Imagine: You’re shopping through your favorite mobile app. You find an item you want to buy and are ready to checkout. Then, the app alerts you your transaction is denied. Why does this happen when all you wanted to do was make a purchase?
In the battle between high security and low friction, there’s an added player: false positives. This is when a user is wrongly identified as a fraudster. As a result, a valid customer is shut off from completing a perfectly honest sale, just like the one in our example. This decline can happen at any step in the payment authorization system.
Companies want to avoid fraud. They also want to avoid false positives. In total, around 33 million adults in the United States are wrongly blocked each year from completing a purchase with a credit card. That’s around 15% of cardholders! The total of these blocked sales amounts to $118 billion, while the cost of real card fraud only amounts to $9 billion. This shows false positives cost businesses more than the actual fraud.
According to CreditCards.com, it turns out that only about 1 in 5 blocked transactions are actually fraudulent. In addition to losing the actual sale, companies also lose potential long-term customers. Most repeat mobile customers, a whopping 66%, won’t return to a business after being falsely identified a fraudster. In addition, with the popularity of online reviews and social media, dissatisfied customers can spark a wildfire, affecting whether customers believe they can trust your business. This isn’t all, though. There are many more reasons false positives cost businesses.
The mobile platform has roughly the same rate of false positives as a fraction of total sale as in-store and computer purchases (3%). With EMV cards adopted in the United States, mobile false positive rates are expected to rise, as companies try to control fraudsters moving from stores and computers to mobile devices.
Who is denied and what are they buying?
Javelin Strategy recently released a study of false positives funded by Riskified titled “Overcoming False Positives: Saving the Sale and the Customer Relationship.” This report provides a great deal of important information about the prevalence of false positives.
The majority of false positives occur with high-priced merchandise. 40% of denied users are attempting to pay over $250 for a sale. This is understandable. Companies want to protect what would give them the biggest loss.
In addition, younger consumers (<35 years old) tend to be misidentified more often than older customers. 24% of young consumers experience at least one false positive in a year period. Remember, that is compared to the overall fraud rate of 15%. Younger consumers are also more likely to abandon a business after a false positive.
High-income consumers (over $100,000 in income per year) are also at a higher risk of false positives at a rate of 22% experiencing at least one false positive in the last year. This makes sense because more affluent customers are more likely to purchase more often and at higher amounts, making the chance of a false positive higher.
This data shows false positives affect everyone, but the people most affected are younger consumers and high-income consumers.
Types of False Positives
How do false positives happen? What about a user makes a merchant believe the customer is a fraud? To understand this, we’ll briefly look at common detection methods associated with false positives.
Geolocation involves using a mobile device’s location to detect whether a user is fraudulent. This method can result in high false positive rates. Say for example, you always use your mobile phone to make purchases in one country, then you travel to a different country and try to make a purchase on your phone. There’s a high chance this perfectly honest transaction will be declined.
- Device Fingerprinting
Device fingerprinting gives the identity of a device through cookies, IP address, and other identifiers. Mobile devices don’t have as many unique identifiers as computers, making it harder to gather more device fingerprinting data to identify fraud risk. In addition, mobile IP addresses can change as the mobile user moves around. This results in a murky line between what is normal and what is fraudulent, increasing the false positive risk.
An effective fraud detection method will have a low false positive rate. Unfortunately, it is unlikely a single technology will result in absolutely zero false positives.
Businesses should employ a mix of different fraud detection methods to lessen the rate of false positives. The idea behind this that if more than one detection method says the user is a fraudster, this is more believable than if only one detection method says the user is a fraudster. Thus potential customers are screened more than once to reveal their intentions and only those that fail all tests are shut out of a sale.
In addition, methods of detection based on behavior are also important. Using behavioral data from mobile devices can provide a clearer picture of who is using the mobile device to make a purchase and whether their behavior is “normal.” This can result in less false positives, as companies have more information to tell whether a user is fraudulent or not. Detection is based on an inherent quality instead of a single data point like location.