Illustration of how banks can calculate the costs of false positives

False positives are a thorn in the side of almost every bank. Not only are they a significant inconvenience for bank customers, but they carry significant costs over time. And these costs apply to the customers, the bank’s operations, and its technology infrastructure. Banks need to first understand the full costs of false positives to address the problem effectively.

False Positives 101

A false positive is when a customer’s legitimate transaction is flagged as suspicious. When this happens, it can cause significant headaches for the customer trying to complete their transactions. The most immediate result is that the customer’s transaction is blocked. But in some cases, their account might be locked entirely. In other words, a false positive occurs when a good customer is believed to be a fraudster by their bank or by a merchant.

The false positive problem is one of the most widespread issues among modern financial services organizations. Recent research found many banks have a false positive rate above 90%. While it is widely accepted that false positives are, and always will be, a natural consequence of any fraud strategy, the key is to keep false positives low while maximizing fraud detection. To do this, banks must holistically understand their customers in a channel agnostic way, and not just rely on single data points to make decisions such as if the user is in a new location.

3 Biggest Costs of False Positives

It’s tempting to dismiss a false positive as a minor inconvenience. But the truth is false positives can take a serious toll on customers, their banks, and the bank’s technological infrastructure. Here’s what a false positive means for each party:

  • Bank Customers: When a bank customer wants to buy something they found online or pay an important bill, they expect to be able to quickly move through checkout so they can enjoy their new purchase. A false positive not only prevents the customer from completing their purchase, but it creates a new headache by forcing them to contact their bank to resolve the problem. Even if the customer only has to spend 15 minutes out of their day to address the problem, they will view the experience as lost time. If the false positive causes them to miss their bill payment, they could incur late fees and damage their credit rating.
  • Bank Staff: Banks should look at how much it costs to employ a fraud analyst who reviews the false positive. How much does this person earn in salary each year? What kind of pension do they have? And how much time do they spend each day addressing false positives? How much has the FI invested in technology to support their job function? Once banks can tabulate these factors and multiply them over the course of a year (taking into account factors like employee PTO and sick leave), a clearer picture over the cost of false positives emerges.
  • Technical Infrastructure: False positives inflict a technical cost on banks as well. When a customer’s transaction is flagged, many banks issue electronic communications like SMS messages or a one-time passcode (OTP) to verify the customer’s identity. Each SMS sent to a customer costs a bank a small sum of money. Banks should also defend their SMS strategy with a SIM swap check that adds to the cost of these messages. While these messages don’t cost much individually, they add up to a considerable sum over the course of a single year.

Bear in mind that the costs associated with just one of these categories is considerably high. But the true cost of false positives is never limited to just one. Instead, it’s often a combination of all three categories – which can take a serious toll on a FI’s bottom line.

3 Tips for Banks to Reduce False Positives

It’s every bank’s dream to reduce false positives while maintaining a high level of fraud detection. A bank’s ideal fraud strategy should focus on protecting customers from fraudsters while also protecting them from unnecessary intervention due to a false positive alert. At the same time, it’s important to note that no fraud prevention strategy can completely eliminate false positives. Here are three tips for banks to consider as they develop their false positive strategy.

1. Focus On Your Bank’s Top KPIs 

As they seek to address false positives, banks should look at which key performance indicators (KPIs) they want to focus on. If the bank’s goal is to significantly reduce fraud, false positives rates might increase as a result of this effort. On the other hand, if reducing false positives is the bank’s key priority, the bank may see fraud detection decrease as a result. 

The unfortunate reality is that no fraud prevention strategy will ever be able to completely eliminate false positives. Instead, each bank should consider its own risk appetite and determine which KPIs your organization will focus on. From there, you can determine the false positive rate for your bank’s unique needs.

2. Know Your User

Understanding who your customer is and how they normally transact is a key step in reducing false positives. Your bank’s fraud prevention technology should be able to build a profile of a customer’s normal patterns based on how they transact online. Solutions like behavioral biometrics can help understand customers at a deeper level, such as how they handle their devices, touch their screen, and their language settings. Developing a hypergranular 360-degree view of customers enables banks to spot anomalies much faster – and reduce false positives as a result.

3. Employ a Secure Authentication Strategy

As we’ve noted already, false positives can’t be eliminated entirely. That’s why it’s important to be able to quickly and securely identify your customers’ identities as soon as possible. Implement a seamless authentication program to quickly confirm the identity of your customer and allow them to conduct their business. At the same time, make sure your authentication system is secured from security risks like SIM swaps. Taking this a step further, the authentication strategy adopted should ideally be representative of the risks. A higher value transaction, for example, is worthy of a more robust authentication measure. On the other hand, a lower value transaction may be assessed using a simpler form of authentication. 

Customers will appreciate being able to conduct their business with as little friction as possible. While eliminating false positives is impossible, banks should focus on reducing their frequency and their impact on customers’ lives. The fewer intervention customers face, the more likely they are to stay with their bank.

Watch our on-demand webinar Stop Account Takeover Fraud Before it Happens to learn how to stop ATO attacks in real time and ensure your customers are real at every interaction.