Selling products and services online offers great opportunities for merchants, but it’s not without risk. Savvy cybercriminals use stolen personal data to defraud merchants, and sometimes, a merchant’s worst enemy is its own fraud prevention solution.
Losses from ecommerce fraud are projected to reach $6.4 billion by 2021, according to a recent report from Aite Group and ClearSale. But losses due to false declines (legitimate transactions that are wrongly declined) may reach $443 billion by 2021.
With online sales only expected to rise, here’s what you need to know about your risk for declined and fraudulent transactions and how you can minimize their impact.
What might cause a legitimate order to be flagged as fraudulent…and subsequently rejected? It turns out there are many reasons, but here are three of the most common.
Many people believe accepting orders coming from an overseas IPs is risky, and that’s often true. But there are instances where this just isn’t the case. For example, a customer working or traveling overseas might make online purchases and get them shipped to their home address.
Some companies require the use of VPNs on company-issued computers to protect sensitive information. It’s not uncommon for VPNs to show that an IP address is originating from a country other than where the user is physically.
If a data point, like an email address, ends up on a watch list or a "blacklist", that’s certainly concerning — right? Not necessarily. If a rarely used email address was leaked via a data breach, it’s entirely possible fraudsters are now using this address. But it doesn’t mean that a legitimate customer can’t be using it, too.
What happens when you decline an order that looked suspicious but was actually legitimate? Not only do you lose valuable revenue, but you also create a negative customer experience and risk losing the lifetime value of that customer.
Let’s face it — customers have a lot of options when it comes to making an online purchase. So if they can’t get a product from you, they can get it from another ecommerce merchant. But some customers may not go away quietly, instead sharing that negative experience with anyone who might listen on social media — potentially driving away other good business.
Fraud prevention solutions learn from your good decisions — like when you stop a fraudulent transaction from being approved. But it also learns — rightly or wrongly — from your mistakes.
Consider, for example, if you add a rule to automatically decline orders shipped to a certain city because you’ve been hit with several chargebacks from orders made from there. But once you set up those automatic declines, you’ll never know if those rejected orders were really fraudulent, because you’ll never see the good transactions that would prove you wrong. So when you tell your machine learning system that an order is bad, that’s what it will learn, and it will continue to make mistakes.
When a fraudster is stopped from committing fraud against your store, it’s likely that they’ll just take that same fraudulent information to another merchant and try their luck there. After all, that fraudulent data was expensive to purchase, and they want to get their money’s worth. So they’ll mix up their approach and get a little creative. Maybe they’ll use a different fake shipping and billing address or place the order from a VPN. But the good news is this: They probably won’t try to defraud your business again.
But there’s another piece of good news. When a fraudulent order is correctly declined, the system learns that the combination of data points was not legitimate. And the system becomes smarter because of it.
Unfortunately, every algorithm we use, every rule we put in place and every manual review process we implement can make mistakes. And there are two types of mistakes that we see most often with fraud prevention solutions.
The first mistake we see is a solution approving orders that turn out to be fraudulent. While we don’t want to see these happen, the good news is that these mistakes are easy to measure because they almost always end up coming back as chargebacks. The other piece of good news? You can feed back the data from these fraudulent orders into your solution to improve it and flag future similar transactions.
The second mistake is not knowing if the transactions you rejected were fraudulent. Sometimes, a transaction might get flagged as suspicious by your fraud filters, algorithms score or machine learning solution. But certainly, not all of them are actually fraudulent.
Unfortunately, you might never know exactly how many were.
As you’re reviewing orders, you need to think about these potential mistakes. What’s the chance of accidentally approving a fraudulent order — or rejecting a legitimate one? Even worse, what’s the cost of declining these transactions?
When we perform manual reviews on flagged orders, we can give the algorithms feedback that will help the systems avoid them in the future. Sure, there’s an added cost (and added time) to perform this manual review. But there’s also a huge benefit to having a human review an order, evaluate it from multiple data points, and see the whole story behind an order.
So when it comes to identifying fraud, you simply can’t rely on just a single data point to make your decision. But you might not have the resources to do a deeper dive into each transaction.
ClearSale’s ebook “Online Merchants: Stop Leaving Money on the Table” walks you through everything you need to know about the order approval process — including how to approve more legitimate orders. After reading it, if you want to learn more about improving your order approval rates, just contact one of our experts. We’d be happy to tell you more.