When e-commerce fraud spikes, it can be tempting for merchants to pile on more controls and risk turning away otherwise legitimate transactions that appear to be fraudulent. The alternative is often to shut off these controls altogether and leave themselves vulnerable to criminals.
Neither extreme is ideal, and acquirers say merchants need to start taking a more systematic approach when setting fraud controls to avoid this dilemma.
“Though extremely effective when methodically applied, fraud control parameters can be absolute and unforgiving when set inappropriately and can unintentionally defeat legitimate transactions,” says Marcus Smith, senior vice president of risk management for merchant acquirer iPayment Inc.
Smith points to one of his clients, a large online sporting goods retailer, as one example of how the all-or-nothing approach to fraud controls resulted in a nearly 14% decrease in the merchant’s sales volume – just before the holiday shopping season.
The merchant attempted to address a spike in fraud and chargebacks without understanding the root of the problem; it set the address verification service filters to only allow transactions with an exact match on numerical address and zip code. But in doing so, the merchant prevented the system from making partial matches, with the unintended consequence being that the system would block transactions processed whenever the address verification system was offline or unsupported by the card issuer.
After enabling these fraud controls, the merchant noticed that chargebacks continued unabated. With more legitimate sales being blocked, the chargebacks-to-sales ratio actually increased. The merchant then responded by disabling all fraud controls, further exacerbating the problem.
Upon closer examination of the fraud and chargeback patterns, the merchant was able to come up with a more effective approach to tweak the fraud control settings.
Once the merchant reconfigured its filters, sales volume losses dropped from 14% to less than 2%, and chargeback ratios fell back in line.
Not having the proper fraud controls in place could be fueling an ongoing trend in sales losses, as research shows that false positives are taking a chunk out of online merchant revenues. Among digital goods merchants, 34% of their customers’ declined transactions are believed to be legitimate, according to an October report by Javelin Strategy & Research.
“Every transaction that customers are unable to complete is money lost to competitors,” says Al Pascual, senior vice president, research director and head of fraud and security for Javelin.
Digital merchants lose 3% of their revenue to false positives, and dollars lost to false-positive declines eclipse the number of chargebacks by more than five to one.
“When merchants notice a significant drop in revenue, the alarm sounds and all filters are removed,” Smith says. A better approach, he says, would be to review disputed orders, identify the associated reasons, look for trends, cross reference user information – including billing, shipping and IP addresses – and develop negative and positive databases for customer screening.
Mike Fox, vice president of sales for Group ISO Merchant Services, usually explains to merchants that fraud can have much greater financial consequences than false positives, and that turning off fraud controls can lead to higher revenue losses.
“What’s worse: Losing a $10,000 transaction, or losing $10,000 in goods? Those goods could have made them $50,000. After you explain that, they typically understand,” Fox said.