Voice of the Industry

Decoding false positives – Is the cure worse than the disease?

Friday 19 November 2021 07:35 CET | Editor: Simona Negru | Voice of the industry

Ravi Purohit, Associate Director, Products at Rakuten Inc, is sharing his thoughts about how today’s fraud prevention systems are blocking genuine purchases more than flagging the fraudulent ones

In this editorial, we will see how this issue is causing terrible experiences to the customers, hitting the businesses adversely on revenue and brand value. Finally, we will delve into what businesses can do to overcome this.

In the sci-fiction book ‘Deadly Curve’ by Stephen D. Smit, protagonist Seward Daniels and his Team from Gilbert Labs develop a fat-eating bacteria. They get the FDA (Food and Drug Administration) approval for this wonderful drug to fight obesity, but something weird starts happening a year after the launch. The planes begin falling out of the sky, and the highways see fatal crashes. Steward and the team did not anticipate that his miracle cure for obesity would start eating the brain cells of the patients.

This fictional story is getting realised in the ecommerce fraud prevention space, where losses of revenues due to false positives are expected to be six times higher than the actual fraud in the same period. So what’s the connection between the story and the fraud prevention space, you may ask. Similar to the situation in the book, where the fat-eating bacteria aimed at solving the obesity problem started eating brain cells, causing the trouble, the fraud prevention systems targeted at blocking the fraudsters are actually flagging the genuine purchases more often.

What are false positives?

In case of false positives, when a legitimate and genuine transaction done by the customer is flagged as suspicious, the payment process is shut down, or the account is locked. However, either way, a user is incorrectly identified as a fraudster.

These errors occur when a non-fraudulent transaction is somehow triggered by a fraud detection system of an ecommerce platform, merchant, or financial institution, resulting in the ecosystem denying the completion of the transaction.

One of the critical reasons for the rise in false positives is that all ecosystem players (e.g. platforms, online merchants, and card issuers) have become so fearful of frauds and their potential impact that they are over-tightening the fraud detection algorithms to err on the other side. Consequently, they end up turning away genuine customers.

False positives can end customer relationships

False positives are incredibly critical to pay attention to from a customer experience perspective. As the world is moving to digital channels and Gen Z is entering the customer segments, a seamless user experience is more essential than ever.

A survey found that ~73% of people consider a good experience crucial for their loyalty to any brand or service, while one in three customers say they would stop doing business with a company they like after a bad experience.

According to another study, only one out of five blocked transactions for frauds are actually fraudulent. Unfortunately, in the perennial battle of high security and friction, this has added a third aspect – false positives to be taken care of as well.

Way forward

The bottom line is that the ecosystem must adopt risk-based profiling and multi-factor authentication to address this challenge. However, an exemplary authentication involves adopting at least two of the following three factors: knowledge, possession, and inherence.

  1. We understand by knowledge something the customer knows like a PIN, password, or challenge answer;

  2. Possession is what the customer owns, such as cell phones, hardware keys, or cards;

  3. Inherence is a customer’s biometric marker, including a fingerprint or voice authentication.

Risk-based profiling can be the needed tool to balance trusting the legit customers with flagging any potential fraudulent attempt. To enable this, companies can use several data inputs to determine the risk profiling scenarios: e.g. history of the customer’s device fingerprint, browsing pattern, time zone, geography, purchase history, cart values, and other behavioural patterns. 

If all things are consistent, then the customer journey can be made quite smooth. However, if there are inconsistencies, machine learning algorithms can flag the pattern asking for additional authentication and keep the denial as the last resort only if authentication fails.

The idea behind this approach is that if more steps consistently suggest the user to be a fraudster, this is more believable than if only one detection method suggests so.

To summarize, fraud prevention mechanisms are the need of the hour, but this shouldn’t come at the cost of genuine customers getting denied the transactions by incorrect flagging. Leveraging multiple data points and solving this puzzle with multi-factor adaptative authentication could be the key for the future.

P.S. Views expressed here are strictly the author's own (and not his employer's) backed by academic research with citations shared.

About Ravi Purohit

Ravi is a product manager, strategist, educator, and student with 13+ years of experience designing products and services across several industries and customer platforms. Ravi loves making technology useful, usable, beautiful, and affordable to the global customer base through products. For the last 4+ years, Ravi has been contributing to enable a global tech conglomerate with 70+ businesses and 300 million+ customers on Identity and Payments Platforms.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: fraud prevention, ecommerce, merchants, online payments, bank account, fraud detection
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions