How to Reduce False Positives in Fraud Management and Improve Customer Experience
Using effective machine learning strategies, product teams can manage fraud and risk across the entire customer lifecycle without introducing friction for good customers.
Today’s consumer-facing digital businesses face a daunting challenge — how to enhance customer experience while mitigating the effects of modern fraud. At the center of this challenge sits the specter of false positives, which represent negative impacts on good customers. Can false positives be eliminated, and if so, how?
A false positive is the antithesis of a positive customer experience, because false positives introduce unwanted and underserved friction for good users — many of whom will abandon a given online experience before completing any or all of their intended actions. The problem is a costly one. Per a recent report, Aite Group estimates that false declines will grow to $443 billion by 2021.
Of particular concern is the fact that younger consumers have the most negative attitudes about false declines, stating that, “of the millennial cohort, 59% say that they would be very or somewhat likely to leave their financial institution due to a credit card false decline.” These numbers make it clear the problem is on track to worsen if prevailing approaches to the problem doesn’t change.
Why do false positives happen?
False positives are essentially the collateral damage that results when an existing fraud prevention solution fails to accurately differentiate between legitimate and fraudulent actions and accounts. In other words, the system thinks something is fraudulent when, in fact, it is not.
Organizations have historically relied on a range of different approaches to try and accurately make these differentiations.
Reputation Lists
Reputation lists are lists of things such as email addresses, IP addresses, and device IDs that have been identified as either “safe” (white) or “unsafe” (black). If a particular IP address, for example, is flagged as being associated with fraudulent or malicious activity, it will be “blacklisted.” Unfortunately, reputation lists and reputation services no longer represent a viable defense against fast-evolving fraud. Lists become outdated too quickly and require constant refreshing. It’s also far too common for lists to be, at best, imprecise, and at worst, corrupted or expired. Modern fraudsters have also developed a wide array of techniques to successfully circumnavigate these lists. Ultimately, reputation lists too often lead to a surplus of false positives.
Rules Engines
A rules engine is essentially backend software that can take predetermined actions based on specific criteria. For example, if a business knows or believes that mismatches between billing country and IP country likely indicate malicious accounts or actions, a rule can be written to flag those instances, and that rule can be assigned a “weight” that represents the significance accorded that particular instance. As standalone fraud defenses, rules engines have limitations. For one thing, they’re inherently reactive — they depend on previous experience. Additionally, experienced analysts are needed to effectively write useful rules, and the process can be slow and time-consuming. Rules are also hard to manage, particularly at large scale, and analysts or systems are required to regularly monitor, purge, and replace old rules. If this rules maintenance process does not happen, false positive rates go up accordingly as old rules expire, become less efficient, and lose relevance.
Supervised Machine Learning
Supervised machine learning (SML) gets its name from the fact that the process of “learning” from a training dataset is a “supervised” process. Supervised learning requires that an algorithm’s possible outputs are already known and that all of the data used to train the algorithm is already labeled with correct answers. Supervised machine learning is used to discover patterns and insights from a set of data to make predictions about future outcomes. As a tool for fraud detection, SML is a powerful one. However, there are also significant limitations. For one thing, SML requires labels, and the process of getting labels can often be a matter of months. Also, as with rules engines, SML depends on legacy knowledge — algorithms require known examples to learn to perform their tasks. Perhaps the biggest challenge with SML is its inability to detect new and unknown fraud attacks. Given the rapidity with which fraudsters can adapt their techniques, it is virtually impossible for SML-based solutions to keep pace.
Why do false positives matter?
When a business fails to get the balance between customer experience and risk management right, customer friction, reputational damage, and financial loss are the inevitable results.
Customer Friction
When a false positive happens in the context of a financial transaction, a good customer pays the price. Anyone who owns a credit card is familiar with the experience of attempting to make a purchase, only to have it declined for seemingly no reason. The impact of a card decline can run the gamut from inconvenient, to embarrassing, to catastrophic. The same is true in the case of loan approvals and account applications. Unnecessary delays and unfounded rejections introduce serious friction.
Reputational Damage
According to research from American Express, “more than half of Americans have scrapped a planned purchase or transaction because of bad service, and 33 percent say they’ll consider switching companies after just a single instance of poor service.” As noted by Merchant Fraud Journal, “Legitimate customers view declines as a personal insult, and will often retaliate by actively speaking badly about a brand. This kind of negative word-of-mouth is devastating for merchants seeking a foothold with their target audience.”
Financial Losses
Good customers aren’t the only entities to suffer in a false positive scenario — vendors pay a price because they don’t get their sales. Credit card companies pay a price because they don’t get their fees. There are also operational costs at play. When a false positive alert is signaled, a review process gets triggered, and manual review is required, with operational costs going up accordingly. In certain instances, a good user may call in to address the matter, so there can be call center costs associated as well.
None of the above are acceptable or sustainable consequences, and businesses must be able to address fraud threats without incurring these kinds of problems.
How can false positives be eliminated?
As DataVisor CEO and Co-Founder Yinglian Xie recently noted in a special report from The Times focused on “The Future of Fintech,” the true goal of any fraud management strategy isn’t actually detection, but prevention. So the question we must ask is, how can businesses manage risk without introducing friction for good customers?
There are actually several questions organizations must ask in order to determine the right fraud prevention approach:
- Are we tracking the entire customer lifecycle to ensure holistic understanding and enable comprehensive protection?
- Are we looking at every possible attack vector?
- Are we identifying and dealing with new and emerging threats?
- Are we breaking down silos to centralize intelligence?
- Are we accurately distinguishing between legitimate and fraudulent actions and accounts in real time and at scale?
If the answer to any or all of the above is a “no,” then an advanced, machine learning-powered fraud solution can offer a viable way forward for organizations to simultaneously manage risk and enhance customer experience.
Holistic data analysis and the use of advanced clustering and graphing techniques make it possible to surface and expose the correlated patterns and connections across users and accounts that signal coordinated fraud activity. Maintaining complete and comprehensive protection across the entire customer lifecycle enables organizations to accurately and consistently differentiate between legitimate and fraudulent accounts and actions. Unsupervised machine learning makes it possible to analyze vast amounts of data in real time without time-consuming reliance on labels and rules. Embracing and enabling centralized intelligence and deploying automated feature engineering informed by superior domain expertise gives organizations the ability to meet complexity with complexity, scale with scale, and speed with speed.
A Practical Guide to Eliminating False Positives in Fraud Management
DataVisor has just published a new e-book that walks readers through the most common approaches to fraud detection, and discusses the challenges these approaches are meant to solve — and how they do or don’t measure up against their objectives. Following this analysis, the e-book introduces readers to cutting-edge new solutions that draw on the power of AI and machine learning to eliminate false positives while simultaneously increasing detection accuracy. If your organization needs new strategies for reducing false positives with advanced, machine learning-powered approaches then download A Practical Guide to Eliminating False Positives in Fraud Management today!
~
