Part of the reason is that perpetrators are becoming more sophisticated, according to Bruce Frymire, director of corporate communications for CyberSource.

“The idea some years ago that you could be a smart teenage hacker and do work like this is long gone,” Frymire said. “This is a full-time business in some parts of the world.”

Fraudulent individuals are also increasingly targeting businesses directly for large amounts of data rather than attacking one consumer at a time, according to Ron Teixeira, executive director of the National Cyber Security Alliance.

The increase in fraud is driven by the fact that e-commerce has become much more prevalent, particularly for holiday shopping.

“People don’t want to fight the lines at the mall; they’re more comfortable shopping online than ever before, and with legitimate orders comes the risk of fraudulent orders,” said Thomas Harpointner, CEO of AIS Media.

Some merchants, such as those selling consumer electronics, jewelry and high-end apparel, are targeted more frequently than others, according to CyberSource.

The biggest source of online fraud is from perpetrators physically stealing credit card numbers rather than losing them in Internet-based transactions, experts said.

Businesses have much more to lose than consumers when it comes to e-commerce fraud, Harpointner said. Usually, individuals are only responsible for a small fee from credit card companies when fraud is committed, but businesses face more financial repercussions and usually have to be the ones to prove fraud occurred.

How to avoid e-commerce fraud

For consumers:

» Change online passwords regularly and avoid using single names or words found in a dictionary.

» Don’t click on links to avoid giving away personal financial information.

» Never provide financial information in response to an e-mail request.

» Do not download attachments sent via e-mail.

» Upgrade to a safe browser that includes identity theft tools.

» Keep an eye on your credit card — most numbers are obtained not through online transactions but through physical retrieval of numbers in places like restaurants. Do not lend your credit card or offer personal information to merchants during in-person transactions.

» Take your receipt, in case it includes personal information.

» Avoid saving credit card information, such as three-digit verification numbers, on computers, particularly public ones.

» Read the security policy on Web sites you use for online transactions. See whether the company updates firewalls, uses industry-standard security measures, etc. If unsure, check with the Better Business Bureau.

» Update your anti-virus software.

For merchants:

» Adopt security systems that are verified by major credit card companies such as Visa and Mastercard.

» Increase the number of manual reviews performed of online transactions.

» Explore options including address verification, card verification numbers, postal address verification services or systems that check how many transactions a user has done in a short time period. The more security measures in place, the better.

» Look for transaction “red flags” such as different shipping and billing addresses, international shipping destinations and big-ticket items with rush or overnight delivery.

» Use a system that processes credit card data immediately.

» Do not accept checks online.

» Store data and receipts for at least one year; often the burden of proof of fraud is on the merchant’s shoulders.

Sources: The Identity Theft Assistance Center, CyberSource, PayPal, AIS Media

[email protected]