It's one thing to commit fraud in person at a brick-and-mortar location. It's arguably easier to commit fraud when you don't have to look a retail employee or manager in the eye, when you don't have to show your credit card to a cashier or insert it into a chip reader, or when you don't even have to prove that you ever received a product in question. That's just a taste of what ecommerce businesses have to contend with every day when it comes to fraud protection.
But the "revenue leakage" picture related to ecommerce fraud is much more complex. Our partners at Signifyd, a company that helps online retailers grow their businesses without the fear of online retail fraud, report that the true cost of ecommerce fraud is as much as 5.4% of revenue. This is the result not just of fraudulent transactions but also of lost revenue opportunities.
In this article, we'll start by framing the revenue leakage conversation in terms of its ultimate goal and its functional tasks. From there, we'll dive into the details of each of those functional tasks; explore how fraud detection systems that only employ rules and filters can hinder your ecommerce business; and consider the short- and long-term consequences of approving bad transactions and rejecting good ones.
Revenue Protection and Optimization
When it comes to fraud detection, the ultimate goal, as Signifyd's "Lead Storyteller" Mike Cassidy notes, is "to make sure that retailers don’t erect barriers between themselves and willing buyers," he says. "Every time a merchant makes it harder or less pleasant to buy, they leave money on the table."
From a functional perspective, there are two essential tasks:
- Reducing the number of fraudulent transactions that are mistakenly approved (which can be thought of as revenue "protection").
- Reducing the number of legitimate transactions that are mistakenly declined (which can be thought of as revenue "optimization").
In a study conducted by Forrester Research and commissioned by Signifyd, Forrester found that far more money can be saved on the "protection" side, generally speaking and in the short term. For some companies, however, the loss on the "optimization" side can be far greater in the long run.
Reducing the Number of Bad Actors
The revenue protection side of this discussion involves transactions that should not have been approved, but were. But if you think of this as a problem only at the point of purchase, think again. For example, this kind of leakage can also happen when a person committing fraud (a bad actor):
- Claims that they never received an item
- Claims that an item arrived damaged or unusable
- Claims that an item was not as described on the website
- Buys an item and returns a "knock-off" version
So-called "legacy" fraud protection systems rely on a set of rules or filters to help them identify and decline potentially fraudulent transactions. Unfortunately, this presents a couple of problems.
Bad actors typically evolve faster than the rules can be developed. Whether it's due to techniques, targets, technology, or a combination of all three, fraud-committing individuals and groups do their level best to stay ahead of the rules so as to not get caught. Although rules and filters do have value, they're also the equivalent of closing the barn door after the horses are gone. By the time a rule has been invented to address a new fraud tactic, major losses may have already happened and bad actors have moved on to a new set of tactics.
Merchants own the losses. Rules-based systems tend to assign the risk to the merchants. Even if merchants follow the rules, credit card companies will still hold them liable for chargebacks. Implementing the EMV (Europay, Mastercard, and Visa) "chip" cards only helped retailers fight some types of chargebacks at the brick-and-mortar level. But whether your card has a chip doesn't impact an ecommerce transaction.
As big data and machine learning have come into play over the years, fraud detection systems have become more sophisticated. In fact, some fraud detection companies are now willing to take on the liability themselves with a financial guarantee against all chargebacks. In other words, if they approve an order for shipping and it turns out to be fraudulent – even for reasons that go beyond a stolen credit card number – they'll make the merchant financially whole for that order.
Reducing the Number of False Positives
Rules and filters don't just attempt to keep bad actors from committing fraud. Sometimes, they have an unintended consequence – keeping "good actors," so to speak, from making legitimate purchases. These false positive results can be the result of:
- Rules that are too rigid in their application
- Systems becoming increasingly conservative over time in their evaluations
- The time-intensive nature of manual fraud reviews, which make it easier to "just say no"
- Overreacting because of previous fraud experiences
In the Forrester Research study mentioned above, the results for five businesses implementing a machine-learning fraud detection system led to an increase in accepted transactions of 2.9%, resulting in an additional $912,434 in revenue over three years. While that sounds impressive, it's also just the tip of the iceberg. By rejecting a legitimate order, you're disappointing not just a potential customer, but also a potential advocate.
Think of this in terms of referrals. 82% of those surveyed in the US ask their friends and family for recommendations before buying products. If you've rejected a legitimate order, the best you can hope for is that friends and family won't even mention your business to a potential customer. The worst-case scenario? That friends and family will actually spread bad word-of-mouth experiences and opinions about your business.
There are other, longer-term metrics to consider as well. Sticking with referrals as a lens through which to consider this, referred leads convert as much as 30% higher rate than non-referred leads, with a 16% higher average lifetime value, and a 37% higher retention rate.
Obviously, your own mileage may vary. The point is, when your fraud detection system rejects one transaction that it should have approved, you're not just losing out on that one transaction. The potential downstream impacts of that rejection can't be ignored.
Concerned about revenue leakage due to your current fraud protection system? Guidance works with partners like Signifyd to help, which can result in as much as a 454% ROI. Contact Guidance, an Episerver solution partner, and learn more about how an intelligently managed fraud system can provide significant revenue lift and a financial guarantee against chargebacks.