Skip to main content

Fraud Metrics

On this page
Prerequisites

Before diving into fraud metrics, understand:

TL;DR
  • Loss metrics: Fraud rate 5-50 bps typical; Net fraud loss = Gross - Recoveries
  • Detection targets: Detection rate over 90%, false positive rate under 50%, precision over 50%
  • Operational: Review rate 1-5%, manual review under 5 min, auto-decision over 95%
  • Prevention balance: Block rate + friction rate vs. insult rate
  • Segment by: fraud type, channel, product, customer segment, geography

You can't manage fraud without measuring it. These are the KPIs that tell you whether your fraud program is working, wasting money, or blocking good customers. Track loss metrics to know how much fraud costs you, detection metrics to know if your tools are catching it, and operational metrics to know if your team can keep up.

Loss Metrics

MetricDefinitionBenchmark
Fraud Rate (bps)Fraud $ / Transaction $ x 10,0005-50 bps
Fraud Rate (#)Fraud count / Transaction count0.05-0.5%
Gross Fraud LossTotal confirmed fraudBefore recoveries
Net Fraud LossGross - RecoveriesTrue P&L impact

How to Calculate Fraud Rate

Fraud rate is the most important number in your fraud program. Two ways to calculate it:

By dollar volume (most common):

Fraud Rate (bps) = (Fraud Dollars / Total Transaction Dollars) x 10,000

Example:
  $2,500 fraud in a month / $500,000 total volume = 0.005
  0.005 x 10,000 = 50 bps (0.50%)

By count:

Fraud Rate (%) = (Fraud Transactions / Total Transactions) x 100

Example:
  12 fraud transactions / 5,000 total transactions = 0.24%

Dollar-based and count-based rates tell different stories. If your dollar rate is high but your count rate is low, you have a high-ticket fraud problem. If both are high, you have a volume problem.

What Counts as "Fraud"?

Only count confirmed fraud: chargebacks with a fraud reason code, transactions you refunded because you confirmed fraud, and transactions flagged by your processor as confirmed unauthorized. Don't count friendly fraud, product disputes, or "I don't recognize this" chargebacks. Those are chargeback metrics, not fraud metrics. Mixing them inflates your fraud rate and sends you chasing the wrong problem.

Net Fraud Loss: The Number That Matters

Gross fraud is the headline number, but net fraud loss is what hits your P&L:

Net Fraud Loss = Gross Fraud
                 - Chargebacks won (representment recoveries)
                 - Insurance/guarantee recoveries
                 - Pre-chargeback refund savings

Example:
  $10,000 gross fraud
  - $2,000 won through representment
  - $3,000 covered by chargeback guarantee vendor
  - $500 caught and refunded before chargeback filed
  = $4,500 net fraud loss

Track both. Gross fraud tells you how much fraud is getting through your defenses. Net fraud loss tells you the actual financial damage.

Detection Metrics

MetricDefinitionTarget
Detection RateDetected fraud / Total fraud>90%
False Positive RateGood transactions blocked / Total blockedUnder 50%
PrecisionTrue fraud / All flaggedOver 50%
RecallDetected fraud / All fraud>90%

The False Positive Problem

False positives are legitimate transactions your fraud tools incorrectly blocked. They're the hidden cost of fraud prevention, and for most merchants, they cost more than actual fraud.

False Positive Rate = Legitimate Blocked / Total Blocked

Example:
  You blocked 100 transactions this month.
  30 were confirmed fraud.
  70 were legitimate customers.
  False positive rate = 70 / 100 = 70%

What's "too high" depends on your risk appetite. Conservative businesses target under 30%. Most merchants should aim for under 50%. Aggressive strategies (high-margin digital goods, where false declines cost more than fraud) may accept 50-70%. If you're above 50% without a deliberate reason, your rules are too tight and you're losing more revenue to false declines than you're saving from fraud prevention.

