Chapter contents

The decision to purchase a new or replacement fraud detection system is a difficult one. There are many factors to consider and the issue is not made any easier when there is a seismic shift in the technology landscape which is the case with fraud prevention. That shift is the emergence of machine learning as an approach to solving the fraud problem for online businesses. 

For the non-expert though it can be difficult to know which questions to ask. What makes one vendor’s approach better than others and how do you determine which vendors capabilities are better than others? 

To help we have written an RFP document that will help you make that determination. We acknowledge that we are biased of course - we’re strong believers in the abilities of this technology to reduce online fraud levels down to a level that is acceptable for your business. But that bias also means we want prospects to ask informed and meaningful questions of their machine learning fraud detection vendor. 

We have chosen questions that we think will provide fair and balanced insight into the technical and functional choices of the vendors with which you have selected to engage. In any case, the spreadsheet is completely editable, so if there are questions you don’t like or sections you think are missing simply remove or add them. Please get in touch if you have any feedback


Overall Fraud Functionality

1.Briefly describe your approach to solving fraud for online businesses.
2.Specifically which techniques do you require be used?
3.What skills or training are required for our staff to use your system?
4.Describe the implementation process including how long the process takes and what aid is given.
5.What code or scripts are required to be added to our app or website to provide data to your system?
6.Which payment methods do you support?
7.Are you able to build models and rules around our data?
8.What reporting do we get? Do you provide us with a dashboard?
9.How does customer service use your product?
10.Please provide two client references with the results you achieved for them.

Machine Learning Requirements

1.Briefly describe how ML fits into your fraud detection capabilities?
2.Which ML techniques do you deploy and why did you select them?
3.How many staff do you have dedicated to the creation and maintenance of your machine learning models?
4.Are your models deployed across all of your clients or are the models specific to each client?
5.How do you explain to your clients the decisions that the models reach regarding which customers are fraudulent and which are not?
6.How do you train the models for accuracy?
7.How do your models adapt to changing fraud patterns?
8.Is it possible to test your model's capabilities on test data prior to going live?
9.How do we add lists of white and black-listed customers to your system to ensure they do not get blocked or do not succeed in making a purchase?
10.Can you provide information on the most important features?
11.How do your models manage incomplete data?
13.How do we train the machines on an ongoing basis?
14.How do we feed back in chargeback information to the models?
15.How often are the models updated?
16.How fast are the fraud scores returned to clients and is there any interruption to the customer journey while waiting for response? If so, how long?
17.Do we need to add any steps to the purchase process, or add any code to our site or app to work with the machine learning fraud system?
18.What drawbacks does machine learning have and how does Ravelin manage these issues?
19.What reports can we expect to see from your system?
20.How do you evaluate and validate the models that you use?
21.Can we override the ML models decisions? How do we do that?
22.How do you keep abreast of and deploy improvements in machine learning techniques?
23.Do the models learn in real time, or are they retrained periodically?

Graph Network Requirements

1.Briefly describe how graph network technologies form part of your fraud detection solution.
2.Briefly describe the key benefits of using graph networks as part of a fraud defence strategy.
3.Do you visualise your graph networks? How and what do they look like?
4.How do you avoid generating too many connections in the data and capture good actors in your networks?
5.Are your graph network visualisations interactive?
6.Do you automatically ban everyone in a network? If so, how?
7.How accurate have your networks been to date? How have you validated that?
8.What connections do you create networks on? Please specify all.
9.How do you manage incomplete data in graph networks?
10.Do graph networks contribute to the fraud score or are they separate processes?
11.How do I access the graph network visualisations? Are they hosted within your system or externally?
12.How long does it take to spin up a graph network visualisation?
13.Can I see a network for every customer in the system?
14.Is there any way of tagging or labelling users in a network for anything other than fraud?
15.What drawbacks do graph networks have and how do you manage them?
16.Do we need to add any steps to the purchase process, or add any code to our site or app to work with the graph network technology?
17.How fast are the fraud scores returned to clients and is there any interruption to the customer journey while waiting for response? If so, how long?
18.Do we need to add any steps to the purchase process, or add any code to our site to make the graph networks work?
19.Can we override the graph network decisions? How do we do that?
20.How accurate have your networks been to date? How have you validated that?
21.How would you summarise the advantages of your graph networks in comparison with your competitors?

Support and SLA Requirements

1.What are your primary support hours?
2.Will we get a named account manager?
3.Will we get a technical account manager?
4.What support will we get during the integration process?
5.What are your preferred support channels?
6.What is your incident report process?
7.What is the target resolution time for minor incidents? Major incidents?
8.How often does your system go down for maintenance? What will be the impact for us when it does?
9.How do you manage peak traffic? What steps are in place?
10.How do you define/calculate 'uptime' and are there any exceptions e.g. scheduled maintenance?

Pricing and Commercials

1.Do you charge for integration support or any other setup fees?
2.Do you have monthly management or support fees?
3.What is the estimated cost per transaction at our current Tx volumes? How will this change as we grow?
4.Do you guarantee chargebacks? How does that work?
5.Are there any training or supplementary fees?
6.What contract terms do you offer? Can we get a discount for signing on for a longer period?
7.Are there any fees in addition to the ones outlined here?
8.Do you charge for every transaction or only for transactions that have been successfully completed or do you charge for every API call?