does the usage of gateway versus network tokens differ significantly for MRC merchants and non-MRC enterprises? The report cites various motivations that merchants consider. For MRC merchants, it’s PCI compliance, improved payment security, and enablement of card-on-file experiences, while non-MRC enterprises are much more likely to cite delivering better customer experiences, fostering trust with customers, and capturing loyalty program-related data as key tactical reasons. – page 23
Tokenization – the Right Solution to Enable Processor Independence
The report findings show that on average, enterprises use four different payment gateways or processors and three different acquiring banks to support e-commerce payments. – page 8. This can cause some challenges for these merchants when looking for a tokenization solution. Merchants then must piece together various offerings from different solution providers to address comprehensive PCI security, all while avoiding vendor “lock-in” so that they can keep all options on the table.
Bluefin, the integrated payments pioneer in PCI-validated Point-to-Point (P2PE) encryption and tokenization, recently announced the ShieldConex® Security Proxy Service, providing token and/or EMV/P2PE based processing services to any payment processor, as well as protecting Personally Identifiable Information and Protected Health Information (PII/PHI) endpoints, all while taking retail locations and corporate networks out of PCI scope.
For enterprise merchants looking for a universal solution, the endpoint-agnostic upgrade to ShieldConex unlocks enormous value by minimizing the PCI and PII footprint while avoiding long-term processor lock in. Additional solution features include:
- Realtime tokenization and detokenization of data to processor endpoint
- Realtime P2PE decryption of PCI cardholder data to processor endpoint
- Generation of format-preserving tokens from EMV/P2PE transactions
- Token sharing with partners and affiliates
- Ability for merchants to switch between processors without re-keying terminals
Learn more about Bluefin’s ShieldConex® Security Proxy Service, and safeguard sensitive data from attacks every time your business gets paid.