The logic that large retailers can afford better anti-fraud security is not something that criminals appear to be taking for granted.

While many large bricks-and-mortar retailers enjoyed record online sales over the Christmas peak, they too are most likely to have been victims of professional online crooks.

Published last week, the CyberSource UK Online Fraud Report 2008 shows that sophisticated criminals are becoming ever bolder and focusing their attention on high-value wins from larger retailers.

Backing the claim of the 165 retailers surveyed, nearly half of the larger ones reported that fraudsters are targeting products that could be sold easily. Some 25 per cent also documented fraudsters testing and exploiting “ceiling” and “floor” limits for transactions, beyond which purchases are more likely to be reviewed before approval.

Elsewhere, smaller retailers cited hit-and-miss tactics. They are seeing more attempts by fraudsters to use card generators – software that generates possible card numbers against a specific set of customer data. Some 48 per cent recognised this type of fraud, versus just 22 per cent of large merchants.

Small merchants also experienced a higher incidence of multiple identities being tried against a single card number. CyberSource believes that these fraud techniques rely on luck and multiple attempts to succeed and are much less calculated than those tactics experienced by larger merchants.

CyberSource managing director Simon Stokes says that online fraud has reached a level of sophistication where it is possible to recognise different patterns of behaviour and different targets for professional and rookie fraudsters.

It is no secret that fraudsters are heading online as more traditional store-based cheque and card fraud becomes more difficult. Nearly half of all businesses have seen fraud levels rise in the past 12 months; a further 38 per cent have seen them stay static. However, the largest retailers are being hit hardest: more than a quarter have recorded losses up over 10 per cent on last year.

Efforts to control online fraud through schemes such as MasterCard SecureCode and Verified by Visa have so far had limited results because of take-up issues.

If you haven’t introduced these schemes on your site, don’t be surprised if you remain as popular with customers who don’t plan on paying as the ones that do.