How to measure false positives: Pick 20-30 blocked transactions per month at random. Review each one. Was it actually fraud? A customer who calls after being blocked, a repeat customer with a normal order, an order that matches the customer's usual pattern -- those are false positives.

What false positives actually cost:

ScenarioCost
Customer buys elsewhereLost sale + lifetime value
Customer calls support$5-15 in support cost + friction
Customer doesn't come backPermanent revenue loss
Customer posts negative reviewReputation damage

A 1% false positive rate on $500K/month in volume means $5,000/month in blocked legitimate sales. That's $60K/year in revenue you turned away.

Detection Rate vs. Precision: The Tradeoff

These two metrics pull in opposite directions:

  • Tighter rules (block more) = higher detection rate, but more false positives (lower precision)
  • Looser rules (block less) = fewer false positives (higher precision), but more fraud slips through (lower detection rate)

There is no right answer. The balance depends on your margins, your fraud type mix, and how much your customers tolerate friction.

Business TypeLean Toward
Low-margin physical goodsHigher precision (can't afford blocking good orders)
High-margin digital goodsHigher detection rate (fraud is expensive, false positives less so)
SubscriptionsHigher precision (blocking a subscriber has high LTV cost)

Operational Metrics

MetricDefinitionTarget
Review RateTransactions reviewed / Total1-5%
Manual Review TimeAvg time per caseUnder 5 minutes
Auto-Decision RateAuto-approved or declined / TotalOver 95%
Time to DetectionTransaction to fraud confirmationUnder 7 days

Review Rate: Your Automation Gauge

If more than 5% of your transactions need manual review, your rules or model thresholds are too aggressive. Manual review doesn't scale.

Review Rate = Transactions Sent to Review / Total Transactions

Example:
  250 reviews / 10,000 transactions = 2.5% (healthy)
  1,200 reviews / 10,000 transactions = 12% (unsustainable)

What to do if review rate is too high:

  1. Check which rules are sending the most transactions to review. One overly broad rule often accounts for 40%+ of review volume.
  2. Tighten the rule or raise the threshold so only the most suspicious cases go to review.
  3. Convert obvious patterns to auto-decisions: if 90% of a rule's reviews are approved, the rule is too broad.

Time to Detection

The faster you confirm fraud, the faster your model learns and the faster you can stop similar transactions. "Time to detection" measures how long it takes from when a fraudulent transaction processes to when you know it was fraud.

Detection SourceTypical Time
Customer contacts you1-3 days
Internal review catches itSame day to 7 days
Chargeback arrives30-120 days
Fraud vendor flags it1-7 days

Waiting for chargebacks means your fraud tools are always learning from stale data. Proactive detection (internal review, customer reports, vendor flags) gives you faster feedback. See Fraud Model Feedback for how faster signals improve your detection over time.

Prevention Metrics

MetricDefinitionNotes
Block RateTransactions blocked / Total attemptsHigher isn't always better
Friction RateStep-ups triggered / TotalBalance UX vs. security
3DS Challenge RateChallenges / Total 3DS5-15% typical
Insult RateGood customers declinedMinimize

Block Rate: When Higher is Worse

A rising block rate doesn't mean your fraud prevention is working better. It often means your rules are too aggressive or a new rule is catching too many legitimate transactions.

Warning signs:

  • Block rate jumps 2x or more in a single week with no corresponding fraud spike
  • Block rate is above 10% (you're almost certainly blocking too many good transactions)
  • Block rate rises but fraud losses don't decrease (you're blocking the wrong transactions)

What a healthy block rate looks like:

Business TypeTypical Block Rate
Low-risk e-commerce1-3%
Digital goods3-8%
High-risk verticals5-15%

Segmentation

Track every metric above by:

  • Fraud type (first-party, third-party, ATO, etc.)
  • Channel (web, mobile, in-store)
  • Product type (high-value items often have different fraud patterns)
  • Customer segment (new vs. returning customers)
  • Geography (cross-border transactions have higher fraud rates)

Aggregate numbers hide problems. A 0.2% overall fraud rate looks healthy, but if your digital goods category is running at 1.5% while your physical goods are at 0.05%, you have a targeted problem that aggregate metrics won't surface.

