Data Quality: The Missing Piece of the Build vs. Buy Fraud Prevention Debate
Subscribe to the Incognia Newsletter
In today's digital era, businesses across the globe are facing an unprecedented challenge in the form of sophisticated fraud attempts. The stakes are higher than ever, and the need for efficient fraud prevention strategies cannot be overstated. The build vs. buy debate in the fraud prevention space is a question as old as time, but it’s important to consider all of the layers behind this question—including the quality and types of data powering any potential fraud prevention solutions.
Fraud prevention’s “build vs. buy,” question
Every platform that gets big enough to have to consider implementing fraud prevention measures has to beg the question: buy a software solution from a third party, or develop one in-house?
The benefit of an internally developed solution is, of course, ultimate customizability. Theoretically, if you’re developing your own solution, it’ll be everything you need and nothing you don’t, with the ability to add or subtract features and scalability as you go along. In practice, however, developing a fraud prevention solution internally is incredibly time, money, and resource intensive. It’s certainly not impossible, but there’s also a reason that third party solutions providers dedicate their entire business model to creating their own solutions—it takes a lot to build and maintain fraud prevention tools and software.
Maintaining an internal fraud prevention system requires a significant ongoing investment in technology, research, and personnel. The task of staying ahead of innovative fraud techniques demands not only a team of specialists dedicated to monitoring, updating, and testing the system, but also significant expenditures on advanced technologies and tools. This constant cycle of development means that the initial cost of building the system is just the beginning. Operational expenses can quickly escalate as new security features need to be developed and implemented regularly to counteract new forms of fraud.
Furthermore, the maintenance of an in-house system is compounded by the fluid digital landscape. Regular updates to browsers, operating systems, and data protection regulations can directly impact the effectiveness of fraud prevention tools, not to mention the constant evolution of fraudsters themselves. Adapting to these changes requires not only agility but also additional resources, further adding to the cost and complexity of maintaining an effective fraud prevention strategy.
That isn’t the end of the limitations of an internally developed solution, however. Even if the development and maintenance of a DIY fraud solution is completely within your company’s wheelhouse, there’s another component to consider: the data you use to power your new solution.
No fraud prevention solutions work without data
The data problem of internal fraud solutions is multi-layered. The first layer is the quality and types of data that the platform has firsthand access to; if this data isn’t good or reliable enough to reduce fraud number while also limiting false positives, none of the rest of the anti-fraud architecture the platform has developed will be able to carry that weight. For example, say that your platform develops a fraud solution that relies predominantly on device ID, only for any number of factors (device ID spoofing, new privacy limitations on data collection from manufacturers, the use of emulators, fraudsters buying multiple devices, etc) to render your device ID signals less than reliable. In this case, you’d be stuck with an expensive fraud prevention solution that still needs to be supplemented with something else to work properly.
Internally developed fraud prevention solutions also face the problem of siloed data. That is, they only have access to their own data sources, unlike the wider net cast by third-party vendors who service multiple clients, potentially in multiple markets and countries. A vendor that focuses entirely on fraud prevention has the advantage of being able to bring knowledge they’ve seen from older clients to newer clients, essentially keeping them on the bleeding edge of new fraud trends.
Not all data is created equally: signal type and quality matter
Naturally, every fraud prevention solution is built with some kind of data collection in mind. The type and quality of data and signals used makes a significant difference, however.
PII or personally identifiable information verification, for example, has become a less reliable data source in recent years because of the widespread availability of data breaches. Fraudsters today can access much of the data that a PII-based system would use to verify users, making it less effective. Accessibility can also be a problem for biometric-based solutions. Because people’s faces and voices are often publicly available on their social media accounts, the rise of deepfake and gen AI technology makes this tech more vulnerable to spoofing as time goes on.
Quantity over quality is another important dimension of the data problem to consider. Too much data is effectively noise—expensive to collect, store, and protect, but also potentially less useful than imagined, if you don’t know your needles from your haystack.
In Incognia’s area of expertise, device and location intelligence, data quality makes all the differences. In order for location to be valuable as an anti-fraud signal, you have to use a highly precise, tamper-resistant location. Incognia does this by using a combination of different signals to build location environments—this allows us to see through any attempts by fraudsters to manipulate location data, and the high accuracy helps us limit false positives that can punish good users. On the device side, integrity checks help weed out fraudsters early on by identifying high-risk features of their devices, like the presence of common fraud tools.
The type of signal used and the quality of the data from that signal come together to form a truly resilient fraud detection solution that can power decision making with as little collateral damage as possible.
The infinite possibility presented by building your own fraud solution shouldn’t be taken lightly, but neither should the real requirements to make that solution work: time, resources, maintenance, research, and, perhaps most importantly, quality data to support decision making.
