Thanks to the reach that e-commerce offers, merchants today have the opportunity to get their products and services in front of new customers all around the world. But this potential boom in sales comes with an increased risk: exposure to sneaky e-commerce fraudsters.
It doesn’t matter how big or small an e-commerce merchant’s business is — or what they’re selling — they’re all vulnerable. And if merchants don’t have a solid understanding of how fraud could impact their business, they risk giving away hard-earned revenue and damaging their reputation.
To help merchants determine the effectiveness of their e-commerce fraud prevention solution, retailers should perform regular card-not-present risk assessments. Here are eight fraud analytics that merchants should measure regularly.
The percentage of approved transactions, out of the total order volume. This includes all auto-declined transactions, all manually declined transactions and all automatically approved transactions.
Low approval rates can sometimes indicate a high false decline rate, which can frustrate legitimate customers and result in lost revenue.
Even worse, for many merchants, their approval rate isn’t what they think it is. Merchants often omit auto-declines when they’re calculating their order approval rates, because they assume all auto-declined orders weren’t good orders to begin with. Omitting auto-declines ends up overstating your true approval rate – which leads to grossly underestimating lost revenue.
The amount (in dollars) of fraudulent chargebacks received related to the orders of a given month, divided by the total of sales (also in dollars) of the same month, expressed as a percentage.
Note: Not every card issuer calculates chargeback rates the same way. For example, Visa uses the total number of sales for the current month to calculate this figure; MasterCard uses the number of sales from the previous month.
Generally speaking, it’s more accurate to divide the chargeback loss amount by the sales from the month in which the transaction generating the chargeback was originally placed. Because most chargebacks are filed 30 days or more after a transaction, this calculation method provides a more accurate view of what happened in a particular sales month.
Merchants whose chargeback rates climb above 1% of revenue risk having card-issuing banks label them as a high-risk merchant or even terminate their merchant account, leaving retailers unable to accept credit card orders.
The number of transactions that are manually reviewed for fraud divided by the total number of orders, expressed as a percentage.
You want a balance that fits your business. A high rate of manual reviews might mean you’re spending too much time, money, and resources on reviewing individual orders. But if your manual review rate is too low, you might be automatically declining legitimate orders.
Written as a percentage, the automatic decline rate is the number of completed or attempted transactions that are automatically declined. This includes any order that is not reviewed by a human being that didn’t go through, for fraud reasons, divided by your total number of orders. It’s important to note that even order attempts you believe were not legitimate will be included.
If you automatically decline “gray area” transactions, you’ll end up with a higher rate — which means you may be rejecting a significant percentage of valid orders.
False decline rate is the number of declined orders that were actually legitimate, divided by all manual and automatic declines. The result is the percentage of legitimate orders that were incorrectly flagged as fraudulent.
Merchants need to understand how many valid transactions are being declined.
In practice, false decline rates are more conceptual than numerical. While this truth makes it difficult to directly assign a definitive rate, sophisticated fraud teams can use substitute benchmarks to find useful insights. Example strategies include utilizing a customer service’s good customer’s complaint on declined transactions, also known as a customer insult. Other proxies include asking for senior reviewers to audit a random sample set of the declines.
A subjective assessment that indicates your confidence in order decisions.
You might use a one-to-five scale (one being not confident, five being extremely confident) to assign confidence levels to transactions you’ve approved or denied.
Merchants must be confident that they’re making the right decisions when it comes to approving or rejecting orders. Understandably, merchants will have the most confidence in orders that the cardholder confirms. There may be a little less confidence assigned to decisions where an analyst believes an order is fraudulent but hasn’t confirmed it. Far less confidence may be given to auto-declines that are made by simple or automated fraud filters. If merchants notice that most of their transaction decisions have a low confidence score, there might be a larger problem to review.
The amount of time (usually in hours) that transpires between the moment an order is placed and the moment the order is either approved or declined. This time is best shown using Accumulated Distribution and expressed as a percentage. For example, a company’s order review process average time might be 82% in less than 1 hour, 87% in less than 12 hours, 95% in less than 24 hours and 100% in less than 48 hours.
Online retailers don’t want to make their clients wait to get their orders. Transactions should never be pending for more than 48 hours, unless they require a thorough review (e.g., contacting cardholders directly).
If reviews are taking too long, merchants might consider implementing a more efficient fraud prevention solution that can more quickly analyze questionable transactions.
To calculate this number, divide the total cost of every transaction analysis by the number of transaction analyzed.
When considering cost, include:
Merchants with an in-house fraud team will also need to include employee salaries and overhead costs.
The result of this calculation illustrates the overall cost-effectiveness of a merchant’s fraud prevention system. If this fraud analytic is high and merchants aren’t getting the results they need or expect, retailers might need to reconsider their fraud protection solution.
E-commerce retailers that are just getting started in measuring fraud analytics will want to start by establishing benchmarks and getting a sense of what’s considered “normal” for their business. Those who are a little further along and have been tracking these KPIs for a while might want to set up alerts to notify them — if and when their numbers stray too far from the baseline or from acceptable levels.
It’s important to remember that these KPIs are very effective at showing what has been happening with orders but are less useful in helping merchants determine what’s going on in their business right now.
If you’re not sure what your numbers are telling you, or you’re looking to improve them, schedule a conversation with ClearSale. We have a broad range of experience across multiple industries and in global markets that we can draw on to paint a true picture of — and help you reduce — your card-not-present fraud risk.