(Bloomberg) – The adoption of credit-card chiptechnology by U.S. retailers is having an unintended consequence:Criminals are moving from brick-and-mortar stores to theinternet.

The use of stolen card data to pay for merchandise on websites,in mobile apps and by dialing call centers surged 40 percent lastyear, according to a report from Javelin Strategy & Researchreleased Wednesday. That's forcing merchants to spend billions ononline fraud protection in an effort to detect when a crook isusing someone else's card number.

Related: Transition to chip cards exposes merchants to newliabilities

"We are seeing more sophisticated type of fraud moving into theonline environment," said Erika Dietrich, global director ofpayments risk management at fraud fighter ACIWorldwide.

By the end of last year, almost 1.81 million U.S. merchants hadswitched to accepting European-style chip cards, more than doublethe number the year before, according to Visa Inc. Issued by banks,cards containing the so-called EMV technology are much harder tocounterfeit, which cuts down on in-person fraud at stores.

With worldwide e-commerce surging and more stolen data availableon the black market, retailers are ramping up spending on onlinesecurity. E-commerce merchants and financial institutionswill spend $9.2 billion annually in fraud-detection solutions by2020, up 30 percent from current levels, according to Juniper Research.

As recently as October, the fraud-protection company RadialInc. used to get one to two inquiries from new large customersa month. That number has since climbed to more than 12 a month,said Stefan Weitz, chief product and strategy officer. Radial'smore than 100 clients include Walgreens Boots Alliance Inc.,StubHub and Ralph Lauren Corp.

Fueling the surge in interest are an increasing number of databreaches at companies ranging from Target Corp. to Wendy's Co.,which potentially exposed private financial information frommillions of customers to identity thieves. U.S. government agenciesand companies suffered a record 1,093 data breaches last year, up40 percent from 2015, according to the Identity TheftResource Center in San Diego.

"There's a great deal of investment not only from StubHub peers,but also from the vendors," said Joseph Asaro, head of operationsfor North America at StubHub, a unit of EBay Inc. "The vendorswould not be investing so heavily if there's not great profit init."

Defense spending

To bolster its arsenal, Visa acquired CardinalCommerce in December to help merchants andbanks authenticate e-commerce transactions. New vendors are alsoentering the fray: This year, Tender Armor LLC,a Fort Lauderdale, Florida-based startup, will offer itsfraud-fighting technology to debit-card customers of InCommHoldings Inc., which issues prepaid cards. Tender Armor texts oremails customers a daily code that replaces the one on the back oftheir cards for purchases.

"Because the code is dynamic and only known to the consumer, thefraudsters can't use it," Madeline Aufseeser, Tender Armor's chiefexecutive officer, said in an interview. "This simple solutiondeputizes the consumers and puts the control back in theirhands."

Meanwhile, paymentprocessor Cayan, which serves mid- to small-sized businesses,plans to integrate security software from Kount. That company usesartificial intelligence and machine learning to help merchantspinpoint fraudulent sales. For each transaction, Kount's engineanalyzes hundreds of relevant variables and activity across theglobe in real time to predict risk of fraud.

Detective work

Existing fraud-fighting companies' business is blooming.Easy Solutions Inc. says sales of its product thathelps banks and retailers monitor transactions grew 128 percentlast year, up from a 75 percent gain in 2015. Radial, whichpromises to shoulder its clients' fraud costs, saw its sales rise15 percent last year.

Related: Credit card theft top list of crimes Americansface, Gallup finds

Radial's software can use about 800 rules to determine if atransaction is fraudulent. Suspicious transactions are flagged andsent to several dozen human analysts around the world who canverify addresses, or even call the customers to weed out fraud.

"They do detective work at some point," said Weitz. "Weguarantee to our customers that they pay zero fraud."

Bot crimes

Online sales worldwide are projected to rise to $27.7 trillionin 2020, up from $22 trillion last year, according to researchereMarketer. North America, the second-largeste-commerce market in the world behind Asia, is expected to seedouble-digit growth through 2020, eMarketer said. Expansion intonew categories such as grocery, and increasing sales through mobiledevices are helping to boost sales, the company said.

More shopping online means more opportunities for crooks, whoare now using sophisticated attack tools such as bots. The softwareprograms can run through online checkout pages and place ordersusing stolen data automatically — without a human beingneeding to be involved.

"Right now the environment is more challenging than it's everbeen," said Al Pascual, research director and head of fraud andsecurity at Javelin, aconsulting firm focused on the financial industry. "And things willget worse before they get better."

Related: Wendy's investigates possible fraudulentpayment-card charges