The Direct Cost of Fraud Prevention
Keeping score in sports is easy, right? Goals, points, touchdowns, runs, fastest times, etc. But there are other ways of tracking the less obvious elements of performance—time of possession, runs batted in (RBIs), rebounds, passing yardage, and even face-offs won or lost.
In business, the score is kept by profit & loss. But with the rise of eCommerce, the role of today’s CFO is evolving to be so much more complicated and nuanced. And when it comes to accounting for online fraud, scorekeeping also involves less obvious ways of tracking performance. For example, there are three primary areas where fraud prevention directly impacts overall financial performance:
- Direct Loss. This area tracks fraud losses due to lost merchandise, lost shipping expenses, chargeback fees, and more.
- Direct Cost. This area records the costs that fraud prevention activities can have on capital expenses and operating costs—IT spending, payroll, outside services, and more.
- Revenue Loss. This area is concerned with legitimate orders that are wrongly turned down due to suspicion of fraud, known as false positives or sales insults. These don’t show up as line items on the income statement, so they may not receive the attention they deserve. However, they can have a significant effect on financial performance.
It’s instinctive for CFOs to focus on high-profile direct loss when looking at the impact of fraud protection and fraud prevention. However, it can be just as important to consider the direct cost of fraud prevention activities. After all, no CFO would be happy about spending $50,000 in direct cost to prevent $45,000 in direct loss.
Capital expenses and operating costs are the two biggest contributors to the direct cost of fighting fraud.
- Organizations that choose to develop in-house fraud prevention systems. The shopping list includes capital spending on servers, storage, network switches, gateways, software, and more. As for operating costs, the care and feeding of in-house anti-fraud systems is not cheap. There is the expense of maintaining the underlying IT infrastructure, including maintenance and support contracts, hosting fees, power, cooling, and third-party integration charges. Then there is the direct cost of payroll for high-end Risk Managers to develop strategy and systems, as well as the Fraud Analysts to run day-to-day operations.
- Organizations that choose to implement third-party fraud prevention solutions. For managed services, outsourced platforms, and Software as a Service (SaaS) solutions, there typically is little or no capital expense required. In addition, support costs will tend to be lower than for in-house systems, especially those expenses involving IT infrastructure maintenance and upkeep. There will be ongoing expenses for software subscriptions, transaction fees, processing charges, and outside services. The direct cost of payroll for high-end Risk Managers most likely will not be necessary, as strategic development is typically provided by the third parties. However, day-to-day Fraud Analysts will be needed.
Then there are the direct cost subtleties that can be easily overlooked.
- Obsolescence. There are five risks of higher direct cost due to maintaining legacy systems, especially for systems that have been in place for five years or more. In addition to the costs required to upgrade or augment functionality, expenses are often higher as legacy systems tend to be compromised of multiple systems – cobbled together over time – resulting in higher systems integration spending.
- Rise of mCommerce. Not only is mobile commerce growing fast, it’s also 2x more likely to involve fraud, according to The Fraud Practice. Online retailers are struggling to keep pace when it comes to fraud prevention. For example, the Mobile Payments and Fraud: 2016 Report reveals that 40% of merchants use at least three different tools to combat the growing threats from mobile fraud. As the number of tools in the fraud protection “toolbox” multiplies, the costs associated with integrating, maintaining, and upgrading multiple systems can be significant…and less than transparent.
- Manual Labor. Manual review agents are the most expensive element in any fraud prevention department, yet their cost may be overlooked because “we’ve always done it this way.” Even when using newer tools, agents are a costly way to fight fraud. With legacy systems, these costs are often exacerbated as transaction volume increases.
- Regulatory Compliance. Falling behind on regulatory compliance is costly. Failure to comply with Payment Card Industry Data Security Standards (PCI DSS) may result in “fee creep” as processors attempt to mitigate their own risks and exposure.
- Higher Processing Fees. Legacy fraud prevention systems can produce higher-than-normal chargeback rates, which may lead to higher fees from processors. Even a few basis points can be costly because they apply to 100% of transactions. Higher-than-normal chargeback rates can also trigger increases in chargeback fees (i.e., $9 per chargeback instead of $5 per chargeback). Once again, these may go unnoticed due to the relatively small amount of each incremental charge, yet the cumulative effect can be significant.
Clearly the right investments in improving fraud protection can deliver strong ROI. It’s important to balance any reduction in direct loss against the direct cost necessary to achieve it. For more perspective on how direct cost fits within the overall impact that fraud can have on financial results, download the eBook "CFO Perspective: The Impact of Fraud".