With retailers expected to lose $130 billion to online fraud over the next five years, there is increasingly urgent demand for tighter solutions and greater protection for both consumers and digital commerce merchants.
But in the scramble to combat fraudulent activity, the industry has created an arguably greater challenge – false declines.
What is a false decline?
This is not necessarily a bad thing, as cards are often declined due to the cardholder having reached their spending limit. Similarly, other transactions are declined when a fraudster is accurately detected.
The problem comes when a genuine customer within their spending limit tries to make a purchase…and still gets declined. This is known as a ‘false decline’ (or sometimes as a ‘false positive’). We know that false declines are a big problem, with US e-commerce merchants losing a total of $8.6 billion to declines, compared to the $6.5 billion of fraud they are actually preventing.
And the true cost of false declines goes beyond the initial sale. We also need to consider the wasted cost of acquiring the customer (through advertising and promotions), as well as the lost lifetime value of a potentially loyal customer.
What causes false declines?
If you are a consumer, the answer is probably ‘I don’t know’. To protect privacy and to prevent fraudsters trying to reverse-engineer the fraud logic, error messages explaining why a transaction has been declined are often deliberately vague. This compounds frustration, particularly when it is a loyal customer that is rejected.
Often the causes of false declines fall into two main categories: identity and structural.
Identity-related false declines are often caused by something very simple, such as a mismatched billing and shipping address or outdated card information. Outdated card information is a particular challenge for merchants where consumers make infrequent, high-value purchases (such as airlines). For example a survey found that for one airline, over half of all declines were due to an incorrect expiry date or CVV2 code.
Separately, ‘structural’ false declines typically account for around 40% – 60% of rejected purchases, and are caused by the measures and parameters put in place by fraud management software. By being overzealous with their fraud prevention, merchants run the risk of creating too much friction, resulting in unhappy customers and lost sales. Equally, playing fast and loose increases the threat of genuine fraud as well, which can be equally as damaging.
Can network tokenization reduce false declines?
With network tokenization, the payment networks replace a primary account number (PAN) with a unique EMV®* payment token that is restricted in its usage, for example, to a specific device, merchant, transaction type or channel.
Network tokenization reduces the risk and impact of genuine fraud by protecting card details throughout the entire transaction lifecycle.
But it can also reduce instances of false positives. Merchants that took part in network tokenization pilots conducted by payment networks have reportedly stated a false decline reduction between 5-8%.
As card details are automatically updated and refreshed, for example, the chance of outdated or mismatched data triggering an identity-based false decline on the system is limited.
Also, tokenized transactions are viewed as inherently more secure so are less likely to be classed as risky enough to be declined. The trust and confidence delivered by the end-to-end security proposition of network tokenization enables merchants to relax overly-stringent fraud controls and assume that a transaction is legitimate, without declaring open season for fraudsters.
A foundation of online commerce
Given the scale and immediacy of the false decline challenge, advances are undoubtedly being made to improve security techniques and enable more intelligent risk decisioning.
Yet, ever-increasing fraud prevention spending is failing to contain an escalating problem. It is clear, therefore, that a foundation of secure trust is needed. This is where network tokenization comes to the fore, enabling merchants to strike the balance between security and convenience.
* EMV® is a registered trademark in the U.S. and other countries and an unregistered trademark elsewhere. The EMV trademark is owned by EMVCo, LLC.