Blog / Strategy /

How to balance security and conversion

How to balance
security and conversion

Nick Tubb

Vice President, Commercial Affairs for Ingenico ePayments


Fraud comes in many forms, and it has a direct impact on conversion rate. To effectively combat fraud and protect conversion rates, it is important for online businesses to take a balanced approach. Implementing the strictest controls will reduce fraud rates significantly but could create a corresponding increase in false positives.

False positives typically occur when a fraud prevention tool mistakenly identifies a genuine customer transaction as suspicious and blocks it. Aside from the lost revenue of a failed transaction, this damages customer satisfaction and the brand. In fact, three out of five customers will shop less or never return after a blocked transaction. When there’s so much to lose, finding the balance between security and conversion is crucial.


Dealing with false positives

There are three broad types of false positives: Bank Rejections, where the issuing bank declines the transaction due to risk; Fraud Denies, where transactions are blocked by the fraud engine; and Manual Review Cancellations, where the order is blocked for manual review by the fraud engine and subsequently cancelled by the merchant.

While there is no way to influence the issuing bank’s decision when it comes to fraud, there are some technical steps you can take to mitigate fraud denies and manual review cancellations. Here, successfully addressing the issue of false positives often requires custom analysis and tailored approaches—two areas where a Payment Services Provider (PSP) can lend a helping hand.

Optimizing fraud prevention tools or replacing existing tools can also have a significant effect on reducing false positives. New tools incorporating artificial intelligence (AI) are helping to drive these advances. In our experience, improvement in approval rates can range from several percentage points to extremes of 20%-30%. At Ingenico, we are seeing not just improvements in fraud management, but also tangible increases to conversion and top line revenues.


Two-factor authentication

The 3D Secure protocol was introduced nearly two decades ago as a way of adding extra security to online card transactions. It asked merchants to add another layer of payment authentication, such as codes sent via SMS or a password entered through a web portal.

The latest iteration of the protocol, 3D Secure 2.0, improves upon the previous version by requiring merchants to collect and share a large amount of data around every transaction with issuers. A larger data set empowers issuers to improve the accuracy of their risk analysis, which is expected to lead to better risk decisions and higher authorization rates. Equally importantly, all of this takes place behind the scenes, without interrupting the checkout flow, making for a better customer experience.

It is also the most effective mechanism for complying with the Strong Customer Authentication (SCA) requirements mandated by PSD2 from 14 September 2019. SCA requires all online transactions where either the issuing or acquiring bank is based in the EEA to be authenticated with two of three elements: something the customer has (i.e. device or token), something the customer knows (i.e. OTP or password) or something the customer is (i.e. fingerprint or voiceprint). Through 3D Secure, SCA and two-factor authentication, it is anticipated that improved risk decision-making will enable issuers to accept liability for the majority of transactions without sending an authentication request to the merchant, making the process faster and frictionless.

Addressing the behind the scenes elements of the payment experience that relate to fraud and security plays a critical role in maximizing conversion. By developing a clear picture of fraud analytics, optimizing fraud controls and implementing 3D Secure, merchants can balance security and conversion without sacrificing either one.

If you want to know how we can help you implement fraud solutions that don’t harm your revenue or brand, download our latest guide on Conversion Rate Optimization. 


This article was originally published on Since October 28, 2020, Ingenico has joined Worldline.