The cost of fraud fighting is as bad as fraud itself

Credit card fraud is a massive problem for e-commerce retailers. If you’re an online business, you’re likely all too familiar with it.

But today, the fight against credit card fraud is a losing battle. Online retailers are losing between $2.48 and $2.82 for every $1 of direct fraud. That means roughly 2.5 times the amount lost to fraud is lost fighting fraud. And merchants will spend 3%-5% of their overall revenue combating fraud operationally.

Today’s online payments experience is powered by dozens of unique tools, from payment gateways to fraud detection to checkout. This approach is called “layering,” wherein a business layers on suites of different tools to create “robust” payments and fraud detection stacks.

But the results are abysmal, especially when it comes to fighting fraud. Using the best-performing algorithms, researchers successfully identified 495 of 500 fraudulent transactions in a sample size of 50 million transactions (that’s a 99% detection rate).

But they incorrectly flagged 500,000 legitimate transactions from good customers as fraudulent. There were too many “false positives” — customers falsely rejected for fraud concerns — to make the layering approach useful. These numbers are untenable for e-commerce stores, where the average profit margin is as low as 5%, or 0.5%-3.5% for e-commerce-only operations.

In 2017, global e-commerce sales were an estimated $2.3 trillion — up 24.8% over the previous year. Of this, the Global Fraud Index estimates that there was $57.8 billion in potential fraud across eight industries.

And despite the proliferation of anti-fraud tools, there is a growing “fraud problem” encompassing much more than the direct value of lost merchandise. There is also manual order review, opportunity costs from false positives and the massive overhead of implementing fraud-fighting best practices.

False positives are perhaps the most punitive. They are not only costly in terms of lost direct sales, but they also cause merchants to lose potentially valuable repeat customers.

Layering also impacts data visibility. Each tool has a limited purview into data and thus a limited ability to make accurate decisions. For example, a siloed fraud detection company misses out on valuable payments and checkout data that could inform its decision-making.

With limited information, providers are forced to be extra conservative in their decision-making for fear of letting fraud through. So a business will sign up with a major fraud detection vendor and see fraud rates decline, but understand very little about their newfound, difficult-to-measure false positive problem.

Since fraud companies lack access to critical data, they care little to help businesses much outside of their sphere of influence. In fact, the fraud prevention industry is typically predatory in how they treat businesses, and their incentives could not be more misaligned. They rely on fear tactics to overinflate the amount of fraud that’s actually happening, scare merchants about the threats of fraud as they scale, and sell safety/security instead of approving good customers.

A lot of work lies ahead of the industry, but visibility into the full suite of checkout payment data to use for fraud detection purposes — including behavioral data like mouse movements, keystrokes, capitalization and clipboard use — is a critical first step.

Two wrongs don’t make a right: The answer to poor fraud management is not the redundancy of several imprecise tools, but rather a single, integrated platform powering the payments stack.

As the industry moves toward a more integrated e-commerce experience, spanning order management and predictive intelligence, the same approach should be applied to fraud detection. If online retailers are to survive, e-commerce needs to move toward a full-stack solution that handles checkout, payments and fraud — and data visibility is the cornerstone.