By Daniel Holmes, Fraud Prevention SME at Feedzai
False positives are an inconvenience for both banks and their customers, as too many could mean incurring significant costs over longer periods of time. While it is impossible to eradicate false positives completely, banks must work to better understand them to address the growing issue.
What is a false positive?
A false positive alert appears when a customer’s legitimate action is flagged as suspicious. This can occur when a credit card holder accidentally triggers the card issuer’s fraud detection system; for instance, if they spontaneously go abroad or make rogue purchases. Indeed, this issue is much larger than many believe; it is one of the most widespread problems among modern financial services. Unfortunately, it is widely accepted that these are simply a natural consequence of running a fraud strategy, particularly as most banks have a false positives rate exceeding 90%.
In order to keep the occurrence of false positives as low as possible, banks must holistically be able to understand their customers, as opposed to relying on single data points to make decisions and automatically blocking accounts.
What are the three biggest costs of false positives?
The appearance of false positives affects three separate entities, banks, the bank’s customers and the bank’s technological infrastructure.
Customers: Unsurprisingly, customers expect speed and efficiency when purchasing items online. This need for speed relies on the check-out process running smoothly. A false positive alert not only delays this process, but creates a new headache for customers who are unable to complete their purchase and must now contact their bank to resolve the issue. The experience remains in the customers’ heads as lost time and may even incur late fees if certain charges aren’t completed on time. In the worst case scenario, this could impact their credit rating, leading to even more agitation and potential loss of loyalty.
Bank: In order to implement a fraud strategy, banks must hire a fraud analyst. A part of a fraud analyst’s job is to analyse false positives, which costs money; banks should know how much of their budget is being used specifically for this. In addition, there are several other questions they must answer for an effective strategy including: How much does the fraud analyst earn per year? What kind of pension are they expecting? How much of their time is used on reviewing false positives? How much have they invested in certain technology to support their work? The answers to these questions are all vital for a bank to truly understand the cost of false positives.
Technical infrastructure: These type of costs arise as a result of the electronic communications that banks must issue their customers when a transaction is flagged as potentially fraudulent; for instance, SMS messages or one-time passcodes. Each SMS message sent to a customer will cost the bank a small amount of money. It may not surmount to much individually, however they can add up when considering the amount of false positives that appear on a daily basis.
Ultimately, the true cost of false positives is an accumulation of the costs incurred by all three entities, taking an immense toll on any financial institution.
How can banks reduce the occurrence of false positives?
In order to reduce their false positives and maintain an efficient level of fraud detection, there are several things that banks can do:
- Focusing on top KPIs: Banks should re-assess their key performance indicators to fine-tune their strategies. If reducing false positives is a key priority, they may see fraud detection decrease, and vice versa. No fraud prevention strategy will ever be able to fully eliminate false positives; however, by considering their risk appetite, they can determine which KPIs to focus more of their time and budget on.
- Knowing the user: Often, false positives occur when a user does something that doesn’t align with their typical online banking or payment behaviour. As such, understanding the customer and how they can transact is critical to reducing false positives. By using behavioural biometrics, banks can understand their customers on a deeper level, by analysing how they handle their devices, touch their screen and how they have set up their devices and accounts. This type of hypergranular 360-degree view of their customers, enables banks to identify any abnormalities early on, and adapt.
- Employing secure authentication: Despite being unable to eradicate false positives completely, it’s important to be able to identify a customer’s identity as quickly as possible. As such, seamless authentication is vital, which is used to confirm the identity of the customer in real-time and make sure they can continue to conduct their business online. This type of system must be secured from any security risks (such as SIM swapping) and should be representative of these; the higher the value of the transaction, the more robust the authentication should be.
By managing and reducing false positives, banks will not only minimise costs, but also improve customer satisfaction and loyalty. Consequently, it is in the bank’s best interest to focus on reducing the frequency of false positives, which in turn reduces the impact on their customers’ lives. Ultimately, the fewer issues customers face, the more likely they are to remain loyal.