The problem of good customers being rejected online is only getting worse. There’s no single solution, but better authentication could help.
As the annual holiday shopping rush sets in, a specter is haunting online merchants. It’s not the ghost of Christmas past or future. Rather, it’s the prospect of turning away what would have been perfectly good transactions on a mistaken suspicion of fraud.
The problem is called false declines, and it’s not new. But as criminals increasingly ply their trade in e-commerce, online fraud rates are rising fast, and that means skittish merchants are likely to deny more good sales along with the bad ones.
False positives are expected to cost $370 billion this year, up 12% from 2018. And that number is projected to climb another 20% by 2021, according to Boston-based researcher Aite Group. Indeed, dollars lost to false declines dwarf real fraud losses, which Aite pegs at a likely $5.5 billion this year.
The common reaction is to tighten fraud screens. But by tuning their software to stop the onslaught of fraud, e-commerce sellers are actually leaking more money, experts say.
“Reducing fraud by throttling legitimate transactions is short-term thinking,” says Ron Hynes, chief executive of Vesta Corp., a Lake Oswego, Ore.-based vendor of risk tools, by email. “It puts undue pressure on profit margins, reduces sales revenues and the number of good transactions, negatively impacts customer loyalty and brand reputation, and wastes money.”
Rising Fraud Rates
Still, you can’t blame online merchants for being cautious. With EMV now more or less commonplace at physical stores, the fraud rate is soaring as criminals move to the less-protected cyberspace.
Online fraud victimized 3.79% of consumers in 2017, estimates Pleasanton, Calif.-based Javelin Strategy & Research, a number the research firm projects will rise to 5.11% this year and close in on 7% by 2022.
But that rising fraud rate is only likely to make merchants clamp down harder. Javelin’s latest research has found that, among reasons for turning away non-criminal consumers, false declines affect more customers than any other cause except non-sufficient funds.
The fallout for e-merchants is that customers may simply take their custom to a competitor. While most simply shift to another card, some 43% of falsely declined buyers either stopped purchasing from the merchant altogether or reduced their buying.
“When you’re online, it’s so easy to go somewhere else,” notes Krista Tedder, head of payments research at Javelin.
Another problem, curiously, is that false positives disproportionately affect online merchants’ most affluent customers. Javelin found that 53% of those falsely declined online had a household income of $100,000 or more annually. For false declines in physical stores and on mobile devices, by contrast, the percentages at that income level were 47% and 38%, respectively.
‘No Magic Bullet’
The complexity of the problem tends to cloud the search for answers. “There’s no magic bullet,” says Shirley Inscoe, a senior analyst at Aite.
More manual review is one possibility, but that’s expensive and time-consuming. Loosening fraud screens is risky with fraudsters steadily moving online. “Losses are rising, so as a defensive mechanism [online merchants] are declining a lot more transactions,” Inscoe notes.
One promising solution lies in a specification introduced several years ago but only now rolling out on a wide scale among issuers and merchants.
3-D Secure 2.0, a thorough-going update on a much older authentication tool, takes a wider range of known factors into account to help in deciding whether the person at the other end of the transaction is legitimate. It also works in-app, whereas the older version worked only in browsers.
“It enables merchants and issuers to share a lot more data,” Inscoe says. “That’s what you need to fight fraud.” Indeed, of all the solutions Inscoe has evaluated, she says the new 3-D Secure “has the most potential” to stem the rise of false declines.
Another benefit: Card network rules have determined that merchants that adopt the technology can shift the responsibility for actual fraud to the issuer. That means issuers have a big reason to adopt new 3-D Secure, if only to ward off losses flowing from protected merchants.
“The motivation [for issuers] will be when merchants have implemented it and issuers have not,” observes Inscoe.
But not everyone is convinced that 3-D Secure 2.0, for all the additional user data it can move between issuer and merchant, is the missing magic bullet for false declines. “By the time it rolls out, [criminals] will have a new way of committing fraud,” predicts Tedder, which will prompt extra caution among issuers and send false-positive rates up again.
Getting to Know You
In the end, counsel some observers, there may be no substitute for some old-fashioned ways of knowing who your customers are.
“A business should get to know its audience and optimize its system based on their customer buying patterns,” says Hynes. “When seeking to gain the full picture behind a declined transaction, businesses should also consider supplementing automated fraud security efforts with direct customer engagement.”
In other words, call the customer. It couldn’t hurt.