For many financial institutions and retail businesses, there is a need to balance the risks associated with payment fraud and advanced persistent threats against the economic imperative to provide excellent customer experiences in a competitive market. When good users are mistakenly flagged as fraudsters and can’t access payment services, customers get angry and brands lose revenue. These false declines result in lost customers, damaged reputation and lower revenue. It’s no wonder some banks refer to false declines as customer insults.
Research shows that up to 15% of card-not-present (CNP) transactions are falsely flagged as fraudulent, causing annual revenue losses of US$118 billion. Great customer experience and payment security need not be mutually exclusive. With the right tools, they can work in concert.
Gartner’s research article “Don’t treat your customers like a criminal” points out: “The greatest risk to a business is no longer fraudulent activity. The greatest risk is obsolescence in the digital world and consequent loss of customers to competitors.” These losses have been documented frequently by industry analysts. In 2019, Aite Group concluded that merchants lose up to 75 times more revenue—a staggering US$430B globally—to false declines than they do to legitimate fraud. Considering that this study was published before the pandemic, it is fair to assume that the amount of lost revenue is even higher today.
So, how can financial institutions and retail brands achieve a balance between payment security and great customer experience? It starts with more precise tools. Here are a few key ways to get there:
- Improve customer identity validation with artificial intelligence (AI)
For many banking, retail, and insurance companies, new account fraud and account takeover (ATO) present the greatest risks and potential liabilities. In the last few years, cybercriminals have evolved their techniques for taking over bank accounts and stealing sensitive personal data. Many of the businesses and organizations that invested in fraud prevention solutions or changed their methods of customer identity validation now face another problem – a high rate of false declines . Additional steps of identification often create friction for customers, causing them to abandon a purchase process all together.
Gartner recommends shifting to omni-channel, customer-level screening for fraud in their January 2022 Buyer’s Guide for Fraud Detection in Banking.
To detect ATO and other credential-based attacks, fraud teams need continuous screening for suspicious behavioral patterns or real-time anomalies, as well as more precise fraud risk scores. A system that uses ML to build unique models for each customer, card, device and entity can do this. It should rebuild individual customer models on the fly to maintain the precision of risk scores.
- Use entity and user behavioural analytics to create unique customer profiles
User and entity behavioral analytics (UEBA), combined with a rules engine and machine learning, can greatly improve fraud detection precision and speed up incident response times. This is particularly useful as in the last few years we have observed significant growth in the use of intelligent bots. When artificial intelligence is used by criminals to mimic human behavior and target a website, an application, or an account, it can bypass all standard authentication procedures because it looks like a legitimate user. If customers are presented with an additional authentication request, even as common a method as CAPTCHA, it creates friction. With more friction, customers are more likely to abandon the transaction. The abandonment rate can reach 50% – and what business wants to lose 50% of their sales?
Entity and user behavioural analytics help because a user’s actions may be a better indicator of fraud than who they report they are. With behavioral analytics, information is tracked in profiles that represent the behaviors of each customer, account and device in real-time. The ability to precisely identify potentially fraudulent behaviour can, with the right tools, enable precision blocking of fraud without impacting legitimate transactions. It also has the added benefit of allowing financial institutions to lower fraud detection thresholds. Consequently, there is a triple bottom-line benefit: lower fraud losses, fewer false declines and higher completion rates.
- Use tools that refine your ability to block sophisticated attacks without impacting legitimate transactions
Risk scores are used to determine what action should be taken on a transaction. A score over a certain threshold may trigger a step-up response; eventually, the transaction is either allowed to complete or it is blocked. This works well for an individual PAN or card. But what about network level attacks? Traditionally, the methods used to block fraudulent transactions have either been blunt—block all traffic on the offending channel which causes false declines, or ineffective— allow it and suffer fraud losses. Older tools such as web application firewalls (WAFs) can block fraudulent activity and advanced persistent threats only at the IP Address and port level.
This means, for example, that in the case of a BIN or terminal attack, malicious transactions are blocked along with all the legitimate customer activity using the same IP address or port. Since blocking traffic this way results in high false decline rates, many companies almost never enable full blocking, meaning they accept a certain level of fraudulent or malicious traffic. Therefore, in addition to scoring each transaction, organizations should consider the use of blocking tools that are able to filter out transactions that come from bad devices, bots or users at a network level in order to preserve the integrity of legitimate transactions.
In summary, sophisticated attacks require sophisticated solutions to allow real transactions with less negative friction. The combination of machine learning models, behavioral analytics and precision blocking of fraudulent activity provides a powerful tool to help you know your customers better and differentiate legitimate activity from suspicious activity. INETCO BullzAI, a new intelligent solution, uses all three to enable businesses to significantly reduce false declines and negative customer friction by increasing the precision with which they can block anomalous activity, without impacting legitimate customers. This improvement means not only increases in revenue and customer satisfaction, it can also lead to a reduced rate of false alert fatigue and increased analyst retention.
Using BullzAI’s state of the art capabilities, one of our clients, a leading payment processor managing over 40 million issued cards, was able to reduce false declines from 10,000 transactions per day to under 300.
Talk to us to find out how your company can do the same.