Solutions overview
Harness the power of your data
Support and investigations
Support services for Ravelin
Online payment fraud
Account security
Policyabuse
Marketplace fraud
3DSecure
Resource Zone
Deep dives on fraud & payments topics
API & developer docs
APIs, glossary, guides, libraries and SDKs
Global Payment Regulation Map
Track PSD2 & more with a full report
Blog
The latest fraud & payments updates
Insights
In-depth guides to fraud, payments & security
About Ravelin
Discover the story about Ravelin
Careers
Join our dynamic team
Customers
Read more about our happy customers
Press
Get the latest Ravelin news
Support & investigations
Accept more payments securely
Protect your customer accounts
Policy abuse
Stop policy abuse to protect your bottom line
Ravelin for marketplace fraud
3D Secure
Ravelin 3DS & SDKs
Resource zone
Global Payment regulation map
Read more about our happy custmomers
Blog / Other
It's hard to know when to buy a fraud solution or build it yourself internally. We've laid out the realities of both for you along with advice on best practices for each.
Share this article:
At Ravelin we’re in the fairly unique position of having both built our own fraud solution as merchants and now providing fraud solutions as a third party to lots of other merchants. This post will go through some of the things you will need to think about for both options as well as offer advice on best practices for each.
As a caveat to all of this, we’re going to assume that you are going to want to select a machine learning solution. This is because through our own testing of machine learning and rules (both as merchants at Hailo and now here at Ravelin), machine learning has always produced better results - read more about this here.
As we’ve written about previously, we think the best way to combat fraud is by using machine learning. The one drawback of machine learning is that it requires large amount of data to produce accurate results. This is why companies like Amazon and Ebay have been able to build their own extremely strong fraud prevention products in-house. If you are collecting fewer than 10m transactions per month it is probably worth using a 3rd party so you can benefit from everything they know about fraud from similar customers to you as well as their network of cards. If you are collecting over 10m payments per month and you satisfy the below conditions, it may be worth looking into building your own fraud prevention service in-house.
As with any big purchase, cost is one of the primary factors to look at when assessing whether to buy or go it alone. A few things you should consider include:
- What is the total cost of the third party per month?
- How much would you lose to fraud with the third party vs something in-house per month?
- How much will it cost to hire and pay a full-time in-house fraud expert?
- How much will it cost to provide this hire with the ongoing engineering and data resources they need?
- How many hours of manual review do you expect per month with an in-house system vs a bought system? What does this equate to in salary, hiring and training costs for a review team?
Once all costs are considered, you are in an excellent place to decide whether to build or buy. As a general rule of thumb, unless you have over 100 engineers, data scientists, and support staff and are willing to commit a full time data scientist and engineer to fraud, you should go with a third party system. One thing we didn’t fully appreciate at Hailo was the extent to which we needed to constantly upkeep and improve what we’d built already.
If you have a lot of in-house knowledge about fraud it may be worth looking into building your own solution. As well as data scientists and engineers, building a robust solution typically requires a fraud expert as well as highly trained reviewers. A good third party solution, such as Ravelin, will equip your customer support team with the right tools so they can manage fraud effectively and efficiently.
Building a robust fraud tool in house doesn’t just mean hiring an in-house fraud expert. That person will also require extensive engineering and data resource to implement the program both initially and ongoing. If you have a strong engineering and data science team this may be something you want to consider. If these aren’t core competencies within your company, you are better off looking to a third party who have full-time engineers and data scientists working constantly to adapt to changing fraud patterns.
As we’ve mentioned before, one of the drawbacks of machine learning is that it works well only with large data sets. If you are selling the same product you have been for years in the same geographies, building something in-house could work well for you (although you will still have to be wary of the ever-changing fraud behaviours). If you are looking to release new products or into new areas it is usually best to partner with a third party who has data on the countries you are going into and may have experience with the new products you are about to release.
If you’ve been put on something like Visa or Mastercard’s Excessive Chargeback Programme and are under pressure to get chargebacks under control immediately your best bet is to go with a third party vendor. You can integrate Ravelin in about a week and should see significant improvements within your first month. If you have fraud under control currently but are looking to get something in place for the future, you may want to consider building your own tool in-house.
If you do decide you want to build something, the most important first step is to hire a fraud expert. Look for someone that has experience in your industry and who can demonstrate the results they achieved and explain the methods they used to achieve them. This should take 3-6 months if you can find a good recruiter. You will then need to assign this person a number of engineers and data scientists to assist them.
The next step is training/hiring your fraud team. You should set a benchmark of what % of orders you want to manually review and then work from there on how many need to be trained. It’s usually worth having a senior manual reviewer as well who new hires can go to with particularly tricky cases. The % of order reviewed can vary drastically from company to company. Ravelin customers typically review 1% of orders, yet a 2016 Cybersource report found that customers using rules reviewed as many as 25% of their orders. The exact number will be determined by how good your models are.
Work out what the key metrics you want to track are and review them on a monthly basis with the relevant stakeholders, usually head of payments, head of fraud, head of marketing.
The first thing you will want to do is work out what things are important to you. For instance, if you want to ensure your customers’ data is safe you may want to choose a provider who is ISO 27001 certified, likewise if you deal with transactions in real time, you might want to choose a provider who gives instant fraud decisions.
Secondly you will want to work on a timeline for when you want your solution implemented. If it is quickly, the best thing to do is scan through a few websites, work out which ones might suit your needs and then arrange calls. If you want a longer more protracted process, it may be worth conducting an RFP.
One thing we do suggest is that if you do opt for buying a solution rather than building, you select a provider that can build models based around your own data. This means you essentially get all the benefits of building your own solution without any of the hassle or cost and at a fraction of the time.
Another thing we strongly suggest you do is select a third party supplier with PCI compliance who is able to collect full card numbers. This means if they spot compromised cards being used at another one of their merchants, they can protect you against that aggressor too.
Once you have entered into a contract with a supplier it’s important you work out with the supplier what the most important metrics are for your business (i.e. are you more concerned with keeping fraud down or accepting as many orders as possible) and track these on a monthly basis with your account manager. Results should improve month on month.
Learn more about machine learning here.
Gerry Carr, CMO
Blog / Fraud Analytics
Fraud prevention is a delicate balance between stopping fraud and maintaining good customer experiences. But what is the most effective way to measure this outcome?
Ravelin Technology, Writer
Blog / Machine Learning
Online payment fraud is one of the biggest threats facing grocery merchants. And it’s only gotten worse. How are fraudsters using the cost of living crisis to take advantage of your business?
There’s a new fraud threat on the rise – and it’s your customers. First-party fraud is infamously tricky to catch and a huge revenue risk. How can you detect and deter criminal behavior in your customer base?