By design, most credit card fraud occurs at the merchant level. Merchants are often the conduit between consumers and banks, and as such, are a prize target for cybercriminals of every stripe.
Thankfully, fraud filters are highly effective at identifying and rejecting fraudulent transactions. But, are they enough?
This article will discuss common fraud filters and how they work, as well as describe the many benefits and drawbacks they represent for your merchant clients.
What are Fraud Filters?
A fraud filter is any technology designed to analyze transaction data and flag commonly-recognized signs of fraud.
These fraud tools are used to warn merchants about potentially fraudulent transactions. The aim is to let users stop and reject untrustworthy transactions, thereby preventing fraud and avoiding the resulting chargeback.
Fraud filters help weed out fraudulent transactions before or during checkout. They do this by setting stringent verification criteria for each transaction and identifying transactions that don’t meet those criteria. In effect, a fraud filter can be any technology designed to analyze transaction data and flag commonly-recognized signs of fraud.
Common Fraud Filter Parameters
There is no such thing as a “foolproof” risk management tool. However, merchants can drastically reduce their exposure by implementing multiple complementary fraud solutions:
Address Verification Services (AVS) and Card Verification Values (CVV) are the most widely used fraud filters. Both verify consumer card details and personal criteria by matching the current input information with historical data.
If a match is not attained, the transaction will be automatically declined.
3-D Secure is a technology that works like an online PIN code in order to authenticate consumers as authorized cardholders. This extra layer of verification helps protect both cardholders and merchants from fraudulent transactions.
The latest edition of 3DS version 2.0 offers several advantages over its predecessor. The most obvious of these is more seamless integration with mobile devices.
Geolocation technology accesses a user’s location with GPS or IP data installed on their device. It can be used for fraud detection by helping to verify customers’ locations as compared to shipping/billing information.
Velocity checks (sometimes called velocity limits) flag potential fraud based on the rate at which a buyer submits multiple transactions.
Cybercriminals often test stolen cards to see how many transactions they can illegally process. Velocity checks set a limit for the number of transactions run through the same card in a specified period of time. The technology will alert the merchant that the card is behaving outside of expected parameters.
Blacklists allow merchants to block orders from specific cardholders associated with past attacks. Merchants can also block users based on suspicious behaviors or characteristics associated with higher risk, like region or country or origin.
Fraud scoring quantifies data from multiple fraud filters. As a sophisticated machine learning technology, it examines each transaction based upon dozens of indicators to determine the level of risk per transaction.
The system then assigns a simple numeric score representing that transaction’s risk level. This allows for very easy “up or down” decisioning.
How Effective are Fraud Filters?
Unfortunately, there is no “magic” fraud filter that can eliminate 100% of fraud. Still, tools like fraud scoring and velocity checking, when used effectively, can drastically reduce merchant fraud risk by preventing many incidents before they occur.
U.S. eCommerce merchants, for example, have reported a 34.4% increase in the cost of fraud and a 140% increase in fraud attacks since 2020. That statistic aside, merchants who invest in multi-layered cybersecurity solutions experience a 71% reduction in successful fraud attacks. They also experience a lower overall fraud impact, at just 12%.
Clearly, fraud filters can make a difference.
The fraud tools mentioned above, when used correctly, are highly effective at reducing merchant risk and exposure to fraud. However, this should not imply that they are effective all the time or that they won’t work too well in some cases.
The Downsides of Fraud Filters
Reliance on poorly calibrated fraud filters can produce false positives. This means merchants might inadvertently reject orders they shouldn’t.
Consumers don’t like being accused of wrongdoing, especially when they’ve done nothing wrong. Therefore, falsely flagging legitimate transactions can lead to a loss of customer confidence and loyalty, which is an undesirable outcome at best.
10% of eCommerce transactions get declined, on average. 33% of those false declines discourage customers from retrying the purchase after the transaction has been rejected once.
At the same time, miscalibrated fraud filters can mean letting genuine fraud attacks slip by unnoticed. This defeats the purpose of fraud filters altogether.
The Bottom Line
Unfortunately, there is no universal system or methodology that can forever reduce the impact of fraud. No matter how technologically advanced or sensitive to risk a tool might be at detecting risk, fraud will persist nonetheless.
Cybercriminals work tirelessly to adapt and develop new strategies to get around anything we might throw in their path.
To get the maximum benefits from fraud filters, merchants should be advised to use them in tandem. Bad actors may thwart AVS and CVV, but will likely falter if 3DS 2.0 is also thrown into the equation.
A final note, fraud filters are only effective against acts of criminal fraud. There are many forms of fraud that they have little to no effect against, such as affiliate fraud, business email compromise scams, or friendly fraud.
You can’t solely rely on friendly fraud to keep your business safe. Instead, you should employ fraud filters as one piece of a greater fraud prevention strategy.
Fraud Filters Require the Right Strategy
Like we said, fraud filters are essential tools that work best in tandem with one another. They need to be integrated into a broader fraud and chargeback prevention strategy. Here are a few tips to get you started:
#1 | Optimize Fraud Tools
The more fraud filters you use, the better protected your business is against criminal fraud. However, be aware that overdoing it can backfire too. The best advice we have here is to take inventory of your business, analyze your data closely, and identify your needs in comparison with your weaknesses.
#2 | Best Practices Win
No one is perfect. Every business is run by humans and is, therefore, prone to error. This is true no matter how slick your fraud management systems might be.
Your best bet to prevent disputes and swiftly identify fraud is to examine your business policies and practices to single out trigger points that could be leading to fraud and chargebacks.
#3 | Perform “Red Flag” Reviews
Software must be updated for a reason. If merchants neglect updates, they risk data breaches, damaging software glitches, and other easily-addressed complications that could be prevented.
#4 | Fight Back Against Chargeback Abuse
Fraud filters are meant to identify situations where a card is being used suspiciously. These technologies have no way to know if a given transaction will turn out to be friendly fraud later. On top of that, the fraudster is the actual cardholder, who may be a long-time, trusted customer.
Friendly fraud now accounts for nearly 60% of all chargebacks. Knowing what chargeback abuse looks like and how to respond can be tricky. However, ignoring the problem only allows it to get worse for everyone.
#5 | Know When You Need Help
A good strategy must use fraud filters to prevent criminal fraud and aim to limit intentional and unintentional post-transactional fraud. It also needs to tackle criminal and affiliate fraud and should include plans to relentlessly fight back against bad chargebacks and recover revenue.
Merchants who are not capable of doing this on their own will require help. Acquirers and processors can benefit by offering third-party chargeback assistance as a value-add to their service.