More than a third (35%) of UK retailers fell victim to fraudulent activity, cyber-attacks or data leaks over the past 12 months, according to new research by Ayden and the Centre for Economic Business and Research (CEBR).
This represents a 37% increase on the proportion of retail businesses affected by such incidents in 2022.
In total, the UK retail industry lost £11.3bn ($14.30bn) to fraud last year.
Retail companies lost on average £1.4m ($1.8m) to fraudulent attacks during 2023. The types of retailers most impacted were in luxury fashion, who averaged £2.8m ($3.5m) in losses, clothing and accessory at £2.6m ($3.3m) and health and beauty at £1.1m ($1.4m).
The report also found a significant increase in the proportion of UK consumers who fell victim to payments fraud, rising to 33% of consumers in 2023 compared to 23% in 2022.
The average amount consumers lost to payments fraud last year was £311.09 ($311), a 16% rise compared to 2022.
Payments fraud is defined as a malicious actor stealing someone’s credit or debit card number or accessing their account data and using that information to make an unauthorized purchase.
Such information is often obtained via data breaches. In March 2024, American Express (Amex) issued a notice to customers that their credit card details, including account number, names and expiration dates, may have been compromised following a third-party data breach.
Fraud Protection Impacts Purchasing Decisions
The threat of fraud is impacting consumer behavior, with 26% of consumers surveyed stating they feel more unsafe when shopping today compared to 10 years ago due to this risk.
Nearly a quarter (23%) said they like it when retailers ask for at least two types of verification before making a purchase online.
Additionally, 16% revealed they actively choose to shop at in-person stores that have higher security measures.
Roelant Prins, CCO at Adyen, said the findings demonstrate how fraud can significantly impact profits of retailers – both in direct costs and in reducing sales if they are perceived to have weak security measures by consumers.
“Criminals are deploying more sophisticated methods when they attack businesses, including the application of AI, and it’s therefore critical to invest in the right defence mechanisms to protect the company and customers,” he noted.
Retailers’ Response to Growing Fraud Threat
Despite the consumer concerns, under two-thirds (63%) of retailers said that they have effective fraud prevention systems in place, although this is 10 percentage points higher than a year ago (53%).
Nearly half (47%) have actively considered changing their payments provider to one that can offer improved fraud defense mechanisms.
A similar proportion (46%) said they have started considering how their business can be compliant with Payment Services Directive 3 (PSD3), which is an EU directive setting out stricter rules for protecting consumers’ rights and personal information in the finance industry.
Version 4.0 of Payment Card Industry Data Security Standard (PCI DSS) has come into force as of March 31, 2024.
This standard provides a baseline of technical and operational requirements designed to enhance payment security. The latest update is designed to help the global payments industry combat emerging threats and technologies.