A little credit card fraud is a sign of a healthy business, according to Simon Black, chief executive of Sage Pay.
His comments come as his company reveals that small and medium businesses in the UK are losing £22m a year because of payment fraud.
He said: "This study shows that fraud levels are spiralling out of control and more must be done to reduce the amount of money lost each year."
The two-fifths of the businesses who reported fraud lost £4,500 on average, but a similar amount said they did not spend any money on fraud prevention.
"Companies need to be pragmatic," he added. "Eradicating fraud completely could be damaging for a business. Experiencing no fraud may mean controls are too tight and legitimate transactions are being rejected."
A fifth of the businesses surveyed did not even know what fraud prevention tools they were using, and double that did not know if they were compliant with the payment card industry's data security standard.
Sage Pay recommended that companies looking to reduce fraud monitor customer behaviour such as purchase times, delivery addresses and the quantity or value of orders, while using tokenisation to replace the sensitive customer data held with meaningless information.
"Although it can be tempting to tighten security controls in the face of fraud, it is worth keeping in mind that for every extra action a consumer is asked to make, you are prolonging the customer journey and therefore increasing the risk that the customer will drop out of the buying process," Black said.
The Sage Pay chief has previously said that richer countries could become cashless as soon as 2025, adding that the smartphone will likely become the hub of everything.
The survey, conducted by Redshift Research in February, interviewed more than 1,000 businesses and 1,000 consumers, with extra data supplied from Sage Pay's customer base.
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...
Absolute® Software specialises in technology and services for the management and security of mobile computers and smartphones.