Blog article
See all stories »

A data-centric approach to authorising customers’ online transactions

It’s clear to see that the increased need for online shopping is here to stay, and as we enter the busy Christmas season, things are only going to get busier for retailers. And as orders increase, so does the risk for fraudulent activity.

Whilst fraud does have a detrimental impact on the retailers bottom line, it is not actually the fraud itself that is the most damaging. Instead, it’s the valid customer orders that are incorrectly deemed as fraudulent, and therefore declined, either by the merchant or by the bank.

Research suggests around 30% of declined orders are false declines.

But it’s easy to see why this happens - for merchants they are constantly battling between either allowing orders to be processed, despite appearing as potential fraud, or declining those suspicious orders which in turn damages the relationship they have with their customer - nobody wants to be accused of being a fraud!

And if that’s not enough to contend with, retailers are also faced with additional challenges such as SCA regulation changes and supply chain issues - combined with increased demand, this makes for a potentially turbulent time. And given the last 18 months, retailers are in no position to be losing customers.

But there is a solution; a new approach to risk management, where retail fraud teams focus on optimising business.This means maximising the number of orders approved and facilitating the newer, and growing, ecommerce channels, such as click-and-collect. But in order to do this, they must have a secure and robust fraud management process in place to make it effective and profitable.

How does authorisation currently work?

Online payments have become so lightning-quick and seamless (for the most part) that it can be surprising to learn how many hoops a transaction has to jump through in order to be authorised and settled. As soon as a customer clicks “buy,”  a whole series of digital cogs begin to turn, each of which can put the brakes on a transaction. It begins with the payment gateway:

Payment gateway: Payment gateways are the card machines of the internet: when a customer clicks “buy” in your online store, they are taken to a payment gateway to enter their payment details. The payment gateway moves the cardholder and transaction information among the different players. And it lets the customer know whether the purchase has been authorised. 

Acquirer: A bank that works for the merchant, processing credit card transactions by routing them through the networks run by card companies such as Mastercard or Visa to the cardholder’s bank, or issuer. Acquirers sometimes look to third parties to help with processing payments. 

Credit card network: The acquiring bank and issuing bank communicate with one another via a credit card network. Visa and Mastercard are examples of credit card networks.

During a transaction, the credit card network will relay authorisation and settlement messages between the acquiring and issuing banks, charging a small fee to each. Some credit card networks are also issuing banks (e.g. American Express) but most are not.

Issuer: The issuing bank is the financial institution which provides the customer’s bank account or credit card. An issuing processor sits in front of the issuing bank and handles authorisation requests from the credit card network on its behalf. It then authorises and settles the transaction.

What happens when an order is falsely declined, and why does it happen?

Banks and payment companies decline payments for a host of reasons, some of them quite reasonable. Most often a payment is turned down because a card’s credit limit isn’t sufficient to make the purchase. Transactions are also scotched if card information is entered incorrectly — say the CVV code offered is wrong — or if the card or information provided is outdated.

Payments are also declined to protect both the consumer and the merchant. If a bank believes a lost or stolen card is being used it will decline the transaction. Technical hiccups, such as an outage at the issuing banks can also cause a decline. 

While protecting customers and merchants is all well and good, problems arise when banks mistake a good order for a fraudulent one. These payment rejections are referred to as false declines. 

The good news is the majority of declines are not due to nefarious activity and are therefore recoverable. But maximising your authorisation rate - i.e. the percentage of customer payments you take which are approved and settled - can still be a real balancing act.

How can retailers improve authorisation rates?

  1. Provide more data. Large issuers such as Capital One and Amex have reported that submitting additional data from the merchant-side led to a 1% to 3% increase in authorisation rates and significantly reduced false declines. Providing more merchant-side data to issuer banks and payments companies gives them more evidence a transaction is legitimate.

  2. Use quality fraud tools. Effectively managing online fraud carries benefits beyond the obvious. Yes, merchants lose less revenue through bad orders and are able to confidently ship more good orders. And they also build a reputation with the financial institutions. Retailers that turn to highly effective machine learning and artificial intelligence driven solutions send cleaner traffic to the banks reinforcing the idea that their orders are highly likely to be legitimate. Conversely, retailers that send a relatively high percentage of fraudulent transactions to banks, will find those banks broadening the set of transactions they decline. It becomes something of a death spiral for revenue.

  3. Authenticate payments when required. Besides deploying innovative fraud solutions, European merchants need to be deliberate in the ways they authenticate customers in the era of PSD2 and strong customer authentication (SCA). The key to success rests in intelligently managing exemptions and exclusions when deciding the most efficient route meeting new payment regulations. Wisely relying on exemptions will allow a significant percentage of transactions to be exempted from SCA and will ensure that each individual customer is receiving the best customer experience available. Properly deploying exemptions and exclusion — which apply, for instance, based on the order value, the origin of the transaction, and a merchant’s fraud history — is a complicated prospect, but an ecosystem of providers has grown up to help with the challenge. Adding intelligent exemption tools goes hand-in-hand with relying on robust fraud protection solutions. Establishing a record of sending clean transactions to the banks will encourage them to become less conservative in authorising orders. High authorisation rates begetting high authorisation rates becomes a virtuous cycle. 

  4. Accept digital wallets. Be discerning when selecting a payment service provider. For instance, be sure you’re able to accept Apple Pay, Google Pay and other digital wallets, as they require two-factor authentication and are more likely to pass fraud filters.

  5. Enable card account updater. Many payment processors can automatically update your customer’s card details if they expire or are renewed. Check with your processor to make sure they offer an account updater, and that it’s enabled. 

  6. Payment Routing. Payment routing solutions analyse your particular payment ecosystem and use historical data to determine the transaction route which is most likely to result in a successful authorisation. This can be especially useful if your customers are from all over the world, and not based in just one country.

Being deliberate and thoughtful when it comes to building your authorisation optimisation strategy can make a real difference in the conversions you see every day. As importantly, taking the steps to increase authorisation provides your customers with a better shopping experience and a bigger incentive to visit your ecommerce store again and again. 

 

 

2100

Comments: (0)

Now hiring