The $1.2 billion that retailers leave on the table

January 13, 2016 Payments
Jeremy Milk
By Jeremy Milk, Head of Marketing
Jeremy Milk
By Jeremy Milk, Head of Marketing

Recently, the payments firm Cybersource released its 15th annual fraud benchmarking study. This is always worth a look if you’re at all interested in the state of online fraud, because Cybersource does an excellent job of pulling data from the full gamut of online businesses.

It’s based on an in-depth survey of more than 347 North American merchants, from multi-billion dollar e-retailers to the online equivalent of the corner shop. The retailers Cybersource surveys account for roughly $1 out of every $9 dollars that is spent online, making it a pretty good picture of the current state of the market.

This year’s survey is mostly good news. Fraud loss rates have held steady at about 0.9%, despite increased attack volumes, and the number of transactions declined for fraud has actually gone down — it’s now at about 2.3 percent.

This means retailers are getting better at catching more bad transactions with fewer fraud reviews, and that’s good news for anybody that shops online.

Yet there’s another metric we want to talk about that remains stubbornly high — the false positive rate.

False positives: a hidden scourge

False positives are any transaction that’s flagged as fraud when it shouldn’t be, due to overzealous fraud monitoring or faulty data. They represent good business that’s being turned away, to put it another way. And they’re a huge problem that doesn’t seem to be getting better.

Risk vs. Reward
High rates of fraud detection offer a poor balance of risk and reward if false positives are also high

According to the Cybersource survey, retailers reckon that 10 percent of the transactions they turn away for fraud are actually initiated by real buyers.

Let’s do some quick-and-dirty math to put this in perspective.

According to the research firm eMarketer, North American e-commerce sales hit $375.89 billion in 2015. In the 3rd quarter average transaction size was between $85.22 and $120.41, according to Statista. So that means there were somewhere between 3.12 billion and 4.41 transactions that same year.

So assume 2.3 percent of that is turned away due to fraud.

It works out to between 71.8 million and 101.43 million transactions, which if we multiply by the average transaction size again, gives us a final estimate for the amount of business that’s being lost to false positives — $611.88 million to $1.2 billion.

That’s a ton of money to be leaving on the table because your fraud-fighting measures aren’t sophisticated enough.

But the actual picture is worse. This doesn’t even take into account the future business that’s lost, since you’re less likely to see repeat trade from people that get flagged as fraud.

For one thing, the identities of known fraudsters are often blacklisted to prevent future fraud, so a customer flagged in a false positive might be locked out of making purchases unless they complain loud enough to get the decline overturned. That presents its own problem — how likely would you be to keep doing business with a store that falsely accused you of being a shoplifter?

False positives are even worse for platforms

False positives are one of the things we’re acutely aware of here at WePay, because they’re uniquely problematic for the platform companies we serve.

The customer service hit of a false positive is doubly bad for a platform. Every improperly flagged transaction results in not one, but two angry users — the payer that got declined and the business that was trying to use the platform to collect the money.

This is why we believe that it’s critical that platforms work with a processor like WePay that allows them to pass in what user data they have, so that it can be considered when making risk decisions. This allows a processor to make these decisions with the same level of customer intimacy as the platform itself. And this kind of data is often extremely useful for getting it right — the Cybersource survey ranks company-specific data and fraud models as the second most effective tool in fighting fraud next to device ID, for example.

If you’re interested in hearing more about how our risk and fraud tools work, this blog about how we build our machine learning models to account for false positives and other difficulties around credit fraud is a good place to start. And if you want to talk about how they can benefit your platform, feel free to reach out to us at to start the discussion.

About the author

Jeremy Milk

Jeremy Milk, Head of Marketing

Jeremy is WePay's head of marketing. Earlier, he held marketing and product leadership roles for Intuit QuickBooks, where he got hooked on fintech, and The Clorox Company. He's also a die-hard UNC basketball fan.

More blog posts by Jeremy Milk