Tokens can put a dent in false declines

Register now

With retailers expected to lose $130 billion to online fraud over the next five years, there is an urgent demand for tighter solutions and greater protection for both consumers and digital commerce merchants.

But in the scramble to combat fraudulent activity, the industry has created an arguably greater challenge — false declines.

Around 2 billion card-not-present purchases are declined each year, and transaction approval rates for digital transactions stand at around 85%, compared with 97% for in-store transactions.
This is not necessarily a bad thing, as cards are often declined due to the cardholder having reached their spending limit. Similarly, other transactions are declined when a fraudster is accurately detected.

The problem comes when a genuine customer within their spending limit tries to make a purchase and still gets declined. This is known as a “false decline” (or sometimes as a “false positive”).

We know that false declines are a big problem, with U.S. e-commerce merchants losing a total of $8.6 billion to declines, compared to the $6.5 billion of fraud they are actually preventing.

And the true cost of false declines goes beyond the initial sale. We also need to consider the wasted cost of acquiring the customer (through advertising and promotions), as well as the lost lifetime value of a potentially loyal customer.

To protect privacy and to prevent fraudsters trying to reverse-engineer the fraud logic, error messages explaining why a transaction has been declined are often deliberately vague. This compounds frustration, particularly when it is a loyal customer that is rejected. If you are a consumer, the answer is probably “I don’t know.”

Often the causes of false declines fall into two main categories: identity and structural.

Identity-related false declines are often caused by something very simple, such as a mismatched billing and shipping address or outdated card information. Outdated card information is a particular challenge for merchants where consumers make infrequent, high-value purchases (such as airlines). For example, a survey found that for one airline, over half of all declines were due to an incorrect expiry date or CVV2 code.

Separately, “structural” false declines typically account for around 40% to 60% of rejected purchases, and are caused by the measures and parameters put in place by fraud management software. By being overzealous with their fraud prevention, merchants run the risk of creating too much friction, resulting in unhappy customers and lost sales. Equally, playing fast and loose increases the threat of genuine fraud as well, which can be equally as damaging.

With network tokenization, the payment networks replace a primary account number (PAN) with a unique EMV payment token that is restricted in its usage, for example, to a specific device, merchant, transaction type or channel.

Network tokenization reduces the risk and impact of genuine fraud by protecting card details throughout the entire transaction life cycle.

But it can also reduce instances of false positives. Merchants that took part in network tokenization pilots conducted by payment networks have reportedly seen a false decline reduction between 5-8%.

As card details are automatically updated and refreshed, the chance of outdated or mismatched data triggering an identity-based false decline on the system is limited.

Also, tokenized transactions are viewed as inherently more secure so are less likely to be classed as risky enough to be declined. The trust and confidence delivered by the end-to-end security proposition of network tokenization enables merchants to relax overly stringent fraud controls and assume that a transaction is legitimate, without declaring open season for fraudsters.

Given the scale and immediacy of the false decline challenge, advances are undoubtedly being made to improve security techniques and enable more intelligent risk decisioning.

Yet, ever-increasing fraud prevention spending is failing to contain an escalating problem. It is clear, therefore, that a foundation of secure trust is needed. This is where network tokenization comes to the fore, enabling merchants to strike the balance between security and convenience.

For reprint and licensing requests for this article, click here.
Tokenization Risk Payment processing Authentication ISO and agent