Test to Run (2 Weeks)

False positive audit:

  1. Pull 30 blocked or declined transactions from the past week (random sample).
  2. For each one, determine: was it actually fraud, or would it have been a legitimate sale?
  3. Calculate your false positive rate (legitimate blocked / total blocked).
  4. Identify which rules or score thresholds caused the most false positives.
  5. Move the worst offender to shadow mode for a week and measure impact.

Success criteria: False positive rate drops without fraud rate increasing. If you can't tell whether a blocked transaction was fraud or not, that's a data collection problem to fix first.

Scale Callout

VolumeWhat to TrackHow
Under $50K/monthFraud rate (monthly), chargeback countCheck processor dashboard weekly. Manual count is fine.
$50K-$250K/monthAdd: false positive rate, detection rate, review rateMonthly spreadsheet. Sample 20 blocked transactions for FP rate.
$250K-$1M/monthAdd: precision per rule, time to detection, block rate trendsWeekly reporting. Segment by fraud type and product category.
Over $1M/monthAll metrics, segmented by channel, geography, and customer segmentAutomated dashboards. Daily review of anomalies.

Where This Breaks

  • Optimizing one metric in isolation. Pushing detection rate to 99% will spike false positives. Pushing false positives to zero will miss fraud. Read metrics as a set, not individually.
  • Comparing across business models. A 0.3% fraud rate is a crisis for a physical goods retailer but normal for digital goods. Use benchmarks by industry for your vertical.
  • Low volume noise. Under 1,000 transactions/month, individual fraud cases swing your rate by 0.1%+ in either direction. Trend over 90 days, not weekly snapshots.
  • First-party fraud miscategorization. If you're counting friendly fraud as third-party, your detection rate looks worse than it is and your prevention strategy targets the wrong problem.
  • Only counting chargebacks as fraud. Chargebacks represent fraud you missed. If you refund a fraudulent transaction before the chargeback arrives, that's still fraud. Count it.

What to Do When...

Fraud rate is climbing:

  1. Segment by fraud type. Is it third-party fraud (stolen cards) or friendly fraud (legitimate customers disputing)?
  2. Check if a specific product, geography, or customer segment is driving the increase.
  3. If it's third-party fraud, tighten your velocity rules or risk scoring thresholds.
  4. If it's friendly fraud, the solution is better evidence collection and refund policy design, not tighter fraud rules.

False positive rate is too high:

  1. Identify the rules sending the most transactions to review or block.
  2. Check what percentage of those flagged transactions were actually fraud (precision per rule).
  3. Rules with precision under 20% are doing more harm than good. Move them to shadow mode or tighten the conditions.
  4. See Building Fraud Rules for shadow testing methodology.

Detection rate is too low:

  1. Review recent chargebacks. What fraud got through? Was there a pattern your rules should have caught?
  2. Check if your rules cover the fraud types you're actually seeing (card testing, ATO, etc.).
  3. Consider adding device intelligence signals to catch fraud that transaction data alone misses.

Next Steps

Setting up fraud tracking?

  1. Understand fraud types - Know what you're measuring
  2. Define risk appetite - Set acceptable thresholds
  3. Review industry benchmarks - Know what "good" looks like

Fraud rate too high?

  1. Implement risk scoring - Better detection
  2. Add velocity rules - Catch patterns
  3. Consider 3DS - Liability shift for fraud

Optimizing detection?

  1. Review rules vs ML - Choose right approach
  2. Tune manual review - Reduce false positives
  3. Evaluate vendors - Consider specialized tools
Other Metrics Pages

Tracking fraud is just one piece. See also: Payments Metrics · Chargeback Metrics · Compliance Metrics · Operations Metrics

Last updated on