Ai Editorial: False declines can be dealt with liability shift and fraud detection

First Published on August 16, 2016

Ai Editorial: Airlines need to dig deeper, be it for taking advantage of the liability shift rule for full 3D Secure optimization or being savvy with fraud detection on their platforms, writes Ai’s Ritesh Gupta


How is the travel industry dealing with the issue of transactions wrongly declined due to suspected fraud?

It is a serious issue as an indifferent customer experience can result in customers cutting down on their card usage or even abandoning it altogether. Yes, merchants are more liable for card-not- present (CNP) transactions today but they also need to be wary of the repercussions of a purchase decline that isn’t a fraudulent one.

Of course, the first major impact is the value of the order. Now all the money spent on getting a customer close to completing a transaction is also wasted. So be it for a print ad or remarketing campaign, the cost of acquisition is negatively affected. Then one should also consider the probable lifetime value that is lost when a genuine traveller’s order is erroneously declined.

Working in tandem

In this context, all stakeholders need to work on apt card authorisation strategies.

So when we talk of stakeholders working in tandem, there is a need to constrict your acceptance gap. It is pointed out that there tends to be a gap in acceptance as banks today are more wary of remote/ card not present transactions. Plus, there have been data violations/ incidents of fraud and also merchants have the tendency to deny transactions from particular geographical areas.  So by cutting down on this gap, one can benefit by authenticating those transactions, which have a higher likelihood of being authorized.

Making the most of what we have

So if we talk of what can be done, there is a need to make the most of what is available.

For instance, a travel company I spoke to referred to 3D Secure, and how this offering is different from other payment fraud prevention solutions.

3D Secure’s code is rooted in the authorization message from beginning to end when we consider settlement. This spans multiple parties and servers. One can reap benefits by focusing on troubleshooting and monitoring of the service, and linking various 3rd parties involved.  The data elements obtained from the authentication are shared with the issuer. The same enables issuers to amend their authorization risk settings and tie the authorization to the authentication.

Issuers who have deployed a risk based authentication mechanism will contest or assess transactions that seem doubtful. This way they can flush out fraudsters and cut down on false-positive declines. So before authorization they can spot danger. Based on the risk level they are then able to challenge the consumer with knowledge based questions or one-time pin numbers sent via SMS.

Here it needs to be mentioned that as per the real experience of those of who have benefited from 3D Secure,  it is being indicated that the end to end interoperability of 3D Secure eradicates the speculation once associated with CNP commerce.

As we learnt from Amtrak, the key to full 3D Secure optimization and effectiveness is to take advantage of the liability shift rule and to front load 3D Secure into your risk model. The company was able to lean on this new found component of the 3D Secure protocols to not only cut fraud but also increase sales. “Issuers have lower decline rates because they have better data across the lifecycle of the card. By giving the issuer the ability to silently interject themselves into the checkout make a risk determinant will allow you to expand your risk systems beyond your walls,” shared a source.

As for being realistic, one needs to ensure that the right tools are in place, too. You can't just go to market with a vanilla 3D Secure MPI provider and expect it to work.

Being savvy with algorithms

The fraud problem is boosting the false positive issue. Merchants, acquirers and issuers decline far more good transactions than bad.

“No industry is affected more by false-positives than the travel industry,” highlighted one executive.

Its true indeed as high ticket items along with the high potential for fraud results in the highest false-positives averages online.  So every travel company needs to identify how to implement static rules, ones related to behavior of a user, and also device fingerprinting.

Multi-factor authentication is also being counted upon to bring down false positives. For instance, this way one can step up approvals for new account openings, as they say, across thin-file leads with limited credit histories. Some of the options include commonly used one-time passwords (logging on to a network or service using a unique password which can only be used once or 1-time passcode based on the token’s secret to ensure authentication); certificate-based authentication (blends a public and private encryption key unique to each device; context-based authentication (optimizes a layered approach to access security by assessing user login attributes and matching them against pre-defined security policies).

Talking of Chip and PIN versions of EMV cards, one needs to be careful as it has both positive and negative sides to it. Airlines need to build trust and strengthen security. Today there are ID checking services available that use online and social media identity data, ID documents and facial biometric checks to prove that a person is who they say they are.

Lastly, whatever move is made it needs to be checked minutely. For instance, it is being stressed that one shouldn’t use biometrics in client-server architectures (not suitable for use as a factor in two-factor authentication). This is because credentials are sent over the wire (both LAN/WAN and the Internet). Since such authentication can’t be taken off,  it needs to be assessed in which situations it can be potentially compromised.

Follow Ai on Twitter - @Ai_Connects_Us