Buying versus building a fraud solution: The costs and benefits
In 2020, digital payments or card-not-present (CNP) fraud accounted for 68% of all merchant fraud losses. With digital adoption ever-increasing and global credit card fraud losses projected to increase significantly by 2030, digital payments fraud is likely to become an even bigger threat.
It’s no surprise, then, why enterprise — even small and mid-level — businesses are recognizing the long-term benefits of fraud solutions and investing in them heavily. Without protection, an attack is almost guaranteed in tomorrow’s e-commerce world, regardless of business size or notoriety.
Fraud protection is non-negotiable in the future of e-commerce. But for many merchants, the question remains: Is it better to buy or build a fraud solution? Evaluating the key differing factors between buying and building a solution can help merchants assess which option is right for them.
Buying vs. building: What’s the difference?
The difference between buying and building a fraud solution is that when you build a solution you have to create it “in-house.” And when you buy a solution, you get a “pre-built” fraud detection software from a company that specializes in fraud prevention.
Some companies may build in-house systems to stop the fraudulent activities that affect their businesses. The process often requires hiring a team of engineers, data scientists, and developers to create the product.
An in-house solution can also require many third-party vendors and tools. Businesses may go this route so that they can own the product outright. Or they feel it will give them more granular control over their fraud-fighting capabilities and analytics.
Other merchants purchase pre-built fraud prevention software instead. Fraud software is, in essence, an “out-of-the-box” solution that integrates with a business’s current technology systems to stop fraud, chargebacks, and more.
Buying a fraud solution can help businesses preserve resource allocation, increase fraud-fighting capabilities, and decrease long-term costs. But not all of them are created equal. Solutions vary greatly, and choosing the right one will depend on a business’s fraud challenges.
Merchants should know the differences in fraud detection software solutions and understand the top tech features to look for when picking out a solution. Things like uptime, latency, and the types of data a solution collects are all important tech capabilities to evaluate.
Buying vs. building: 5 factors to consider
Pre-built solutions vary drastically from in-house solutions on several key factors. Merchants should evaluate each point carefully before deciding to build or buy a solution.
“Often, businesses underestimate just how much goes into creating an effective solution,” said Brady Harrison, Kount’s Director Customer Analytics Solution Delivery. “Solutions take a considerable investment of time, money, and resources to create, maintain, and, ultimately, improve over time. And merchants should be aware before they get too in over their heads.”
The build approach: When building an in-house solution, merchants have to invest a significant amount of time to create and implement it. To start, merchants need to factor in the time it takes to hire data scientists and other teams who will actually create the solution. The hiring process can take weeks to months.
Then it can take up to two years for engineers and data scientists to build a solution. After that, they must implement the solution, test it, and work out any bugs before it’s ready for use. The process of implementing and testing generally takes several months.
Add more time to the schedule if you have to onboard and integrate vendors or tools. Overall, you can’t stop fraud until you deploy your in-house solution and may wait longer before you see a return on the investment.
The buy approach: Buying a pre-built solution requires drastically less time than building one in-house. Pre-built solutions generally take a few weeks to implement, but you may be able to see a return on some features in as little as a few days. Once they implement a solution, merchants may need one or two follow-up sessions to adjust their policies to better suit desired outcomes.
All in all, a pre-built solution usually takes no more than a few weeks time to go from purchase to implementation. And once implemented, most fraud prevention softwares can start fighting fraud almost immediately.
“Comparatively, there is almost no advantage time-wise to build a solution,” said Harrison. “If you’re limited on time, buying a pre-built solution is almost always significantly faster.”
The build approach: Merchants may not be aware of the significant amount of money that goes into building a solution. An in-house-built solution has many hidden costs that can add up quickly.
When building a solution, merchants need to consider the size of the team required to build the product and the costs of that labor. Generally, a small team requires around four to five employees and should include a mix of developers, data scientists, and engineers.
Between taxes, wages, and benefits, the cost of even a small team to build the solution can easily exceed a million dollars — and that’s on the low end. With a shortage of skilled data scientists, this cost is sure to be more in today’s market.
