By Aaron Begner, EMEA General Manager, Forter
The payments ecosystem is increasingly dynamic and so too is the fraud landscape that threatens it. The UK is the second-largest country for online transactions in 2022; this is set to continue, despite ongoing global supply chain issues and inflationary pressure. At the same time, this increase in online transactions brings another problem: digital commerce fraud.
Merchants need to have a detailed understanding of their payment profile to manage threats and balance risk. According to the Merchant Risk Council, the amount merchants spend to tackle online fraud increased five-fold between 2019 and 2021. In 2019, ecommerce merchants spent an average of 2% of their annual revenue on fraud prevention. By 2021, that share had grown to 10%. However, it’s a battle merchants are continuing to lose, especially in the UK. Additional data collected from Merchant Machine suggests that the UK has the highest number of fraud cases per 1,000 inhabitants (123), with €10,414 stolen by fraudsters for every 1,000 citizens.
As merchants become increasingly aware of the costs of fraud, they realise the need to deploy fraud prevention solutions. Many merchants utilise such services provided by an existing Payment Service Provider (PSP). However, this approach could cost merchants in the long run, as increasingly sophisticated fraud tactics necessitate equally intelligent tools to combat the threat.
The challenge for PSPs
PSPs have to balance their own portfolio risk exposure, with interests in high conversion rates of all of their merchants, particularly in the EU where PSD2 demands very conservative acquirer fraud rates in order to offer TRA exemptions to their merchants. This means that they can’t serve the interests of every single merchant given the need to balance the overall fraud rate across their books. This makes it difficult to provide a superior fraud prevention solution across the board.
Inaccurate fraud decisions result in false declines of legitimate transactions. This leaves revenue on the table and is detrimental to the customer experience. Forter’s data indicates that relying solely on PSP fraud prevention tools can cost merchants up to 8% of their conversions.
Legacy limitations
In most cases, the PSP’s fraud solutions are built on legacy technologies with static, rules-based systems that are inflexible and unscalable. These limitations can result in inaccurate fraud decisions with high false decline rates. Furthermore, merchants need the capability to understand how to set, manage and maintain these static rules which requires diverting time and resources that are invested in their core revenue streams.
With PSPs primarily focused on their core business model of internal fraud risk, their fraud solutions are not as dynamic as dedicated fraud prevention offerings – they can only analyse whether a payment is fraudulent. PSPs who are payments experts do not necessarily have the investment in fraud prevention to deliver cutting-edge capabilities in a non-payment capability. Retailers should, therefore, outsource fraud prevention capabilities to a dedicated partner that can look at fraud and digital commerce optimisation across the entire customer journey, not solely at the point of transaction.
Partial visibility
Many merchants also have difficulty accessing or receiving data from their PSP, particularly PSD2, fraud and risk insights in a timely manner. PSPs tend to struggle with identifying trends outside of payments fraud because they lack visibility into the entire customer journey. This can mean unusual patterns, such as account takeover or policy abuse, go undetected.
A lack of actionable data and insight about approval rates, declines and fraud reduction leaves merchants unclear on their own performance. What does this mean for merchants? When legitimate transactions are caught in the same net as fraudulent ones, businesses suffer as well as consumers. False declines are costly; according to Forter’s NUMO report, merchants can lose up to 75x more revenue to false declines than they do to fraud.
In an era of PSD2, merchants should be able to make decisions supported by well-explained data and this comes from asking their PSPs difficult questions and verifying data sources. It is also not about fraud decline rates but also looking at a loss of customers from friction on pre-authorisation and using 3DS secure rather than leveraging exemptions. This all boils down to the lack of knowledge merchants have, driven by a lack of richness in and accuracy of the data they receive. The current challenge for merchants is that they need to know what to track, what good data is supposed to look like and be able to compare PSP data to data they can track and monitor themselves.
Time for a change?
It’s never been more critical for merchants to tackle fraud head-on. As retailers scale operations, they should outsource fraud prevention capabilities to a dedicated partner that can look at fraud and digital commerce optimisation across the entire customer journey, not solely at the point of transaction. For example, a fraud partner can help optimise conversion rates by providing real-time payment decisions, streamlining account-level authentication to stop account takeover and reducing false declines to deliver a superior customer experience.
Using a fraud prevention platform alongside a PSP enables retailers to drive global growth through increased conversions and approvals, including analysing how they can maximise revenue from current and future customers. This proactive method is far more appealing than viewing fraud prevention and digital commerce optimisation as a tick-box exercise.