To build or to buy a fraud solution? Key considerations

At Ravelin, we’re in the unique position of having both built our own fraud solution as merchants and now providing fraud solutions as a third party to lots of other merchants.

This post will go through some of the things you will need to think about for both options as well as offer advice on best practices for each.

As a caveat to all of this, we’re going to assume that you are going to want a machine learning solution. This is because through our own testing of machine learning and rules (both as merchants and now here at Ravelin), machine learning has always produced better results.

In-house or third-party developed fraud solution: What to think about

There is no one-size-fits-all answer to the question of whether you should build your own fraud prevention solution or buy third-party from a vendor such as Ravelin. But we have the questions you need to ask to reach the answer that works for you:

1. How many transactions are you processing per month?

The best way to combat fraud is by using machine learning. But the one drawback of machine learning is that it requires large amount of data to produce accurate results. This is why companies like Amazon and Ebay have been able to build their own extremely strong fraud prevention products in-house.

If you are collecting fewer than 10 million transactions per month, it is probably worth using a third party so you can benefit from everything they know about fraud from similar customers to you as well as their network of merchants and consortium features.

If you are collecting over 10 million payments per month and you satisfy the below conditions, it may be worth looking into building your own fraud prevention service in-house.

3. Do you have in-house fraud expertise?

If you have a lot of in-house knowledge about fraud it may be worth looking into building your own solution. As well as data scientists and engineers, building a robust solution typically requires a fraud expert as well as highly trained reviewers.

A good third party solution such as Ravelin will equip your customer support team with the right tools so they can manage fraud effectively and efficiently.

4. Do you have in-house engineering and data expertise?

Building a robust fraud tool in house doesn’t just mean hiring an in-house fraud expert; that person will also require extensive engineering and data resource to implement the program both initially and ongoing.

If you have a strong engineering and data science team this may be something you want to consider. If these aren’t core competencies within your company, you are better off looking to a third party who have full-time engineers and data scientists working constantly to adapt to changing fraud patterns.

5. Are you looking to release new products or have you expanded into new geographies?

One of the drawbacks of machine learning is that it works well only with large datasets.

If you are selling the same product you have been for years in the same geographies, building something in-house could work well for you (although you will still have to be wary of the ever-changing fraud behaviors).

If you are looking to release new products or into new areas, it is usually best to partner with a third party who has data on the countries you are going into and may have experience with the new products you are about to release.

6. How pressing is your fraud problem?

If you’ve been put on a merchant monitoring program such as Visa's VAMP or Mastercard’s Excessive Chargeback Program (ECP) and are under pressure to get chargebacks under control immediately, your best bet is to go with a third party vendor.

Once you integrate Ravelin, you should see significant improvements within your first month. If you have fraud under control currently but are looking to get something in place for the future, you may want to consider building your own tool in-house.

Where to go from here

Once you've assessed which of the two strategic approaches to fraud detection works for your company, read through Ravelin's top tips below.

Top tips if you are building

• If you do decide you want to build something, the most important first step is to hire a fraud expert. Look for someone that has experience in your industry and who can demonstrate the results they achieved and explain the methods they used to achieve them. This should take 3–6 months if you can find a good recruiter. You will then need to assign this person a number of engineers and data scientists to assist them.
  
• The next step is training/hiring your fraud team. You should set a benchmark of what percentage of orders you want to manually review and then work from there on how many need to be trained. It’s usually worth having a senior manual reviewer as well who new hires can go to with particularly tricky cases. The % of order reviewed can vary drastically from company to company. Ravelin's customers typically review 1% of orders, yet a 2016 Cybersource report found that customers using rules reviewed as many as 25% of their orders. The exact number will be determined by how good your models are.
  
• Work out the key metrics you want to track and review them on a monthly basis with the relevant stakeholders – usually this would be the Head of Payments, Head of Fraud, or CFO.
  

Top tips if you are buying

• The first thing you will want to do is work out what things are important to you. For instance, if you want to ensure your customers’ data is safe you may want to choose a provider who is ISO 27001 certified, likewise if you deal with transactions in real time, you might want to choose a provider who gives instant fraud decisions.
  
• You will want to work on a timeline for when you want your solution implemented. If it is quickly, the best thing to do is scan through a few websites, work out which ones might suit your needs and then arrange calls. If you want a longer more protracted process, it may be worth conducting an RFP.

• One thing we do suggest is that if you do opt for buying a solution rather than building, you select a provider that can build models based around your own data rather than a generic model for all of ecommerce or your sector. This means you essentially get all the benefits of building your own solution without any of the hassle or cost and at a fraction of the time.

• Another thing we strongly suggest you do is select a third party supplier with PCI compliance, who is able to collect full card numbers. This means if they spot compromised cards being used at another one of their merchants, they can protect you against that aggressor too.

• Once you have entered into a contract with a vendor, it’s important you work out with the supplier what the most important metrics are for your business and track these on a monthly basis with your account manager. For example, do you prioritize keeping fraud down or accepting as many orders as possible? Your results should improve month on month.

Make sure you measure the success of your fraud prevention tools, whether you buy or build in-house. It will tell you what's going well and what needs improvement.