Card-not-present fraud is a huge and growing problem for ecommerce, and one way merchants try to prevent it is with blacklists. These databases contain names, email addresses, phone numbers, and credit card accounts linked to confirmed fraud.
It used to be that such blacklists, updated internally or bought from a data provider and updated every few months, were a reasonably good layer of fraud protection. Now, as fraudsters develop ever-more sophisticated strategies and have access to a growing cache of stolen consumer information from data breaches, the quality and structure of blacklists matter more than ever. A dynamic blacklist can be a valuable tool for fraud prevention, but static blacklists can lead to more fraud and more false declines for merchants.
False declines are already a big problem for ecommerce. Ecommerce merchants decline 45% of their orders, and 22% of those declines are false, according to the Lexis Nexis True Cost of Fraud Survey for 2017. False declines cost the US ecommerce industry more than $8 billion in lost sales in 2016 alone. Customers declined in error are likely to take their business elsewhere, rather than go back to merchants who wouldn’t take their money. But how can blacklists, which are supposed to prevent bad actors from making purchases, sometimes cause good customers to be rejected, too? The answer hinges on the difference between static and dynamic data.
One-way fraud data deteriorates over time
One-way data is data that only goes one way: from the source to the list.