Buy or build my own fraud prevention system?

Should you buy or build an online fraud prevention system for your eCommerce business or bank? We have the perfect answer.

Hubert Rachwalski

Chief Executive Officer

6 August 2020


6 min read

In my early conversations with potential clients, sometimes I am asked, “Should I buy your online fraud prevention system, or just build my own in-house?” They generally fall into two camps: the first is ambitious new companies that have just encountered the need for online fraud prevention; the second camp is usually large organizations like banks that have well-established departments for risk assessment, fraud prevention, and software development.

To buy or build an online fraud prevention system?

It’s an excellent question. If you have the ambition and resources, why shouldn’t you just build your own Online Fraud Detection (OFD) and Account Takeover (ATO) solution? The prospects are attractive: controlling the development process, adding custom features for your vertical, incorporating your transaction data history, and saving money.

My TL;DR explanation is this: developing such a proprietary solution that is advanced and dives deep into digital fingerprinting, network characteristics, and behavioral biometrics is a continual process. Developing is one part, and that is manageable to some extent. But when you get into actually having it up to date with all of the browsers and new methods that fraudsters are using, this is a serious problem for a company that isn’t explicitly focused on developing anti-fraud systems. Having a whole department that just works on this is like having another company inside. And you can get it from a SaaS (Software as a Service) for just a fraction of the price of developing your own.

Time is precious. Designing an online fraud prevention system takes time.

Money and time are precious. Especially time. You can take the time to develop an amazing piece of software using the latest and greatest methods, but in the Online Fraud Detection arena, you cannot just “write and forget.” The tools require constant improvement as the environment is constantly evolving. The technology changes monthly (both Apple and Google are planning huge changes to their browsers), and fraudsters are constantly inventing new techniques and methods of sharing stolen personal data. You have to react, you have to develop new ways to get information about your users in a way that is fast and frictionless.

It’s also essential to keep track of general trends in fraud as well. Fraudsters have a lot of resources available to them on both the dark web and Clearnet. But there are a lot of resources available to you too! It’s better to avoid being surprised by web fraud techniques whenever possible.

It’s difficult to recruit and keep data scientists and AI developers… trust us, we know! It is a challenge to stay on top of all of the above, especially if you have your own industry to worry about. Maybe you sell high-end fashion products online, or maybe you sell video games. Your industry should be your prime focus, not building fraud prevention applications.

That is why some of the largest e-commerce companies, financial institutions, and airlines in the world decided to use Nethone instead of building their own proprietary solution. Some use Nethone alongside their in-house solution as another “signal” that feeds their risk assessment model. If you have already begun on the journey to create your own tool, or you have one completed, no worries, you can use more than one. Risk managers around the world have discovered that different tools have different strengths.

Personalization: not every SaaS is built the same

Our clients have found that we do not deliver black box Artificial Intelligence. Many anti-fraud solutions just provide a "scoring" for a recommendation, while we provide a full overview with linked analysis (e.g. if the email address/IP was connected to any fraudulent transactions before). On top of that, we assign a real person they can speak to, with whom they can discuss changes to the Machine Learning model depending on what they want to achieve. In this way, we are not a typical SaaS company that adds your business needs to a long list of enhancement requests that includes other clients as well. We have a real, physical Data Scientist to whom you have direct access, who will work with you toward your success. The only goal of your assigned Data Scientist is to know your data and how to process it to bring the best possible value out of it. This is our differentiator.

It’s possible to think (AND), not just do (OR)

Nethone works well alongside other solutions. You don’t necessarily have to scrap your already-built proprietary solution so that you can use Nethone. We have a number of clients that use Nethone to send another signal along with their existing solution. We deliver recommendations, and some clients take the data feed from us and just analyze the data we provide them alongside their proprietary solution. That’s perfectly fine since they are paying for our recommendation. Who says that they can’t have multiple recommendations from their own work, and/or from the work of our competitors? If you shop around you’ll see that different AI companies have different strengths and weaknesses in analyzing transactions for fraud and ATO.

For example, almost all banks around the world have really advanced anti-fraud solutions in place. They maintain state-of-the-art Security Operations Centers (SOC). If they’re looking for an anti-fraud solution it’s certainly not because they don’t know how to deal with fraud. Many banks have found that they can pay for another solution that they can use as a supplementary signal in their big system. If they can save 2% on this fraud, then it’ll save them millions of dollars over a period of a year. So they’re always looking for better solutions that supplement their existing solutions. They just abandon the ones that don’t bring value anymore. It’s a continual process.

The 80/20 principle and diminishing returns

Many banks and other organizations see the situation like this:

We need an SCA-compliant, PSD2 2-factor authorization that we can easily implement on the web, in Android, on iOS, and in our ops, and it has to be compliant with the relevant regulations.

A solution like Nethone can bring 90% of the value when you see it from the bank’s perspective, for example. They just compare the pricing and how accurate it is. The comparison process is pretty straightforward for them. In the end, it’s the 80/20 rule. Sometimes you get the 80% result just from the 20% of the invested money. Why would they spend a lot more on small improvements? Diminishing returns in such solutions is a big factor.

To buy or build, what is the answer?

The fraud ecosystem, fraudster players, and fraud techniques change constantly, so I recommend partnering with experts who study the fraud world every day. Your time is better spent developing new products and services to offer to your existing and future clients! But if you already have an in-house solution, or you’re committed to building one, then know that there are a number of options for adding anti-fraud solutions to your mix!

Why build something from scratch if the perfect online fraud prevention system is already available from Nethone? Let us show you how it can help your business grow over a call...

Ready to detect fraud just like Azul?

Ready to detect fraud just like Azul?

Start measuring fraud attacks today and find out if there are bots attacking your site. Arrange a call to discuss a tailored solution or explore our platform for free.

Book a call