Harness the power of your data to reduce fraud
and increase payment acceptance
Tailor-made fraud protection
Detect and stop fraud faster with clear
Adaptive solutions for emerging threats
Defend against ATO, promo abuse and seller
Optimize conversion with agnostic
Manage PSD2 and take control of
Online payment fraud
Understand chargebacks, fees &
Machine learning for fraud detection
Models, risk scores & thresholds
Link analysis & graph networks
Draw deeper insights from data
Account takeover fraud
Prevention strategies & reputational
Promotion & refund abuse
Uncover & stop hidden costs
PSD2 & SCA
3D Secure, TRA & exemptions
Global payment regulation map 2022
Track PSD2 & more with a full report
Deep dives on fraud & payments topics
The latest fraud & payments updates
API & developer docs
APIs, glossary, guides, libraries and SDKs
Discover the story about Ravelin
Join our dynamic team
Read more about our happy customers
Join our partner programme
Harness the power of your data to reduce fraud and increase payment
Detect and stop fraud faster with clear insights
Defend against ATO, promo abuse and seller fraud
Optimize conversion with agnostic authentication
Manage PSD2 and take control of authentication
Understand chargebacks, fees & detection
Prevention strategies & reputational risk
Uncover & stop hidden abuse
Read more about our happy custmomers
Blog / Other
It's hard to know when to buy a fraud solution or build it yourself internally. We've laid out the realities of both for you along with advice on best practices for each.
At Ravelin we’re in the fairly unique position of having both built our own fraud solution as merchants and now providing fraud solutions as a third party to lots of other merchants. This post will go through some of the things you will need to think about for both options as well as offer advice on best practices for each.
As a caveat to all of this, we’re going to assume that you are going to want to select a machine learning solution. This is because through our own testing of machine learning and rules (both as merchants at Hailo and now here at Ravelin), machine learning has always produced better results - read more about this here.
As we’ve written about previously, we think the best way to combat fraud is by using machine learning. The one drawback of machine learning is that it requires large amount of data to produce accurate results. This is why companies like Amazon and Ebay have been able to build their own extremely strong fraud prevention products in-house. If you are collecting fewer than 10m transactions per month it is probably worth using a 3rd party so you can benefit from everything they know about fraud from similar customers to you as well as their network of cards. If you are collecting over 10m payments per month and you satisfy the below conditions, it may be worth looking into building your own fraud prevention service in-house.
As with any big purchase, cost is one of the primary factors to look at when assessing whether to buy or go it alone. A few things you should consider include:
- What is the total cost of the third party per month?
- How much would you lose to fraud with the third party vs something in-house per month?
- How much will it cost to hire and pay a full-time in-house fraud expert?
- How much will it cost to provide this hire with the ongoing engineering and data resources they need?
- How many hours of manual review do you expect per month with an in-house system vs a bought system? What does this equate to in salary, hiring and training costs for a review team?
Once all costs are considered, you are in an excellent place to decide whether to build or buy. As a general rule of thumb, unless you have over 100 engineers, data scientists, and support staff and are willing to commit a full time data scientist and engineer to fraud, you should go with a third party system. One thing we didn’t fully appreciate at Hailo was the extent to which we needed to constantly upkeep and improve what we’d built already.
If you have a lot of in-house knowledge about fraud it may be worth looking into building your own solution. As well as data scientists and engineers, building a robust solution typically requires a fraud expert as well as highly trained reviewers. A good third party solution, such as Ravelin, will equip your customer support team with the right tools so they can manage fraud effectively and efficiently.
Building a robust fraud tool in house doesn’t just mean hiring an in-house fraud expert. That person will also require extensive engineering and data resource to implement the program both initially and ongoing. If you have a strong engineering and data science team this may be something you want to consider. If these aren’t core competencies within your company, you are better off looking to a third party who have full-time engineers and data scientists working constantly to adapt to changing fraud patterns.
As we’ve mentioned before, one of the drawbacks of machine learning is that it works well only with large data sets. If you are selling the same product you have been for years in the same geographies, building something in-house could work well for you (although you will still have to be wary of the ever-changing fraud behaviours). If you are looking to release new products or into new areas it is usually best to partner with a third party who has data on the countries you are going into and may have experience with the new products you are about to release.
If you’ve been put on something like Visa or Mastercard’s Excessive Chargeback Programme and are under pressure to get chargebacks under control immediately your best bet is to go with a third party vendor. You can integrate Ravelin in about a week and should see significant improvements within your first month. If you have fraud under control currently but are looking to get something in place for the future, you may want to consider building your own tool in-house.
If you do decide you want to build something, the most important first step is to hire a fraud expert. Look for someone that has experience in your industry and who can demonstrate the results they achieved and explain the methods they used to achieve them. This should take 3-6 months if you can find a good recruiter. You will then need to assign this person a number of engineers and data scientists to assist them.
The next step is training/hiring your fraud team. You should set a benchmark of what % of orders you want to manually review and then work from there on how many need to be trained. It’s usually worth having a senior manual reviewer as well who new hires can go to with particularly tricky cases. The % of order reviewed can vary drastically from company to company. Ravelin customers typically review 1% of orders, yet a 2016 Cybersource report found that customers using rules reviewed as many as 25% of their orders. The exact number will be determined by how good your models are.
Work out what the key metrics you want to track are and review them on a monthly basis with the relevant stakeholders, usually head of payments, head of fraud, head of marketing.
The first thing you will want to do is work out what things are important to you. For instance, if you want to ensure your customers’ data is safe you may want to choose a provider who is ISO 27001 certified, likewise if you deal with transactions in real time, you might want to choose a provider who gives instant fraud decisions.
Secondly you will want to work on a timeline for when you want your solution implemented. If it is quickly, the best thing to do is scan through a few websites, work out which ones might suit your needs and then arrange calls. If you want a longer more protracted process, it may be worth conducting an RFP.
One thing we do suggest is that if you do opt for buying a solution rather than building, you select a provider that can build models based around your own data. This means you essentially get all the benefits of building your own solution without any of the hassle or cost and at a fraction of the time.
Another thing we strongly suggest you do is select a third party supplier with PCI compliance who is able to collect full card numbers. This means if they spot compromised cards being used at another one of their merchants, they can protect you against that aggressor too.
Once you have entered into a contract with a supplier it’s important you work out with the supplier what the most important metrics are for your business (i.e. are you more concerned with keeping fraud down or accepting as many orders as possible) and track these on a monthly basis with your account manager. Results should improve month on month.
Learn more about machine learning here.
Gerry Carr CMO
7 min read
More from Gerry Carr
Share this article:
Blog / News
From 2020 to 2022, how has your online business changed? Let’s talk about how the pandemic continues to shape ecommerce two years on.
Grace Proctor, Content Writer
Appetite for ordering food on marketplace apps is still strong, as customers look for convenience and choice. But how are foodie fraud trends evolving?
Lola Omo-Ikerodah, Content Writer
Online marketplaces are exploding, but fast expansion always opens the door to fraud. Learn how to prevent fraud as your business grows with the industry pulse infographic…
Subscribe to our newsletter to get the latest fraud & payments updates sent direct to your inbox.