December 6, 2016
By Artem Tymoshenko, CEO, Maxpay
Anyone who has had something stolen from their home or car knows the feeling of helplessness and anger that results. This is likely why we also react strongly if we are ever accused of stealing something.
Even in the privacy of your living room, you may get the same feeling when you try to buy something online and get denied for “security reasons.” It seems like there is an all-out war on fraudsters underway and the collateral damage is mounting.
“It is better that ten guilty persons escape than that one innocent suffer.”
We can be certain that when Sir William Blackstone penned those words over 200 years ago he wasn’t thinking about their application to theft deterrence and fraud detection in the twenty-first century. But, his words are actually eerily prophetic to the current situation.
We are naturally afraid of theft and fraud. When it happens to us, we are traumatized. But for businesses, it is just part of the process of doing business. The likelihood that a business will be the victim of fraud or theft is nearly 100 percent. But, businesses shouldn’t take it so personally. Business should be about the numbers. That’s what we love, and hate, about them—they leave emotion at the door. At least they should.
While most online businesses are getting good at detecting fraud and flagging potentially shady transactions, the bigger issue is becoming the false positives—transactions that are legitimate, but for one reason or another get flagged as potentially fraudulent. As it turns out, the cost of these false positives is far higher than the direct cost of fraud itself.
These costs not only come directly from the loss of the sale, but compound as legitimate customers avoid going back to merchants that accuse them of fraudulent charges and further damage the brand through word of mouth.
According to a study released by Javelin Strategy & Research, the direct losses due to fraud are about 7 percent of the total cost of fraud and fraud management in e-commerce business. The dollars lost to false positives are almost three times higher at 19 percent. The overhead for fraud-fighting tools and personnel make up the remaining 74 percent.
So, why does it look like so many online merchants going overboard on their fraud detection? There may be two potential explanations.
First, the recent rollout of chip cards in the U.S. is making in-store fraud much more challenging. In response, these fraudsters are increasingly turning to online targets. As fraud detection filters adjust to the changing patterns, they trigger even more false positives.
“Merchants are much more sensitive. They’re tightening their rules, which makes false positives spike,” Tom Byrnes, chief marketing officer at Vesta Corp., said in a recent interview. “With digital goods, it’s even worse. We saw [with these merchants] that if there’s any question, just deny the transaction. That was a very prevailing attitude.”
The second cause is that many merchants are still using outdated fraud-fighting tools. The previous generation of tools do not use more modern techniques that are available to legitimize customers, such as two-factor authentication, geolocation, or device reputation.
It can be hard to convince merchants who have been spending thousands or millions of dollars on fraud detection that they need to upgrade yet again, but you can be sure that the fraudsters are using the most advanced tools at their disposal. And the priority of any business should be the vast majority of legitimate customers who are just looking for a more convenient way to get their shopping done without being flagged.
Any online merchant who can identify and welcome legitimate customers to their store is sure to make up any losses that happen when its detection software inevitably fails.
Artem Tymoshenko is CEO of online payments provider Maxpay. He has experience in financial sectors including international acquiring, payment systems, processing systems, e-money, risk management, network and system security, digital Self-Service and e-billing.