E-commerce is accelerating at a rapid pace – especially given this resulting vacuum that has stemmed from the coronavirus lockdowns worldwide - causing an increase in card-not-present transactions of 21% across all sectors.
Card-present transactions are ever-increasingly minimal and the journey to find the balance in fraud prevention for the rise in CNP transactions is often rushed in favour of a blanket protection approach. Even long-standing merchants in e-commerce have struggled to find the balance between a comprehensive fraud prevention measure whilst - at the same time - creating a frictionless checkout experience.
The problem is that in these approaches, genuine orders are often mistaken or declined as ‘fraudulent’ - making up 30% of rejected orders.
False declines - also known as false positives - pose an equal if not greater risk than fraud to e-commerce merchants and their revenue.
At a rate 70x greater than the losses generated by fraud, $443bn USD will be lost in revenue due to false declines by 2021, up from $331bn in 2018; a rate that accounts for 4% of all abandoned carts.
In comparison, e-commerce fraud is projected to cause losses that reach $6.4bn USD by 2021 - albeit these numbers have not accounted for the expected rise due to coronavirus downtime.
According to a study conducted by Clearsale, 62% of merchants said that the rate of false declines has only continued to increase when looking at their payment data over a duration of 2 years.
It is thought that a reason why genuine transactions are automatically being declined is down to fraud rules put in place by merchants. Not only are customers unhappy, but they are likely to go elsewhere – especially if a transaction is declined multiple times. As 1 in 5 false declines reoccur for a customer within 6 months, studies show that 33-40% of consumers also say they won’t shop with a business again following an instance where they’ve had a false decline.
Moreover, high-income consumers are twice as likely to be declined - jeopardising larger streams of revenue that need to be retained.
It's time to consider the true cost of fraud prevention.
With genuine transactions continuing to be mistaken as friendly fraud; or even genuinely fraudulent – chargeback numbers are on the rise - with damaging ramifications, hefty fines and threats to processing for merchants.
72% of surveyed merchants are planning to make changes to their fraud solutions as a customer is found to be 4x more likely to go to a competitor if a problem is service-related. This is a massive loss when you consider that returning customers are more likely to spend 2x more than a first-time customer on average.
However, a false decline can never be as simply defined as a case of mistaken identity. Heeding caution to ‘the blanket approach’ these figures below shed light on how complex false declines can really be:
62% of false declines are actioned by the issuing bank.
63% of false declines are sourced as being from the payment gateway.
69% of false declines are triggered by automated solutions.
54% of false declines are actioned as a result of yourpayment processor.
There are a variety of structural and identity based sources that trigger false declines - but more on that later.
With little to no manual review measures in place, most merchants are relying on automated tools to carry out fraud monitoring measures; compromising an integral human element required to monitor what is actually a diverse and multilayered approach to e-commerce.
In a sole reliance on automation, fraud definition parameters become skewed when genuine transactions are declined over a long period. When they are marked as friendly fraud, these parameters are ‘intelligently’ adjusted to retarget products and spending habits by consumer type - meaning genuine purchases will continue to be targeted to decline.
If a customer acts out of their usual spending habits or acts in a way that causes a false decline (Do not honour) and causes what defaults to friendly fraud – this still carries the negative consequence for a merchant with a resulting loss of revenue.
As a result, a manual review should always be in place. In most cases a second attempt is likely legitimate and it is always considered best practice to contact your customer or issue a one-time passcode asking to verify the purchase - should it fall out of their typical spending behaviour.
False declines increase because the ways we choose to pay are increasing. Simply, there is an increase in the devices and ways we can make remote or CNP purchases. Whilst there are certain methods that are unlikely to decline unless the information was wrong on the first instance, it is still plausible that as you increase the instances where e-commerce purchases can be made, more declines can happen.
To reiterate, around 2 billion card-not-present declines are made each year. This makes for an 85% approval rate for digital transactions as opposed to a 97% approval rate for in-store transactions.
False declines are typically identity or structurally related to situations where the customers CVV code or billing information fails to match the information the bank has on record. Structural declines where the decline is service related are sourced by actions implemented by the merchant, the payment gateway, or security measures put in place. More often, structurally caused declines to account for 40-60% of false declines.
