Loading...
Search results:


November 18, 2016

If you are trying to detect credit card fraud, do you care more about Type I or Type II error?

If you are trying to detect credit card fraud, do you care more about Type I or Type II error?

TL; DR: When selling prevails over security, the focus is on suspecting fewer payments of being fraudulent (type I, false positives), and when security prevails over selling, the focus is on having fewer frauds undetected (type II, false negatives) [1].

The longer answer is outlined as follows. First, we focus on the different payment-processing players impacted by credit card fraud. Then, we review the players that focus on reducing the number of type II errors, and finally, we list the cases where players have limited incentives to reduce type II errors and tend to focus on type I errors.

Who does credit card fraud impact? When processing payments online, e-merchants, issuing banks, acquiring banks, payment gateways, card schemes and, eventually, settling banks are impacted by credit card fraud. Depending on each type of payment, the interests may differ. In particular, if the payment is 3DSecure-enabled [2], the burden of the fraud shifts from the acquiring side to the issuing side. Moreover, we distinguish two subtypes of e-merchant those with low-margin businesses and those with high-margin businesses. Finally, there are also platforms or marketplaces like Amazon and Etsy.

Security = Fewer Type II Errors. Those who need security and strive to reduce the number of undetected frauds (type II, false negatives) are commonly:

  1. e-merchants whose small margins expose them to a very high financial risk when there is a chargeback for fraud,
  2. marketplaces that aim to be stricter when processing payments so that sellers trust the platform and continue to do business there [3],
  3. issuing banks, which are liable when 3DSecure-enabled payments are fraudulent,
  4. acquirers and payment service providers, which, if the merchant cannot refund the principal, are liable for 3DSecure-disabled payments.

Selling Speed = Fewer Type I Errors. Those who are more interested in reducing the number of payments thought to be fraudulent when they are not (type I, false positives) are usually:

  1. e-merchants with a high margin, which tend to prefer to absorb a few fraud cases, rather than impacting most of their customers,
  2. issuing banks, which have limited incentives when 3DSecure is disabled, and
  3. payment service providers and acquirers whose incentives to prevent payment fraud are limited when 3DSecure is enabled because issuing banks are liable.

I hope this information helps. As usual, feel free to reach out with questions or comments.

Fabrice | Book

References.

[1] Wikipedia, Type I and type II errors [2016–09–25]

[2] Wikipedia, 3-D Secure [2016–09–25]

[3] Wepay, Chapter 4: Types of Fraud and Loss [2016–09–25]