The safety of payment transactions is one of the main prerogatives industry players focus on. However, sometimes, the efforts to eliminate fraud lead to adverse effects. Overzealous fraud prevention techniques tend to drive customers away, creating too much checkout friction. Today, we’ll learn to distinguish a thin borderline between proper vigilance and overprotection in finance.
The global fraud detection and prevention market size was valued at USD 43.97 billion in 2023 and is projected to grow from USD 52.82 billion in 2024 to USD 255.39 billion by 2032. The growth is fueled by an increasing adoption of online applications, mobile banking services and digital payment tools. Surging demand creates momentum in solutions dedicated to fraud analytics, governance, risk and compliance, and authentication.
What Payment Service Providers Do to Protect Consumers From Fraud
Payment service providers use various methods and technologies to protect their customers from fraudulent transactions and schemes. The most popular fraud prevention means include:
- Encryption – converts sensitive data (e.g. credit card numbers) into unreadable code during transmission, protecting it from interception by unauthorised parties.
- Tokenisation – replaces sensitive card information with randomly generated tokens that have no meaningful value outside the specific transaction.
- Two-factor authentication – an extra layer of security for account access or transaction approval. It typically involves a combination of something the user knows (password) and something the user has (OTP sent via SMS or app).
- Machine learning (ML) and AI-based monitoring tools detect unusual transaction patterns that could indicate fraudulent activity. They analyse transaction location and frequency, device or IP address changes, unusual spending behaviours, etc. Monitoring tools may also create or leverage existing whitelists and blacklists of trusted and suspicious individuals and entities accordingly. ML and AI are used by 40% of businesses to fine-tune fraud management.
- Compliance with the Payment Card Industry Data Security Standard (PCI-DSS), which requires maintaining a secure network, implementing strong access control measures, and regularly monitoring and testing security systems.
- 3D Secure technology – an additional authentication step for online transactions which requires the consumer to confirm their identity with a password or code sent to their phone.
- Biometric authentication (e.g., fingerprint, facial recognition) is harder for fraudsters to replicate compared to traditional passwords.
- Chargeback policies that allow consumers to dispute transactions and receive a refund.
In addition, payment industry players may set certain transaction limits for different types of purchases, withdrawals or payments to reduce the risk of large-scale money theft. Limits may also apply to the maximum amount debited from a card within a defined timeframe or the maximum number of payment attempts allowed.
Statistically, 55% of organisations use credit card verification services for fraud prevention, 50% of the firms rely on identity validation/verification services, and 44% choose two-factor phone authentication.
As fraud methods become more and more sophisticated, 85% of CFOs currently either invest in digital solutions for fraud prevention and risk management or plan to do so in the near future.
How Fraud Prevention Can Be Overzealous
When fraud prevention is too vigorous, it often leads to false positive signals that harm both individuals and businesses. Transactions and orders end up being blocked as suspected fraud. Customers may face deactivated bank cards or restricted user accounts.
False declines occur when a system flags the account or transaction as suspicious or dangerous when, in reality, it is not. They lead to unnecessary investigations, wasted time and resources, and customer dissatisfaction. Analysts and fraud experts estimate that between 30% and 65% of all rejected online orders are legitimate, not fraud.
Legitimate transactions can be mistakenly blocked due to overzealous fraud prevention algorithms and filters that signal fraud when the customer is shopping from an unusual location, buying an unusually expensive item, requesting the quickest shipping option, making multiple orders, using a delivery address different from the billing address, etc.
Common imperfections in fraud detection systems that cause a surge in false positives include:
- Static rules that don’t account for user-specific behaviours or changing contexts.
- Limited consumer profiling that doesn’t give a fraud detection tool deep understanding of a specific consumer’s spending habits and its possible changes in certain circumstances (e.g. during holiday period).
- prioritising consistent device or location information over other factors of transaction legitimacy.
- Fraud detection algorithms trained on industry-wide data instead of user-specific data.
- Systems that heavily rely on velocity checks (acceptable number of transactions within a short time period).
