Finding the Needle in the Haystack: Selecting a Vendor for Fraud Prevention

As long as there are digital transactions, there will be people around looking for ways to compromise them for financial gain. Fraud prevention is table stakes for managing any sort of online platform, but it’s easier said than done. The global fraud detection and prevention market is worth billions of dollars, and it’s only getting bigger the more of our lives we put in the hands of digital architecture.

Suffice to say, there are a lot of fraud prevention vendors out there. You have an intimate knowledge of the fraud and abuse challenges facing your specific platform, but finding a vendor who can meet those challenges box-for-box can feel like looking for a needle in a haystack. What’s more, the process of testing solutions with different vendors and feeling confident in your choice of provider only further complicates the process. Keeping your platform and users safe is priority number one, and for most platforms, it won’t be possible without some outside help.

What look for in a vendor

If you can think of a data collection type, fraud use case, or type of decisioning used, there’s probably a fraud prevention SaaS provider out there with an entire business model dedicated to selling it. Finding the right vendor can be challenging in a saturated market, but there are some key things to keep in mind.

1. Data quality

In the world of fraud detection and prevention, data is king, and quality, tamper-resistant data is the king of kings. When it comes to finding a vendor, the type of data they collect, how reliable it is, and how they analyze are some of the most important factors to consider.

For example, does the vendor have any unique data collection points? If they only want to analyze your historical data, then it’s likely that their solution is just an algorithm they pass your existing data through to get a risk assessment. Their algorithm might be more experienced than something you could build in house due to their existing clients, but it’s ultimately still something you could build yourself for cheaper than the lifetime cost of paying a third party for the same service. If they don’t need to integrate anything in your app, they likely don’t have any special data collection points. If they’re not collecting any data more specific than what you already collect, they might not have that much outside-the-box problem-solving to offer you.

Reliability of data is another crucial point. Fraudsters know that fraud prevention solutions use various data points, such as device ID, to find and identify them, and they react accordingly. If a vendor’s solution isn’t capable of re-identifying fraudsters beyond their obfuscation techniques (i.e., location spoofing, device ID spoofing, app tampering, emulators, etc.), then it’ll realistically only be able to identify a fraction of the fraudsters on a platform—or worse, only a fraction of an individual’s fraudster’s multiple accounts.

2. How unique is their solution?

Build vs. buy is a perennial question in fraud prevention, and normally, internally developed solutions aren’t the best route to take. They’re expensive and time-intensive to develop, but that’s not the worst: maintaining a solution to keep up with emerging threats and new fraud techniques can quickly cause the budget and scope of an internal solution to balloon out of control.

With that said, seeking an outside vendor is also an investment, and it’s one that shouldn’t be made unless a vendor really makes it worth your while. If a vendor can only offer you a machine learning algorithm to analyze data you’re already collecting yourself, it might be better to develop some in-house analysis tools until you find a vendor with a solution that you couldn’t easily replicate yourself—the price of any solution has to be justified by the edge it can give you against fraudsters.

Said differently, how unique is their data collection ability? Answering this question can also answer the question of how much new value they can bring to your platform, and most importantly, what capabilities they offer you that you couldn’t do yourself. If a vendor’s data collection abilities aren’t unique, then what they’re offering is a different way to analyze data you already have, and that probably isn’t worth paying a premium.

Feeling confident in your choice

Sometimes, it’s hard to know whether you’ve made the right decision even after testing and implementation. The best way to feel good about your choice of vendor is to do your due diligence in the selection process, and keep looking at the numbers after implementation.

Exercising skepticism

Incognia’s CEO and co-founder André Ferraz advocates for skepticism when it comes to the claims a vendor makes about their solution. The more skepticism and independent verification you do of a vendor’s claims before and during your POC and POV process, the more confident you can be that their solution is the real deal, and can really help with your specific use cases. Once again, data is your best friend.

As André said in a webinar session with AboutFraud, “You have to look at the data. You have to really go down to the details to understand if [the solution] is a fit, because many times, I see fraud fighters in love with a new technique, with a new type of product. They adopt this because it's the shiny new object, but many times this doesn't really solve your problem. Being skeptical and asking the hard questions is very important, as well as feeling comfortable with looking at data and analyzing it from different angles.”

Also presenting at the webinar, “The Real Full Stack: People, Processes, Technology, & Data” was Kyle Caldwell, the Senior Vice President of Fraud Management for M&T Bank. On the subject of feeling confident in your vendor choice, Kyle explained that looking to the future can help build relationships, “One of the things that I often ask for is a road map in the sense of, you know, ‘Hey, so this is your technology today, but what are you thinking about tomorrow?’ Roadmaps are generally something that can be cautiously given out by vendors, because they don't necessarily want to be held to it, and I can appreciate that there's a new fraud trend that comes up and they want to jump on it.

“But if you're able to gauge the relationship that you're building with the vendor…I don't think you'll ever get to a point where you'll know for 100 percent certain that the company is the exact absolute fit and perfect match and you're going to be happy until the end of the time, but at the very least, you can help mitigate and build that relationship.”

Finding a fraud prevention solutions provider you can trust is no small task, but the good news is that you don’t have to put all of your faith in a black box—as a potential client, you can ask for data and transparency. You can do your own solutions testing to figure out whether what’s on the table is actually a unique and effective solution to your specific problems. With an attitude of healthy skepticism and a problem solving mindset, you can find the fraud prevention needle for you, even in a haystack of options.