Card-not-present fraud is a huge and growing problem for ecommerce, and one way merchants try to prevent it is with "blacklists". These databases contain names, email addresses, phone numbers, and credit card accounts linked to confirmed fraud.
It used to be that such "blacklists", updated internally or bought from a data provider and updated every few months, were a reasonably good layer of fraud protection. Now, as fraudsters develop ever-more sophisticated strategies and have access to a growing cache of stolen consumer information from data breaches, the quality and structure of "blacklists" matter more than ever. A dynamic "blacklist" can be a valuable tool for fraud prevention, but static "blacklists" can lead to more fraud and more false declines for merchants.
False declines are already a big problem for ecommerce. Ecommerce merchants decline 45% of their orders, and 22% of those declines are false, according to the Lexis Nexis True Cost of Fraud Survey for 2017. False declines cost the US ecommerce industry more than $8 billion in lost sales in 2016 alone. Customers declined in error are likely to take their business elsewhere, rather than go back to merchants who wouldn’t take their money. But how can "blacklists", which are supposed to prevent bad actors from making purchases, sometimes cause good customers to be rejected, too? The answer hinges on the difference between static and dynamic data.
[Click here to continue reading.]