Blocked!: A True Story of False Positives
27 Jul 2017
We often talk about false positives in terms of cost, but what exactly is that cost? This story showcases the hidden price you pay by blocking good users.
Like most people, I’m constantly engaging with the online world. I buy products and leave restaurant reviews on my computer at home, but I also browse sites, make purchases, and book hotels on the go. Stepping outside my apartment doesn’t stop me from using my mobile device or laptop to access sites and apps. (In some sense, it makes me more likely to do it; you have to pass the time standing in line at the grocery store somehow, right?)
I’m a frequent user of Darth Vader Booking (names have been changed to protect the innocent), a service that allows you to quickly and easily book a hotel room. Many travel companies, including Darth Vader Booking, have rigorous anti-fraud measures in place to guard against scammers. While on a train from Berlin, I accessed Darth Vader Booking on my mobile device to book a hotel room in Prague – and those rigorous anti-fraud measures trained their crosshairs on an unsuspecting user: me.
Why Block Good Users?
According to the Sift Science Fraud Trends 2016 Report, 76% of businesses are concerned about turning away good customers. But retaining a loyal customer base while effectively fighting fraud involves a delicate balance: customers are fussy about user experience, but also unforgiving of businesses that suffer fraud. So, online shoppers will quickly abandon their cart because of a complicated checkout page that requires them to repeatedly verify their identity – but they’ll also shun businesses that have experienced damaging hacks.
What’s the solution? Many companies prefer to keep their false positive rate high rather than accept risky orders. This is especially true for smaller businesses, or businesses operating in a vertical that’s prone to fraud. Rather than risk hitting their bottom line by accepting risky orders, these companies will err on the side of rejecting good customers.
The problem, of course, is that by blocking honest customers, many businesses are still harming their bottom line. When a blocked customer is turned away from, say, an online shoe store, they don’t stop buying shoes. They just turn to the offending store’s competitor.
The Hidden Cost of Blocking Good Users
With all that in mind, let’s return to the sad tale of Darth Vader Booking. When I tried to book a hotel on the train to Prague, I was navigated to a screen that informed me that my account was locked. To unlock my account, I’d need to call the company and verify my identity. I knew immediately what had happened: I’d only ever accessed Darth Vader Booking’s mobile site from somewhere in or around San Francisco, and my unusual location had set off some alarm bells. Even though I had logged onto the site using my email address and password, Darth Vader Booking didn’t believe it was actually me. Indignant at this case of mistaken identities, I closed my browser.
My choices were twofold. I could call the company to verify my identity, or I could try the company’s competitor, Skywalker Booking. On the one hand, I was a loyal Darth Vader customer who enjoyed giving the company my business. On the other hand, the company was based in the U.S., so placing that international call would have been an expense that I didn’t budget for.
So, what did I do? I threw loyalty to the wind and logged onto Skywalker Booking to book my hotel.
Keeping False Positives and Fraud Low
The moral of this story is clear. Fraud isn’t costless, but neither are false positives. Although it would be great to live in a world in which both were 0, the only way to keep your false positive rate at 0% is to allow all your customers to complete transactions – increasing your fraud far beyond a manageable level. And, of course, you can’t lower your fraud without blocking a few good customers.
But how do you avoid suffering the fate of Darth Vader Booking, which lost a loyal customer by blocking an honest transaction? The key is your fraud-fighting strategy. It’s important to choose a fraud solution that allows you to auto-block discerningly. Machine learning solutions draw on a wealth of data to learn which transactions are likely to be risky, minimizing your false positive rate. It’s equally important to build a fraud team with the expertise necessary to conduct quick and intelligent manual review.
By crafting your fraud solution with care, you can retain loyal customers while continuing to grow your business. It’s the only way to survive in a world where something as “atypical” as engaging with your device on the go has become typical.