Merchants also need to account for the costs of creating a risk and design strategy, physical infrastructure to house the product, and any outside vendors and tools.
Third-party vendors and tools, in particular, can be costly. Merchants often need to evaluate and purchase dozens of vendors and third-party tools to create a functioning solution. Things like servers, firewalls, device fingerprinting, and data sets are all essential in a fraud solution.
“It is not uncommon for merchants with in-house solutions to need a dozen or more vendors and third-party tools and data sets to get in the same ballpark of even a modest fraud solution, let alone a modern one,” said Harrison.
Then merchants need to budget for maintenance. At minimum, scientists and engineers need to update their solution’s data models every six months to ensure it keeps up with new and emerging fraud attacks. Outdated fraud models are an open door for attacks. Updates can cost upwards of a few hundred thousand dollars.
And this doesn’t include an in-house fraud team that can manually review necessary orders. Though it may sound high, building a fraud solution in-house can cost millions of dollars in upfront costs alone — and total $5 million to $10 million after all is said and done.
The buy approach: Pricing will vary with a purchased solution. Companies typically charge by the number of transactions their solution processes, but some might charge a flat rate. And even with a pre-built solution, companies will also still likely need to hire an in-house fraud team to conduct manual reviews and oversee the business’s account.
If their solution provider offers it, merchants can use a policy management and optimization service to reduce the need for an in-house fraud team. Policy management professionals can take over manual reviews, develop a fraud strategy, and adjust controls to ensure the solution is tailored to the business’s needs.
Beyond the cost of a solution and in-house fraud personnel, businesses will have little to no other expenses. Merchants don’t have to worry about maintenance costs, developing or purchasing key fraud tools, or maintaining vendor relationships.
The build approach: Regardless of whether a business buys or builds, once they deploy a fraud solution, they need to consider its effectiveness. The risky thing with in-house fraud solutions is that you don’t know the true effectiveness until you deploy it. Essentially, you can invest millions and several years into a solution that doesn’t work.
Fraud is always evolving, and fraud tactics can change on a dime. Merchants may build their in-house solutions around a certain fraud strategy according to current trends. But by the time they deploy their solution, new fraud tactics will have emerged. Correcting an ineffective fraud solution can be costly and require a significant amount of time.
Additionally, fraud solutions are only as effective as their data sets. The more historical data you have, the better. In-house solutions rely on expensive third-party data sets that may be limited in age and scope, which can hinder fraud-fighting capabilities.
In-house fraud solutions also run the risk of using controls that are too tight, too loose, or difficult to change. That means businesses are vulnerable to letting in too much fraud, adding unnecessary friction, or falsely declining too many good customers.
“Unfortunately, oftentimes when merchants with in-house solutions come to us, they’ve wasted considerable time and money to ultimately find out their solution doesn’t work,” said Harrison. “They’re overwhelmed and pulling in other resources from their business to shore-up their ineffective solution rather than focusing on growing their business.”
The buy approach: Depending on the software, pre-built fraud prevention solutions, however, have been proven to work at least to some degree after implementation. Though effectiveness will depend on the company, when you implement a good solution, it will be effective from day one.
And a good software solution will adapt to new fraud tactics seamlessly. The best solutions have teams of data scientists dedicated to updating fraud models that will evolve with future trends. And they will dedicate teams solely to monitoring and improving certain key technologies like device fingerprinting, biometrics, proxy piercing, and more.
Plus, pre-built solutions work from large data sets. The robustness of the data will again depend on the provider. But solutions tend to be largely more accurate than in-house ones because of their data sets. With a pre-built solution, merchants also have the ability to tailor the solution according to their fluctuating needs.
“One of the biggest unknown benefits of buying versus building is that, with a pre-built solution, you can expand risk thresholds according to seasonal changes, new product lines, or new markets without development resources,” said Harrison. “That means you can adjust to purchasing behavior or enter new revenue areas without jeopardizing your bottom line or causing friction.”
