receives compensation from some of the companies listed on this page. Advertising Disclosure


Is Your CNP Fraud-Detection System Confused by Consumer Behavior Now? That Could Damage Your Business

Rafael Lourenco
Rafael Lourenco

The COVID-19 pandemic has transformed how consumers behave. These changes could be causing a spike in good orders mistaken for fraud, creating irreparable damage for businesses.

The COVID-19 pandemic has abruptly changed how people shop. With stay-at-home orders only now starting to lift in some areas, a lot of commerce has moved online, and what people buy has changed, too. These changes in consumer behavior are understandable to humans. To your e-commerce fraud-detection system, however, the way good consumers act now may no longer make sense. That could be causing a spike in good orders mistaken for fraud. 

False positives aren't a new problem in e-commerce, but an increase in rejected orders is the last thing merchants need right now. Each false decline represents a missed sale and the possibility of a lost customer at a time when the future of many retailers seems uncertain. Recalibrating fraud programs for the new normal is critical for generating revenue now and keeping customers over the long term. 

Why your fraud rules may be rejecting good orders now

Fraud-screening programs are built to compare customer information and behavior to known consumer data, shopping histories, biometrics and what's considered normal activity for legitimate consumers. The problem facing online sellers now is that nearly every customer behavior that raised a fraud flag in the prepandemic era is something good customers are doing now. 

Let's look at typical red-flag behaviors and how they align with today's shopping patterns. You may spot some areas where your fraud controls need adjustment. 

  • Buying items in bulk, especially large quantities of in-demand items, raises the possibility of a fraudster ordering items for resale. But as grocery stores and big-box chains sold out of essential items like hand sanitizer, bleach and gloves earlier this year, many consumers placed bulk orders for those items online.

  • Customers ordering items outside their usual purchase patterns may indicate that a criminal has taken over the account to buy items to resell. For example, fraud programs may flag an order from a customer who's never purchased fitness equipment before if they buy a pricey fitness bike. But that's what many people are doing as gyms remain closed.

  • Making multiple purchases from the same or different merchants on the same day can be a sign that someone's using a stolen credit card to go on a spree. But as shoppers try to find everything on their quarantine shopping lists, more of them are checking sites several times a day and buying items as soon as they find them.

  • Making high-ticket value purchases from new merchants is another fraud-shopping-spree flag. It's also normal behavior now. For example, as much of the U.S. went into stay-at-home mode earlier this year, grocery and big-box stores quickly sold out of toilet paper as well as cleaning supplies and masks. That pushed some consumers to order online in bulk from office supply stores, home health suppliers and commercial janitorial supply houses they'd never shopped with before.

  • Ordering from or shipping to new areas can indicate a purchase by someone using a stolen credit card. But with some people quarantining away from home, by choice or by happenstance, it can also indicate a good customer. Likewise, orders placed from an unfamiliar device could indicate fraud – or someone using a quarantine housemate's desktop or phone to order supplies. 

Clearly, a number of fraud indicators that worked well before the pandemic now overlap with new normal behaviors of good customers. Why do some fraud programs treat them the same? 

The core of the problem isn't flagged behaviors. It's what the fraud program does with the information. Systems that automatically reject flagged orders are naturally going to kick out more good orders when more good orders are getting flagged. That costs e-commerce merchants the value of the declined good orders. It also costs them customers. In fact, 19% of cardholders will never shop with a merchant after an order rejection, while 24% will shop less often with the merchant.

Editor's note: Looking for the right credit card processor for your business? Fill out the below questionnaire to have our vendor partners contact you about your needs.

Prevent fraud without rejecting good orders

There are two options for reducing false declines. The first is to review your fraud screening rules to see if they're too stringent for today's conditions. That can be tricky, however, because fraudsters haven't stopped committing fraud. Back off too much from flagging unusual shipping locations or order frequency and your store could end up with a higher than normal rate of chargebacks. 

Manual review of all flagged orders is a more effective solution, because it balances the need for fraud control with the need to accept good orders. With manual review, fraud analysts evaluate each flagged order to determine whether it's fraud or not. Only after examination is the decision made to reject or accept a flagged order. This approach reduces false declines, increases merchant revenue and avoids damaging merchants' relationships with good customers. 

Manual review can also help machine-learning algorithms adapt faster to abrupt changes in consumer behavior. As the review team approves or rejects each flagged order, they can feed that data into the algorithm so that the system can learn the nuances that distinguish legitimate orders from fraud now. That can result in fewer orders flagged by mistake, which reduces the number of manual reviews required. 

Making manual fraud review work for e-commerce

Why don't all merchants use manual review? It requires some resources that not all e-commerce sellers have to build a team in-house. However, by using the resources they have and outsourcing for some or all of the others, merchants can build a manual review program that meets their needs.

To start, an effective manual review program needs expertise. Manual review requires fraud analysts who know the nuances of fraud and keep up with new fraud tactics as they emerge. Expert analysts are also skilled at contacting customers to evaluate orders without making the process feel like an interrogation. Businesses with in-house expertise have a head start here. Others will need to outsource, at least until they can train internal analysts. 

Depending on where a merchant's customers are located, manual review may also require analysts who work during different time zones and speak a variety of languages. For example, a U.S.-based merchant with customers in the EU and Asia-Pacific will need analysts who can reach out to those customers during their business hours. A large merchant with a diverse workforce may be able to handle some or all of these reviews in-house. They might also need to outsource some or all of them to cover areas where they lack time zone coverage or language ability. 

Because the manual review process takes time, it also needs to be scalable. Otherwise, merchants face the possibility of order-approval bottlenecks during sales peaks. That can lead customers to cancel pending orders and shop elsewhere. Larger merchants may be able to tap in-house talent to handle sales peaks, but smaller merchants may not have the people to do so. An alternative is arranging for a third-party review service to take the overflow during busy periods like the winter holiday season or panic buying events.

Future-proofing e-commerce fraud detection

A combination of flexible rules, machine learning and human expertise can reduce false positives after any shifts in consumer behavior, and during periods when people's shopping patterns are relatively stable. Adding human intelligence to your fraud control program can future-proof your fraud control program by helping it make sense of customer behavior, no matter what's going on in the world.

Image Credit: Ivan-balvan / Getty Images
Rafael Lourenco
Rafael Lourenco Member
Rafael Lourenco is Executive Vice President at ClearSale, a Card-Not-Present fraud prevention operation that protects e-commerce merchants against chargebacks. The company’s flagship product, Total Guaranteed Protection, is an end-to-end outsourced fraud detection solution for online retailers. Follow on twitter at @ClearSaleUS or visit