First and foremost, cover a broad range of areas wherein a decline may be sourced. Having looked at declines triggered by the card issuer, the payment gateway and processor; it speaks to the idea that these services need to be individually comprehensive.
It goes without saying that the fraud measures implemented by a merchant need to be customisable and dynamic to different parameters on one site.
In addition to the standard:
AVS Checks
CVV Checks
Terminal Velocity Checks
Allowing you to customise your fraud rules to event-based behaviours, Total Processing offers as a basic service:
Payment Velocity Checks: monitoring the number of purchases coming from a specific origin
IP Geolocation
Set limits: Monetary limits can be applied to transactions.
Using precise and considerable data, fraud mitigative decisions can be made using information acquired from every transaction such as:
Card Holder Name
Merchant Transaction ID
Transaction Amount
Payment Brand
Payment Type
Do Not Honour specifications
Geolocation
Often, these parameters are serviced through the payment gateway and your processor (as an add-value service) and in part, your acquirer and issuing bank - as a result of the card schemes and payment methods you agree to process.
Total Processing uniquely and comprehensively offers an all-in-one solution working closely with a global partnership of acquiring banks via our PCI DSS Level 1 compliant payment gateway. As a payment processing provider and merchant account provider; we’re with you from step 1 throughout the entire length of our partnership.
These are careful decisions you need to make, and whilst there is considerably another decision to be made on how time-sensitive these decisions are, these are key measures that should always be in place:
Ensure that your payment gateway is set up to enable 3D Secure 2.0 authentication A payment processor can help customise the events that trigger these authentication measures and ensure that your transactions are compliant with new regulatory payment standards.
Consider the level of PCI DSS compliance you’re processing at Using a gateway with a higher level of compliance will speak to the credibility and volume of securely stored and processed transactions taking place via a payment gateway. Using iframes hosted through compliant gateways will only require merchants to individually hold basic SAQ compliance.
Implement Manual Payment Reviews - An in-house or outsourced team that can review transactions with a failed first or second attempt can correctly identify where fraud parameters aren’t working correctly and need to be altered. These teams can save time and money in the resulting hit to approval rates and mismanagement of chargebacks. Whilst a chargeback can be fought, there is always an initial fine charged by the acquirer.
Our teams can view and monitor your approval rates to further track fraudulent behaviour and at-risk products, to assess where purchase volumes may trigger fraud and/or false declines.
Implement Low-Risk Payment Methods - Take payments where a false decline is unlikely to happen. Alternative payment methods such as Klarna, Apple Pay and Bitcoin leave little to no room for identity-based declines.
Enable Tokenisation - Tokenisation enables a ‘remember me’ function that securely stores payment information to prevent identity-based declines from happening. Case studies have shown that implementing tokenisation has seen a decrease in false declines by 5-8%.
Account Updater - Enhance tokenisation features with account updater. Through Mastercard and Visa, expired card data is automatically updated by the issuing bank to prevent registered customers from having to re-register details, or declining at the checkout with an expiring card or incorrect billing address.
Invest in Add-Value Services - Add-value services will have a beneficial ROI long-term. Additional fraud monitoring tools facilitated with automated machine learning using real-time data and consortium data, will disrupt building patterns that mistake false declines as genuine fraud.
Total Processing’s add-value services have proven to show increased acceptance rates of more than 5% by the third year of implementation - up from 1% by the end of year 1. By accurately identifying which transactions are fraudulent and which are not, a resulting 1.9 million more transactions are approved over 3 years. A case study revealed that the implementation of these same add-value services resulted in an increase in revenue by 25% over 3 years.
In essence, in targeting false declines the implementation of measures asks merchants to assess not only what fraud prevention tools they have in place, but what services they’re using and how efficient they are.
We’ve shed light on false declines and the risk they pose to multiple avenues in e-commerce. With threats standing on almost equal levels to customer retention, conversions, processing capability and fraud rates; the approach to tackling them should be a multifaceted one.
In order to stay processing, businesses need a fraud approach that is dynamic and tactically rich - considering with complete comprehensiveness the layers that are combined to facilitate transactions and the customer journey in processing.
Whilst this can be understandably overwhelming, it needn’t be. Total Processing is home to a wealth of experts ready to guide you through your processing journy whether you’re starting afresh or switching over, alongside comprehensive fraud protection tools.
Get in touch today to learn more!