4. Scalability and adaptability
For most online retailers, strong growth is key to achieving economies of scale, securing better margins, and delivering better returns to owners and investors. Therefore, it’s essential that a fraud prevention system makes it possible to scale efficiently as transaction volumes grow.
The build approach: When companies start to grow, in-house solutions rarely keep up. They may struggle to grow into new geographies and accept higher transaction volumes. Companies may try to compensate by hiring more workers, but this will be ineffective when the problem lies within the solution itself.
And how about when companies experience sudden daily fluctuations in transaction volumes? In-house fraud solutions are almost always rigid in this area and will crash at the first big wave in transaction increase, leading to chargebacks and brand damage.
The buy approach: One of the best things about fraud prevention software is that it can grow with a business. Merchants can move into new territories, accept new currencies and payment methods, and accept more good orders with little interruption. Pre-built fraud prevention solutions also seamlessly adjust to fluctuations in purchasing behavior and increases in traffic volume.
When businesses accept credit cards and other forms of payment, they must comply with certain standards. The most notable ones include the Payment Card Industry Data Security Standard (PCI) and anti-money laundering regulations.
The build approach: When businesses choose to build a solution in-house, they assume the immense cost and liability involved in complying with these standards. That includes maintaining a data center and training staff for compliance.
The buy approach: Customers of fraud prevention providers can, essentially, “outsource” compliance. By using a compliant fraud prevention provider, online retailers can avoid the high costs, significant time requirements, and high-level staff required to meet strict standards.
Buying a fraud solution: ROI and cost analysis
A large retail organization that processes approximately 1 million online transactions annually revealed, in a new Forrester report, their three-year ROI after buying a fraud software solution.
Previously, the organization used a mixture of in-house manual fraud controls and rule-based fraud controls from a vendor. As a result, the retailer was experiencing heavy losses from malicious and friendly fraud, the latter of which accounted for 50% of the company’s fraud losses.
Compounding the situation were excessive payment card declines flagged by stringent controls that led to increased customer complaints and decreased revenue. The retailer was leaving dollars on the table from good customers and wasting acquisition costs.
Additionally, the retailer was dealing with growth challenges. As the retailer experienced increased traffic volumes, their in-house solution was unable to accept new payment methods or adjust to fluctuations in transaction volumes.
After implementing Kount Command, the retailer saw an almost immediate reduction in fraud. Over three years, Kount helped the retailer avoid $2.5 million in friendly fraud and cut malicious fraud by 40% — or $4.9 million.
By leveraging the Kount platform, the organization experienced a 290% ROI, reduced false positives and customer friction, eliminated 15,000 hours in manual reviews, accepted more good orders, and saved almost $10 million.
So should you buy or build a fraud solution?
It makes little sense, especially in today’s e-commerce environment, to build your own fraud solution. Building your own solution will take, at minimum, a year and require millions of dollars, all while running the risk of ultimately being ineffective — or at least as effective as it could be.
“Of all things, you don’t want to be on the back foot when it comes to fraud prevention,” said Harrison. “Reactivity is a welcome sign for an attack. You want a solution that fights fraud effectively without you having to think about it or interfere. Ultimately, it becomes an entire product to support itself, a distraction rather than an asset.”
In-house solutions often can’t keep up with the sophisticated and ever-evolving fraud attacks in today’s e-commerce world. An in-house solution also almost always lacks the flexibility and adaptability for seasonal purchasing behavior and entities into a new market.
A pre-built fraud detection solution offers flexibility, scalability, and effective fraud-fighting capabilities with little time investment and at a predictable price. The other great advantage of pre-built solutions is that good ones will go beyond just fraud fighting.
Upselling and cross-selling to good customers is one of the best ways e-commerce merchants can stay competitive in the market. Kount’s digital enablement solutions allow businesses to use their fraud-fighting capabilities to expand revenue opportunities.
Use physical and digital identifiers to reveal things like propensity to spend, browsing patterns, tastes, and more. Then leverage these data-driven insights to market more effectively.