CyberSource recently released its 2016 Fraud Benchmark Report, and with it, a slew of valuable insights on the current state of card-not-present fraud management. Turns out, online merchants are getting better about avoiding fraudulent orders, but there’s a flip side to this equation — they’re also experiencing higher rejection rates and higher false positives, essentially turning away more legitimate customers than they were previously.
(Caveat to this report: it was performed pre-EMV, in October and November of 2015. While it seems reasonable to assume that there’s an uptick in fraud following the liability shift, the report still sheds light on fraud management across ecommerce.)
CyberSource calls this “a balancing act,” which is particularly apt. Fraud managers everywhere have to constantly balance two competing goals: reduction of losses to fraud and acceptance of as many orders as possible. Increasing one obviously affects the other.
So, what can serve both sides? Simply put, better operational efficiency, by cutting the total cost of review, via reducing both the time spent per order and reducing the amount of orders that need review.
While the CyberSource report focuses on the ways ecommerce businesses are attempting to improve fraud management internally, in reality, companies can choose to achieve scale in one of the two following ways:
Making internal fraud operations more efficient. Keeping fraud internally absolutely means investing in better tools for staff. For almost half of the businesses in the report, manual review was the largest single user of the fraud management budget. This means that companies should not only invest in tools that reduce the amount of orders that require manual review, but also improve the speed and efficiency with which the orders that do require manual review are decisioned.
Letting an outside vendor shoulder the burden of order review. The flipside of working to make internal fraud operations more efficient is to let an outside vendor handle some or all of the fraud detection burden. This allows a company to not only focus more on its core business by offloading non-core activities to experts, but as the company grows, a quality fraud service can scale with it, usually at a fraction of the time and cost of an internal team.
Besides a core message of improving operational efficiency and scaling effectively, CyberSource uncovered other fraud management trends worth mentioning.
Additional gems from the report:
- Overall, 83% of companies in North America do perform some manual review of orders, usually reviewing approximately 30% of the orders they receive.
- Not surprisingly, smaller companies (<$5 million in annual revenue) have much higher review rates than mid-sized ($25-$100 million) and large ones ($100 million). (Larger companies have likely already optimized their fraud management practices earlier in their growth path, and have the resources to dedicate the best fraud services to assist.)
- The majority of companies (70%) believe that at least 1 in 10 orders they reject as fraud are actually legitimate.
- On average, almost half of companies noted that manual review staff accounted for the lion’s share of their fraud management budget, and they don’t expect that budget to increase anytime soon.
- The top five most adopted fraud detection tools in manual review, are, in descending order:
- Address Verification Service (AVS)
- Card Verification Number (CVN)
- Customer Order History
- Negative Lists (Merchant’s own deny list)
- Postal Address Validation Services
Ultimately, while ecommerce companies are arguably improving their fraud detection skills, they still struggled with declining more legitimate orders than they’d like, and improving the efficiency with which they reviewed order. But, that was late 2015, and we’ve now entered the post-EMV era. Let’s hope ecommerce companies are ready for the new wave of fraud.