Your best customers are the ones you're turning away
Fraud filters are judged on the fraud they stop. Nobody counts the good customers they block — and that silent number is the most expensive line in your funnel.
By The CPoI Team
Every merchant watches their fraud rate. Almost none watch their false-decline rate — and that’s the one quietly costing them the most.
A false decline is a legitimate customer, with a legitimate card, told “no”. They wanted to buy. They could pay. Your defences turned them away anyway. It never shows up as a loss on a report, because a sale that never happened leaves no trace. But it is the single most expensive error in the checkout funnel.
The number nobody puts on a slide
Anti-fraud AI is sold on how much fraud it catches. The uncomfortable other half of the story:
Up to 65% of the transactions that anti-fraud AI blocks are false positives — real customers, wrongly declined.
Two-thirds of the “threats” your risk engine stops are people trying to give you money. And the damage doesn’t end with the lost basket. 41% of shoppers never return to a merchant after a single wrongful decline — they don’t email support, they just leave and buy from someone easier.
Add it up and the industry figure is stark: merchants lose around $13 for every $1 of fraud they prevent through false positives. You are paying thirteen times over to stop the wrong thing.
Why risk scoring can’t win this
The reason is baked into how card-not-present fraud tools work. With no card and no PIN, they can’t verify anyone — they can only guess. So they build a risk score from signals: the device, the location, the velocity, the mismatch between billing and shipping.
Guessing has two failure modes, and they pull against each other. Loosen the model and fraud gets through. Tighten it and you decline good customers. There is no setting that removes both, because the tool never had proof to begin with — only probability. The unfamiliar-but-genuine shopper (new device, travelling, first-time buyer, gift address) looks exactly like the thing you’re trying to block.
Replace the guess with proof
CPoI doesn’t tune the risk model — it removes the need for one. Instead of inferring whether a shopper is genuine, it lets them prove it the way they do in store: tap the card, enter the PIN.
Once a payment is authenticated as card-present, the guessing stops:
- The genuine customer gets through. There’s nothing to score and nothing to wrongly block — the cardholder has authenticated themselves.
- No friction tax on the way. No one-time codes that arrive late or never, no app-switching, no redirect that sheds a third of your baskets before they convert.
- The liability moves anyway. Because it’s card-present, fraud liability sits with the issuing bank — so you’re not trading conversion for exposure.
Start measuring what you can’t see
Here’s the exercise worth running this quarter: pull your decline rate, and estimate how many of those declines were real customers. Multiply by your average order value. Then multiply again by the share who never came back.
That figure — the revenue you’re actively turning away — is the one CPoI is built to recover. Fraud reduction is the headline. Recovering the customers you were wrongly blocking is where the money is.