Criminals are increasingly doing their crooked shopping online as chip readers become more common at brick-and-mortar stores.

Online credit card fraud is costing online merchants more than 7.5 percent of their annual revenue, according to a survey released Tuesday by Javelin Strategy & Research, a consulting firm that specializes in the payments industry. The 

Image

costs merchants incur include fraud management services, false positives and chargeback losses.

Digital goods merchants, the types of sellers who enable videogame and music downloads, saw the worst losses this year, at 8.6 percent of revenue on average. Hybrid goods merchants — ones that sell both digital and physical items — witnessed similar costs, at 8.1 percent of revenue. The majority of the costs were driven by fraud management expenditures, accounting for around 75 percent of costs.

Fraud is particularly expensive for online merchants who must pay the cost of dishonest transactions. Even false reports of fraud cost merchants extra — about 30 percent of all transactions that are declined due to suspected fraud are believed to be legitimate.

Every merchant segment is spending more of their operational costs on managing fraud, compared with spending in 2015. Digital goods merchants worry the most about increases in fraud, with almost half of digital goods merchants saying their concerns about fraud have increased over the past year. Their worries are largely tied to the constant changes in criminals’ tactics.

The increase in online card fraud comes as criminals are being thwarted by the new computer chip readers cropping up at brick-and-mortar checkout lines. The chips, which are embedded in credit and debit cards, make it much harder for thieves to create counterfeit cards.

The credit card industry revealed a plan on Tuesday asking online sellers to give card issuers more customer information, according to The Wall Street Journal. Card issuers will now accept customer email addresses, billing, and shipping details as ways to verify a purchase is authentic. Currently, merchants only send the purchase amount and the name of the business for authorization.

Another solution the credit card industry is pushing is tokenization, a type of encryption that generates a number that validates a customer’s identity, replacing account numbers and expiration dates, the WSJ added. This would help in cases when a merchant’s payment system is hacked and credit card numbers are stolen.