To assess the total cost of fraud (TCOF) on your business, you need to evaluate many moving parts. You should examine not only chargebacks and refunds but also sales lost to erroneous order cancellations. In addition, you should factor in the cost of fraud prevention solutions and the operational costs of managing it all.
It's essential to consistently measure the impact in the same unit across the board. If you measure fraud losses as a percentage of revenue, you should measure the other costs related to fraud the same way. Whether you use percentages or flat currency amounts, the ultimate goal is to keep the overall cost as low as possible among the viable scenarios available to you.
Direct Losses to Fraud
The first portion of your total cost is the most readily visible: How much money do you lose directly to fraud? This cost includes your fraud chargebacks and associated fees, refunds issued to prevent chargebacks, and other losses such as fraudulent replacement orders or reward program abuse.
Direct losses due to fraud are basically just revenue lost directly through fraudulent activity.
Regardless of whether you invest in manual review or automated systems, no method is absolutely foolproof. There are a few methods you can use to measure profits lost to orders cancelled in error. Tracking every incident where a customer calls to complain about an incorrect order cancellation can prove invaluable. With this data, you can look at purchasing patterns to identify more accurately the customers who make another purchase after an initial order rejection.
There are also solutions like Sift Insult Monitor, that allow you to understand your false-positive rate, adjust thresholds, increase order acceptance, and boost revenue.
But what about those customers who never contact you and never attempt another purchase? In such cases, remaining conservative is your best bet. Get a list of rejected orders and review each of them quickly to see if there are clear signs of fraud. Using a spreadsheet or some other internal system, record which rejected orders were fraud, and which were rejected without clear evidence of fraud. Quickly reviewing each rejected transaction and recording those confirmed to be fraud allows you to estimate your fraud rate conservatively by assuming that the remaining cancellations are erroneous.
Once you determine which orders are definite versus potential lost sales, you can then calculate the lasting effects of incorrectly cancelled orders. The actual cost of these lost sales is a combination of the profit margin on those orders and estimated future revenue lost due to a negative user experience.
Lost sales include the non-fraudulent orders that were cancelled due to fraud risk.
Cost of Manual Review
Included in the cost of manual reviews is the amount of time that your team spends reviewing those orders. Manual reviews can also have other business- or industry-related costs. For instance, if you offer a product that provides instant gratification (such as information or email delivery codes), delaying an order by holding it in a review queue will likely decrease the chance of future purchases by that customer. Like future revenue from cancelled transactions, this cost is by nature an estimate; nonetheless, it’s important to include it in your calculations.
There are also hidden costs associated with fraud. In the case of account takeover (ATO), there may not be an immediate, measurable downstream impact after an account has been compromised. While fraudsters have access to an account, they may use it to test other tactics, like credential stuffing. This leaves merchants exposed to compounding impacts of fraud, as bad actors continue to exploit vulnerabilities until they are mitigated. It is important to account for the prevalence of all bad behaviors, rather than focusing on one dimension, when trying to calculate the true cost of fraud.
Cost of Technology
Don’t forget to factor in the cost of any countermeasures that you employ. This line item includes any development time spent on internal tools as well as development time integrating third-party tools. Additionally, if you use a rules-based system, include time spent configuring and updating those rules.
The Grand Total
When you add up these costs, you have the total cost of fraud to your business. These costs are closely interrelated; by making small adjustments, you can increase, for instance, your direct fraud losses slightly while greatly decreasing lost sales and manual review costs. The net gain is generally worth the sacrifice.