Fraud False Positives

Table of Contents

1. What Is a False Positive in Fraud?
2. How Do Fraud False Positives Impact Customers?
3. How Can Merchants Improve Their False Positive Rate?
4. The Positives and Negatives of Fraud Prevention

One of the major challenges for any e-commerce merchant is figuring out how to detect and stop credit card fraud. There are always new fraud prevention tools and software entering the market, each promising to be the perfect solution to the problem. Unfortunately, when it comes to fraud, there are no perfect solutions.

A fraud tool that lets too many fraudulent purchases go through is obviously a problem, but what many merchants may not realize is that the opposite is also true. A fraud tool that stops every fraudulent purchase is a problem as well, because that means it's also rejecting many legitimate customers. What do merchants need to know about false positives in fraud detection?

Online fraud is a problem that keeps growing every year, and fraudsters are constantly revising and evolving their tactics to get around the defenses that cybersecurity experts are able to come up with.

Since the COVID-19 pandemic shifted an even greater share of economic activity toward the e-commerce sector, online fraud has only grown more prevalent.

While many would consider the primary victim of credit card fraud to be the cardholder, those victims can almost always get their money back by disputing the charge with their bank. E-commerce merchants, on the other hand, are often financially liable for the chargebacks that result from credit card abuse. Worse yet, merchants may be penalized or blacklisted by their banks and payment processors if their fraud situation gets out of control.

Fraudsters try their best to slip under the radar by mimicking real customers, which makes it more difficult to detect and block them with only basic identity verification methods. Increasingly, fraud detection relies on artificial intelligence, machine learning, and sophisticated algorithms that look for subtle signs of fraud in transaction data. These fraud detection tools may be highly effective, but they are not infallible, and false positives are a frequent occurrence.

What Is a False Positive in Fraud?

When discussing fraud, a false positive is a legitimate transaction that has been rejected by a fraud prevention tool as potentially fraudulent. While some false positives are unavoidable, there are ways to limit how often they occur.

Many modern fraud detection tools operate by assessing the risk that any given transaction may be fraudulent. They assign a score based on how many possible fraud indicators can be found in the transaction data and block transactions that meet or exceed a certain score value.

These risk scoring tools look at things like the device fingerprint, geolocation, IP address, transaction frequency, order history, and various other elements of the transaction data.

They may also apply proprietary analytics, often informed by machine learning and AI technologies, in order to arrive at a final score. Often, the merchant will have some control over the settings and thresholds, allowing them to determine a risk tolerance level that makes sense for them. Transactions blocked by an anti-fraud tool may be held for manual review or simply rejected outright.

Unfortunately, as credit card fraud has become more sophisticated, it's become more difficult for fraud prevention software to separate the customers from the fraudsters. Low-effort fraud is easy to spot, of course, but modern forms of fraud won't have any obvious indicators. Instead, fraud tools look for any aspect of the transaction that seems suspicious.

None of these indicators on their own would be reason enough to reject the transaction, as all of them can be present in legitimate transactions as well. That leaves it up to the merchant to decide how many red flags are needed before a transaction is blocked.

When a legitimate transaction is withheld for manual review, the merchant has a second chance to look it over and use their best judgment to determine whether or not the transaction seems safe enough to process. Ideally, the merchant will recognize that the transaction is most likely valid and will allow it to go through, but humans are just as capable of arriving at the wrong conclusions as algorithms are.

If a merchant rejects a false positive after manual review, or if their ordering system is set up to automatically reject transactions that exceed a particular risk score threshold, then a legitimate sale has been lost, and it is likely that the customer will be quite unhappy.

With nearly one in three consumers embracing a one-strike-and-you’re-out approach to bad merchant experiences, the true cost of a sale lost to a fraud false positive can be considerable.

Even the orders that make it past manual review can be detrimental to the customer experience. Manual review takes time, which can mean delays in processing and shipping the order. It also often involves the merchant directly contacting the customer to verify their information, which some customers may find intrusive. Manual review may be necessary to keep your overall false positive rate down, but it is not without its own costs.

It’s not easy to tell how many valid orders are being rejected due to fraud false positives.

Fraudsters never follow up with you later to confirm that they were, in fact, trying to defraud you, and customers insulted by an erroneous rejection will often just silently take their business elsewhere.

You can obtain valuable insights from customers who do contact you to complain about being rejected by your fraud filters, as well as from transactions that are held for manual review and later found to be legitimate. You might learn, for example, that multiple false positives are coming from a particular geographic region or IP block, and can adjust the configuration of your anti-fraud tool accordingly.

Getting a total picture of your false positive rate may require high-level auditing and analysis of your transaction data, anti-fraud activities, and manual review processes. There are also third-party vendors who can test your fraud filters in simulated environments. Analysis of the data gathered through these methods can help merchants refine their risk scoring.

The Positives and Negatives of Fraud Prevention

For many merchants, anti-fraud tools that use risk scoring to detect and block credit card fraud are a necessity. With online fraud rates as high as they are, these merchants would be overwhelmed with chargebacks if they didn’t use some sort of automated filtering system to stop fraudsters.

The problem is that it’s not always easy to draw clear lines between customers and fraudsters, so merchants are stuck in a delicate balancing act trying to keep their filters restrictive enough to stop fraud but not so restrictive that it affects too many of their real customers.

Efficient manual review processes are an important part of maintaining this balance. By moving quickly to verify and approve false positives you can minimize the delays and bad experiences for customers whose orders were blocked in error. Later on, you can analyze the information from the false positives to inform your fraud filter settings and improve the efficiency and accuracy of your manual review procedures.

Thanks for following the Chargeback Gurus blog. Feel free to submit topic suggestions, questions or requests for advice to: win@chargebackgurus.com