Manual Review: What Is It, And Does It Prevent Fraud?
Every single day, people around the globe go about their business using credit cards, cash, and digital payment platforms to meet the needs of daily life. In 2021, credit giant Visa processed an average of 597 million transactions per day, and CNP or “card not present” transactions grew by an impressive 23%. With so many consumers swiping and typing each day, it’s unfortunately inevitable that not all of these transactions will be legitimate.
As consumers find more ways to pay, fraudsters find more ways to scam buyers and businesses out of money and assets. Businesses and financial institutions have the unique challenge of sifting through millions of transactions daily for the relatively small percentage of those made by criminals.
In most cases, a consumer places an order with their vendor and the transaction processes within seconds–no friction required. This sort of efficiency wouldn’t be possible if a human being had to manually assess each and every transaction for signs of wrongdoing.
That’s why most organizations with fraud concerns use some combination of automated tools known as a fraud detection system. These systems use sophisticated algorithms and criteria to flag high-risk transactions and even stop them from proceeding–but what happens next? For instance, what happens if a fraud detection system returns an unknown risk value? What if the system flags a legit user as a fraudster (false positives)?
Even the most advanced fraud detection system money can buy will make mistakes from time to time, and it’s this gap between 99% effective and 100% effective that leads many business owners to rely on manual review more heavily than they should.
Merchants are constantly walking a tightrope between what is cost-effective and what is best for user experience and fraud detection. Reports suggest that online merchants may review as many as 26% of their orders, but manual review can do more harm than good when relied upon to this extent.
What is a manual review?
Even a fraud detection system with 99% efficacy will return unknown risk values or false positives some of the time. This is the gap that manual reviewers are meant to address. But what does manual review mean? A manual review is any time in the fraud detection process that a human looks at a transaction for assessment, rather than an AI or software. In other words, the transaction is manually reviewed rather than automatically reviewed.
Manual fraud reviews can take on different forms and have a variety of different “triggers” depending on the individual organization. Some businesses rely more heavily on their manual review team than others, and different organizations will have different policies and tools to help reviewers assess fraud risk.
Just a few factors a fraud reviewer may use to judge the legitimacy of a transaction include the customer’s past transaction history, verification of address and banking information, and phone calls or SMS messages to an authenticated customer phone number.
What does it cost?
Merchants who implement manual reviews into their anti-fraud operational techniques have a few choices to make, all of which can affect cost. For instance, manual reviews can be an in-house affair with dedicated employees or outsourced to an agency depending on each merchant’s needs. In-house reviewers may work as part of a larger Fraud Review team or as an extension of an existing customer service or risk management department.
As with most things in the commercial sector, “cost” goes beyond just payroll or agency invoices. While these reviews can be effective in preventing fraud losses, the juice isn’t always worth the squeeze–a manual review process can also cause legitimate customers to abandon their purchase if approval is slow-going. In many cases, the manual review technique adds a lot of friction, and that can damage the bottom line.
On the other hand, when it works, human assessments can be an effective way to weed out uncertainty in orders with a middle-of-the-road risk rating. A conservative approach to a fully-automatic accept or decline system might look like accepting orders with low risk and rejecting everything else. In cases like this, a human reviewer can rescue revenue that otherwise may have faced rejection by an overly-cautious automatic process. However, the results aren’t always so cut-and-dry. There are a few problems with the manual review process that go beyond its high price tag.
- While manual review can be good for transactions with in-between risk, the expense and lack of scalability mean it should be used as sparingly as possible
- Merchants using manual review should track key metrics such as time each order spends in the queue, rejection to approval ratios, and false positive rates
- Step up authentication represents a good alternative to manual review
How effective is this process for preventing fraud?
Manual review is most effective when merchants treat it as a deciding factor for orders with middling risk rather than their main anti-fraud technique. Because of the resources and time required, relying too heavily on manual checks can result in sky-high labor costs and lost user experience quality.
However, there is still something to be said for maintaining a more personal touch in the fraud detection process: humans bring an abstract understanding of transactions that machines can’t always match. Given the details of a transaction, a human reviewer can often read between the lines. It’s that ability to follow a potential customer or fraudster’s line of thinking which makes manual checks valuable when used properly.
That said, it’s important to keep in mind that that same knack for abstract thinking can introduce another problem with manual checks–interpretation. While a human eye can be useful as a final say, two manual reviewers may make a different call on the same order, and that difference of opinion can mean that decisions are much more arbitrary than is ideal.
Any merchant implementing manual fraud assessments into their order approval system will need to also implement ways to measure the efficacy of the reviewers. A few notable KPIs include the chargeback rate, average approval and denial rates, average time before a flagged order receives a decision, and the rate of fraudulent orders approved by a manual reviewer.
As with every other resource in an anti-fraud arsenal, manual reviewers will be most effective when used in conjunction with other tools. Merchants want to reduce chargebacks and false positives as much as possible, but it’s equally crucial that good orders don’t face an unfair denial by automated systems.
This middle ground between too risky for approval but too regular for rejection is the sweet spot for a manual check, and it represents where human reviewers can make the most difference. Rather than relying too heavily on lengthy, expensive manual reviews, fraud professionals should use them sparingly and strategically to address orders with equivocal risk factors.
For those looking to reduce their reliance on manual fraud checks, a better solution comes in the form of step-up authentication. Step-up authentication is when additional information is requested from the user before the authorization of a sensitive transaction or information request. For example, a banking platform may request an additional level of authentication, such as a one-time password or SMS code, before allowing the transfer of a large sum of money. Step-up authentication can be an effective alternative to manual review, as administrators can use it as the default response to middlingly risky transactions.
Part of a fraud prevention professional’s goal should always be to strive for the most seamless blend possible of security, cost-effectiveness, and top-notch user experience. While manual review doesn’t check all of these boxes, alternatives like step-up authentication may be the next big step toward achieving this balance.