- Unfamiliarity with risks and legitimacy of new or alternative payment methods, such as digital wallets, cryptocurrencies, or buy-now-pay-later (BNPL) services.
- Poor adaptation to seasonal shopping patterns.
- No updates to machine learning models or rule sets occuring in real-time.
- Lack of coordination between fraud detection tools of payment service providers, card issuers, and merchants.
- Flagging repeated attempts to pay (due to errors like incorrect CVV codes or billing address mismatches) as suspicious out of context.
Impact of False Declines on Customer-Merchant Relationship
About one-fifth of the customers in the US will not attempt to make the same purchase again if they experience even one false decline, not to mention a few in a row. Moreover, 41% of customers will never shop on a site again after they’ve experienced a false decline, and 32% will take their complaints to social media.
For merchants, it results in lost profit and potentially in a lost customer. Besides the direct loss of sales, false declines negatively affect customer satisfaction. About 47% of online players indicate a very or extremely negative impact. It is estimated that 58% of companies with $100 – $250 million revenues are affected by reputational losses due to false declines.
At the same time, an average online store has a 2.6% rate of false declines because of suspected fraud. For purchases over $100, the false decline rate jumps to 3.1%, and it grows exponentially with the purchase price.
Furthermore, 8 in 10 online retailers have difficulties identifying the causes of failed payments, which range from technical issues with the credit card to inconsistent order data. Another common cause of false positive signals is an overly sensitive detection threshold. In this case, a fraud detection system might flag any deviation from the norm, regardless of its significance or context.
Where Is the Balance Between Strong Prevention Systems and Over-Protection?
Considering all the potential negative outcomes of false declines, some firms may consider simply making their fraud detection systems less sensitive to avoid too much checkout friction. However, this can increase the rate of false negatives – cases when a system fails to flag truly suspicious financial activities and prevent actual fraud. Such an outcome is even more undesirable for customers than decline of their legitimate transactions.
A recent research revealed that 83% of customers won’t return to a retailer that failed to protect its customers from fraud.
This way, retailers and payment providers are forced to constantly maintain a fragile balance between fostering robust fraud protection systems and not declining their legitimate clients.
How can it be done? Here are a few useful tips:
- Set the right detection thresholds to minimise false positives. Consider your business goals while determining the acceptable level of risk. For example, industries with high-value transactions might prioritise reducing fraud over false positives as the cost of mistake is higher, while businesses with frequent, low-value transactions should probably favour customer experience.
- Use complex and sophisticated machine learning algorithms to account for a number of variables such as possibilities of customers to change location or device, seasonal differences in shopping patterns, technical glitches that trigger repeated payment attempts. Advanced ML algorithms might learn to identify certain types of data combinations that tend to trigger false declines. This way, it can become more accurate at detecting them in real-time and avoid false alerts. Make sure to mark known false declines (e.g. those reported to customer support) as such for the system not to continue calculating risk with flawed data analytics. It can decrease the accuracy of detection over time.
- Customise your fraud protection mechanisms to your business needs and specifics. General industry-wide detection rules might not work too well for your particular business or payment system. For example, if your target audience is frequent travellers, location stability is not the best predictor of transaction legitimacy. You should also learn more about your loyal customers. Their detailed profiles and proper behavioural analytics will help you be more accurate with flagging truly suspicious activities.
- Improve manual review policies. If a fraud alert is medium risk, consider human employees to make informed decisions about whether the transaction is fraudulent or not. To not overload employees with these routine tasks, AI assistants may come in handy. AI can perform many of the decision-making processes involved in manual fraud review, often with greater speed and scale. However, make sure to leave nuances and complexities that AI may struggle to fully replicate, for consideration of human intuition and contextual understanding.
- Make sure that your detection rules are not static, stale, and rigid. Consider using AI that learns in real-time to help you with rules creation. Real-time AI can dynamically generate rules based on evolving patterns such as spikes in fraudulent activities in a certain region, new fraudulent tactics, etc. AI systems can also continuously evaluate the performance of existing fraud detection rules and refine them using the insights from different data sets.
