Friday , March 29, 2024

Beware the False Positive

Rejections that should have been approvals are on the rise. Are merchants willing to adjust their risk thresholds for a higher approval rate?

False positives—legitimate transactions that are declined because they look suspicious at first glance—are a touchy subject for merchants. Not only do they cost a sale, some customers become so angered by the experience they do less business with the merchant. Even worse, false positives can erode a customer’s loyalty to the point she takes her business elsewhere and never returns.

All three of those scenarios are costly for merchants. False positives (which are also known as false declines) alone cost U.S. merchants an estimated $50 billion in sales in 2021, according to Atlanta-based payments consultancy CMSPI.

Lost revenue due to consumers cutting back purchases after experiencing a false positive can be just as costly. ClearSale, a fraud-management and chargeback-protection services company, says the average order value for card-not-present transactions across its network is $361. For cardholders that experience a false positive, however, the average order value drops to $159.

In addition, consumers experiencing a false positive order from that merchant less frequently, with the number of annual orders dropping from 22 to 14.7.

Determining how many consumers have incurred a false positive when making a purchase is a lot trickier, as most false positives go unreported by customers to a merchant’s customer-service department. Instead, these consumers will either use another card or place the order with another merchant.

“False positives cost merchants money and erode the lifetime value of the customer by about 68%,” says David Fletcher, a senior vice president for ClearSale, a chargeback- and fraud-protection company with U.S. offices in Miami. He adds: “False positives are a growing problem.”

‘Money on the Table’

Myriad factors are fueling the growth of false positives, such as the explosion in e-commerce since the onset of the Covid-19 pandemic, merchants’ increasing reliance on automated fraud-detection systems, and the subsequent decrease in manual reviews of suspect transactions. There’s also a desire among some merchants to achieve zero fraud, which leads to ever-tightening fraud-prevention rules, payments experts say.

“As an industry, many [of us] are getting too caught up in fraud prevention, which has created a belief that in some cases it is better to deny 10 good transactions than let one bad through,” says Ron Hynes, chief executive for Vesta Corp., a Lake Oswego, Ore.-based provider of fraud-detection systems. “When approval rates fall to the 70% to 90% range, merchants are leaving a lot of money on the table.”

How much money? Fletcher says that, on average, merchants lose the equivalent of between 3% and 5% of their revenues to false positives.

To illustrate how much false positives can cost a merchant, Riskified, a provider of fraud-prevention and chargeback solutions, provides an example. Using a baseline that 66% of all declined orders are false positives—a baseline that Riskified believes to be true—a fashion retailer with annual sales of $100 million that is declining 2.5% of the order value coming into its e-commerce site would realize $1.65 million in incremental topline sales by approving those false positives, says Ephraim Rinsky, product marketing manager, for Riskified.

“Even single [percentage-point] rates of false declines can mean hundreds of thousands, even millions, of dollars of lost revenue,” Rinsky says. “We safely approve 40% to 80% of declined orders that merchants send to us for a re-review.

The large spread in the difference in approval rates for previously denied transactions that are reviewed reflects differences between merchants and industries, Rinsky adds.

Indeed, payment experts point out that certain merchant categories will naturally attract more attempted fraud because the products they sell can be quickly resold for cash. As a result, false positives may represent a lower portion of denied transitions for those merchants. “An electronics retailer is going to have a higher rate of attempted fraud than a merchant selling baby clothes,” Fletcher says.

The Myth of Zero Fraud

Reviewing denied transactions can help merchants understand whether their fraud-prevention strategies are too draconian. It should also be a best practice, says John Buzzard, lead fraud and security analyst for Javelin Strategy and Research.

“Transactions denied because a fraud-decisioning engine flags them as suspicious should be reviewed because that’s how false positives are identified” if the customer does not complain to the merchant, Buzzard says. “In some cases, there are decision makers that want zero fraud, which means a lot of good transactions fall into the denied bucket.”

One aspect of manual reviews that merchants tend to overlook is that they don’t necessarily have to be conducted at checkout. Instead, they can occur post-purchase, before the item has been shipped, which gives the merchant ample time to review the transaction without the risk of adding friction to the checkout process.

Money can be found in orders that look suspicious, but merchants must be willing to review a questionable transaction, Fletcher says.

To illustrate his point, Fletcher uses the example of a parent with two children in college. Each child needed furniture entering the new school year. Both children want the exact same piece of furniture, which for the parent makes shopping easy. The parent logs on to a furniture store that he knows carries the desired pieces of furniture, quickly clicks to the product page, and orders two of the same item.

At checkout, the parent splits the order by entering different shipping addresses for each item—both of which also differ from his billing address—clicks the buy button, and receives a message the transaction has been denied.

“In this instance, the merchant is looking at the velocity of transactions,” Fletcher says.

A review of the transaction, Fletcher adds, would have allowed the merchant to drill down and scrutinize the traits of the transaction that made it looked suspicious. If the merchant did so, the result would most likely have been an approval. Instead, the purchase was automatically declined based on the rules of the merchant’s fraud-screening application.

“Merchants need to be willing to review questionable transactions,” Fletcher says. “We had a merchant that started reviewing auto-declined transactions that found $1.6 million in additional revenue. Merchants can’t automatically say no to every transaction that looks suspicious.”

Fear of Friction

One of the biggest objections merchants have to reviewing transactions is that, if the review occurs at checkout, it will add friction to the purchase process. Alternatively, merchants can review suspect transactions after the initial approval, but before the order ships. This method allows the merchant a chance to follow up with the customer.

For example, after the order is placed, the merchant can send the customer a thank-you email stating that the order has been received and asking to confirm the shipping address or some other piece of information about the order. In the meantime, the merchant can be reviewing the order to determine whether the risk parameters around the transaction are legitimate or were a false positive.

Some merchants may fear that asking follow-up questions of a customer after an order has been placed may cause the customer to cancel the purchase, but Vesta’s Hynes argues this is the perfect time to review and confirm the order is legitimate. Actual criminals, he says, typically won’t go through the extra steps.

“Fraudsters will drop a purchase when friction is introduced [at any point] during the purchase process and move on,” says Hynes. “Most merchants are afraid of adding friction to the purchase process, but we will introduce it and put the knowledge gained from it back into our [fraud-detection] models.”

When it comes to best practices for reducing false positives, one area where U.S. merchants can improve lies in the implementation of 3-D Secure, which is an additional step of cardholder authentication for online purchases.

While 3-D Secure adds a layer of friction, it goes a long way to authenticating consumers making online purchases, payment industry experts say. Nevertheless, it is not widely implemented in the United States because there is no mandate to do so, payments experts say.

When it comes to detecting false positives, there is no single, all-encompassing solution, just due diligence and a balancing of risk versus reward, payments experts say. The bottom line, they warn, is that merchants that reject all transactions that initially look suspicious leave a lot of money on the table.

Check Also

Buying Groups Might—or Might Not—Give Merchants More Negotiating Power with the Card Networks

Card-acceptance costs and network rules weren’t the only subjects covered by the sweeping settlement revealed …

Digital Transactions