In the world of ecommerce, false declines are legitimate credit card purchases that are incorrectly declined by the credit card issuer.
Also known as false positives, false declines are what happens when an online shopper makes a legitimate purchase using a valid credit card, but that purchase is declined when it should have been approved.
It’s a simple concept, but the results are multifold—and unpleasant:
If one does the math, it’s easy to see that this high percentage of declines means plenty of lost revenue for online merchants. For a business with $10 million in annual online sales, this amounts to up to a whopping $260,000 in lost revenue annually—lost sales that could have been prevented.
To understand why false declines happen at all, we must first understand the world of online fraud.
False declines are a peculiar byproduct of the online economy, in which merchants must approve credit card transactions in which the credit card is not physically present.
In a typical bricks-and-mortar retail purchase, a shopper hands over a physical credit card during the transaction. If the card is valid and not stolen, the transaction is usually approved. But online, the card is never present, just the name, card number, expiry date and security code. In hundreds of portals on the dark web, stolen credit cards are sold to online crooks, who use them to make purchases anonymously. This is the main reason that online credit card fraud is so common—it’s easy, anonymous, and is hard to deter.
This type of fraud (using stolen credit card credentials to make purchases online) is called card-not-present (CNP) fraud, and costs online merchants more than $6 billion per year. Because of this, an entire industry exists of software companies who offer apps, shopping cart plugins, tools, and services to spot card-not-present fraud before a transaction is approved.
These tools use a mixture of rules and machine learning to either approve or decline credit card transactions, typically automatically. And here is where the false declines happen. Some automated CNP fraud detection tools are overzealous, declining valid credit card transactions as well as fraudulent ones.
To understand how false positives happen, take a look at a typical online purchase:
Step 1: Shopper visits online store.
Step 2. Shopper places product in shopping cart and enters credit card details. So far, the order has neither been approved nor declined.
Step 3: Payment gateway processes order (a payment gateway validates the customer's card details securely, ensures the funds are available and eventually enables merchants to get paid). Depending on how it is configured, the payment gateway may run the order through fraud filters. These filters are typically highly automated and unsophisticated. In other words, they cannot assess gray areas, such as unusually large purchases made by a legitimate customer using a valid credit card for a special occasion, such as a wedding.
Step 4: Third-party fraud protection system processes order. If the merchant uses a third-party fraud-protection system, the system uses an additional layer of automated filters to conduct a more in-depth analysis of the order. It may use advanced machine learning techniques to learn the specific fraud characteristics of a business. But these automated systems are also fallible. They struggle with holiday scenarios, for example, when customers place more orders than usual to be delivered to multiple addresses.
Step 5: Issuing bank authorises order. Banks also have automated processes to identify fraudulent orders. When they decline a transaction, banks provide a response code to indicate the reason, but these codes are sometimes vague and do not help merchants avoid similar transactions in the future.
Step 6: Settlement of the payment. At this point, the transaction has been approved, but technical issues between the customer and the bank may still disrupt the process.
Between step one and step five, there are literally hundreds of ways the purchase can be declined. This is because fraud filters are powered by complex algorithms that use the common characteristics of fraud as inputs. These include:
Some types of fraud are so common that the filters used to spot them have names:
For obvious reasons, credit card companies don’t publish the criteria that their complex algorithms use to detect fraud and catch fraudsters. But some industry analysts estimate that fraud-detection systems weigh up to 500 factors when determining whether to approve or decline orders.
False declines happen when any of these hundreds of criteria are too stringent. For example, most online shopping carts allow a shopper to enter an incorrect credit number more than once. All shoppers are clumsy sooner or later, and either enter their credit card numbers incorrectly, or type the expiry date incorrectly. A system that declined all orders after the first mistake would result in an unacceptably high number of declines.
This goes for plenty of the other criteria that fraud-detection tools use when detecting fraud. When they are set too strictly, they result in an unacceptably high level of false declines. Some tools, for example, arbitrarily decline all orders from high-risk countries automatically. Other tools automatically decline all orders not requiring a signature on delivery.
The cure for false positives is obviously not to stop using anti-fraud tools.
What merchants must do is create smarter filters that spot fraud by understanding context. This typically means analyzing the data behind declined transactions and disputes. Additionally, merchants can avoid false declines by refusing to (or choosing a fraud protection provider who refuses to) auto-decline any orders, instead conducting an expert manual review of any flagged transactions. One caveat: This manual review must be done with the customer experience fully in mind. Wait too long to verify the customer’s details, or act accusatory when contacting them, and the transaction—and the customer relationship—is all but guaranteed to be cancelled.
False declines can be extremely damaging. Fortunately, by finding similarities and correlations between legitimate transactions that are consistently flagged as fraudulent, merchants (and the companies who make fraud filters) can create accurate fraud filters that lead to more legitimate transactions being approved, and fewer genuine transactions being declined. And by ensuring that their fraud prevention service always has the human touch, they can keep their customers happy…and coming back.
This blog post was contributed by Rafael Lourenco, EVP and Partner at ClearSale