While a seemingly unending rash of data breaches has payments players scrambling to adopt a panoply of fraud-fighting technologies, little attention has been focused on the consequences for issuers and merchants when cardholders are wrongly turned down at the point of sale because of fraud suspicions.
It’s a big problem—bigger than actual fraud losses. Some 33 million U.S. adults, or around 15% of all cardholders, had at least one transaction denied last year because of what turned out to be unfounded suspicion of fraud, according to a report released late this summer.
The false declines totaled $118 billion in lost sales for merchants, while real card fraud added up to only $9 billion, says the report, “Future-Proofing Card Authorization,” from Javelin Strategy & Research, Pleasanton, Calif.
But the cost of these so-called false positives goes well beyond sales that could have been made but weren’t. Issuers lose out on billions in interchange income and also incur the disfavor of the affected cardholders, who tend to stop using the card or use it less often.
Thirty-nine percent of these cardholders, or around 13.1 million consumers, walked away from the card entirely, and another 25%, or 8.3 million people, put it in the back of their wallet, according to Javelin’s research.
Many of these false rejections, understandably enough, occur with high-value merchandise, where transaction controls are more stringent. But here again the cost is high. Some 66% of the denied cardholders said their purchase totaled $100 or more, while the value for 40% of cardholders was $250 or above.
Nor does the cost stop here. In most cases—90% of cardholders—issuers are failing to contact their wrongly denied customers, leaving it up to them to contact the bank. And they’re doing it via the most expensive channels. Fifty-three percent contacted customer service, 38% went to a branch, and 35% called a branch, according to the report. Much less expensive channels like online chat, text messages, email, and social media are used far less often.
Still, as the report points out, issuers are in a bind. If they loosen up fraud controls and actual fraud happens as a result, consumers will react much as they do in cases of false positives: Half of consumers on the defrauded accounts will reduce their usage of the card and 45% will stop using it altogether.
Typically, fraud-analytics engines commonly used by issuers for authorizations are to blame for what turn out to be unwarranted rejections, but no technology is fool-proof. “Inevitably, someone gets caught up in those big nets,” observes Al Pascual, director of fraud and security at Javelin and author of the report.
False declines could prove to be a particularly knotty problem for e-commerce. With the advent of EMV chip technology, fraudsters are expected to redirect their illicit efforts from the point of sale to online venues. That could lead to tighter controls and a sharp rise in false rejections, the report warns.
Currently, 58% of false rejections happen in stores, with 32% occurring online on a computer and 5% using a mobile app or browser. Because of the preponderance of in-store transaction volume, however, declines as a fraction of total sales are nearly even: 2.7% in-store, 2.4% online with a PC, 3% for mobile. With the adoption of EMV and tighter controls online, watch for the online and mobile percentages to soar, the report warns.
Even in-store EMV could be problematic since most EMV cards are being issued with mag stripes. Cashiers are likely to advise befuddled consumers to swipe their cards in the familiar manner, but this could set off alarms with issuers expecting so-called chip-on-chip transactions. “Issuers seeing a mag-stripe transaction are much more likely to decline it,” says Pascual.
Javelin advises issuers to make greater use of a mix of mobile technologies to supplement traditional fraud controls and rein in false positives. These include biometric authentication, geolocation, and two-way alerts. These “can all provide crucial evidence of the legitimacy of a transaction,” says the report.
At the same time, Javelin warns issuers not to be too quick to deploy mobile technologies, as fraudsters will be quick to exploit flaws. An example of this was the rash of fraudulent accounts loaded into Apple Pay mobile wallets earlier this year because of “poor account provisioning by issuers,” says the report.
—John Stewart