Loading...
Search results:


September 26, 2016

Who does credit card fraud impact? Should e-commerce services optimise for selling or for security?

Who does credit card fraud impact? Should e-commerce services optimise for selling or for security?

When selling prevails over security, the focus is on suspecting fewer payments of being fraudulent (type I, false positives), and when security prevails over selling, the focus is on having fewer frauds undetected (type II, false negatives) [1].

The longer answer is outlined as follows. First, we focus on the different payment-processing players impacted by credit card fraud. Then, we review the players that focus on reducing the number of type II errors, and finally, we list the cases where players have limited incentives to reduce type II errors and tend to focus on type I errors.

Who does credit card fraud impact?

When processing payments online, e-merchants, issuing banks, acquiring banks, payment gateways, card schemes and, eventually, settling banks are impacted by credit card fraud. Depending on each type of payment, the interests may differ. In particular, if the payment is 3DSecure-enabled [2], the burden of the fraud shifts from the acquiring side to the issuing side. Moreover, we distinguish two subtypes of e-merchant those with low-margin businesses and those with high-margin businesses. Finally, there are also platforms or marketplaces like Amazon and Etsy.

contingency-table

Security = Fewer Type II Errors

Those who need security and strive to reduce the number of undetected frauds (type II, false negatives) are commonly:

  1. e-merchants whose small margins expose them to a very high financial risk when there is a chargeback for fraud,
  2. marketplaces that aim to be stricter when processing payments so that sellers trust the platform and continue to do business there [3],
  3. issuing banks, which are liable when 3DSecure-enabled payments are fraudulent,
  4. acquirers and payment service providers, which, if the merchant cannot refund the principal, are liable for 3DSecure-disabled payments.

Selling Speed = Fewer Type I Errors

Those who are more interested in reducing the number of payments thought to be fraudulent when they are not (type I, false positives) are usually:Fraud prevention at Etsy

  1. e-merchants with a high margin, which tend to prefer to absorb a few fraud cases, rather than impacting most of their customers,
  2. issuing banks, which have limited incentives when 3DSecure is disabled, and
  3. payment service providers and acquirers whose incentives to prevent payment fraud are limited when 3DSecure is enabled because issuing banks are liable.

References

[..] If you are trying to detect credit card fraud, do you care more about Type I or Type II error? Quora.
[1] Wikipedia, Type I and type II errors [2016–09–25]
[2] Wikipedia, 3-D Secure [2016–09–25]
[3] Wepay, Chapter 4: Types of Fraud and Loss [2016–09–25]

Credits: Image by TheUjulala from Pixabay