Fraud attacks are constantly evolving, so defenders need to continually evolve their detection and defense capabilities. This requires extensive investment in research and development as well as on-call expertise from fraud defense specialists. For virtually every company, the most effective option is to partner with vendors who can provide solutions for a wide range of businesses and therefore recoup their deep investments in people and innovation.
In theory, this creates a synergy where fraud defense providers build a business that rewards investing heavily in their fraud detection technology, while the businesses they protect get detection capabilities that would have been functionally impossible to create on their own. Win-win.
The reality is a little different from this idyllic win-win model.
Fraudsters have a lot of ways in. Synthetic identities, credential stuffing, phone scams, malware, phishing, collusion, and friendly fraud are just a few of the most popular ways to defraud a business online. Fraud defense providers each specialize in technologies to expose attacks, like IP reputation, device fingerprinting, behavioral biometrics, identity verification, and reputational consortiums. Businesses layer on these solutions until they get to an acceptable balance between friction and fraud losses. The deterred attackers then use their time to attack softer targets.
Eventually, these defenses become popular enough that it becomes lucrative for fraudsters to innovate past these fraud defense technologies and “re-open” these protected businesses to fraud attacks. The re-exposed businesses have to discover why their defenses are in decline – either catching too little fraud or pushing too much friction onto good customers – and work with their solution providers to catch up with new attack capabilities. Once they catch up, the cycle begins anew.
For fraud defense solution providers and the businesses they protect, this cycle is incredibly hard to sustain.
For fraud defense vendors, especially for fast-growing venture-backed startups, the ability to invest big in innovation and use equity to attract top talent starts out pretty easy. Eventually, the defense provider exits their high-growth phase and their focus shifts from growth to profitability as they reach market saturation and the business’s valuation levels out. It gets harder to keep top talent engaged and their investment in R&D doesn’t grow the size of their market, though it may help retain some customers facing innovative new fraud attacks.
For the employees inside the fraud solution vendor, it is much more personally lucrative to leave their job and start a new company with the relationships gained and lessons learned than it is to improve the product sold by their existing company. So, many of them do. The result is that R&D falls off just as it’s getting really lucrative for attackers to defeat a fraud defense technology.
Businesses that happen to purchase a solution that can't keep up with evolving attacks face a pattern of replacing fraud defense providers every 5 years, depending on how early they adopted into the current generation.
The most innovative fraud defense providers are committed to continual investment in research and development. They maintain peak performance much longer than competing solutions because they develop new features as they uncover new fraud attack tactics. Many times these new features require the businesses they protect to change their integrations, expand their data collection, or expand to new checkpoints. Getting engineering resources prioritized to do this may be difficult, if not impossible, which drives a consumption gap that reduces the effectiveness of the provider’s fraud defense solution.
Business leaders who aren’t familiar with the combative nature of a fraud defense solution could misinterpret continual maintenance as a deficiency in the technology, the implementing team, or both. This can have a negative effect on organizational trust and slow down practitioners and service providers that are already working hard to fine-tune the balance between customer experience and fraud defense. Over a long enough period of time, these relationships can deteriorate and cause an organization to move away from an effective solution.
At SpecTrust, we regularly run into businesses using fraud detection tools from circa 2004 or integrating with a half-dozen providers that they know have overlapping capabilities but are afraid to phase out for fear of breaking something. There’s a good reason why this is so common. A complete fraud defense consists of (roughly) three tightly-coupled parts: gathering data, integrating fraud defense solutions, and implementing protections.
Because of how tightly coupled these three parts are, any change to one part ripples changes through the whole system and drives significant engineering costs. Phasing out a vendor entails a detailed assessment of when and where the vendor affects the user experience, fraud catch rates, and requires a benchmark against the innovative technologies they’re being replaced with. Most businesses default to the “if it ain’t broke, don’t fix it” mentality, but as we’ve shown above, a dearth of innovation means breakage.
At SpecTrust, we’re big fraud defense nerds. We love innovative solutions, and we work with a huge community of fraud defense providers using cool technology to protect transactions totaling billions of dollars. We’re not a member of the next generation of fraud defense solutions. We’re a platform to make it effortless to embrace new innovations in each successive generation. Forever.
We built our no-code Fraud Defense Cloud to automatically collect data, integrate fraud defense providers through a codeless UI, and implement protections without any switching costs.
For fraud defense vendors, this means they can instantly integrate their cutting-edge solutions for businesses that are stuck fighting with outmoded fraud defenses, as well as upgrade their capabilities for the businesses they are already working with. The breadth of data collection made possible by our Fraud Defense Cloud means a more robust data set for analytics and machine learning models. This drives a dramatic increase in product development and a sustainable cycle of research and innovation.
For fraud defenders, this means access to cutting-edge defense capabilities, seamless upgrades as their vendors continue to innovate, and full transparency on how each contribution to their overall fraud defense is keeping them ahead of emerging attacks.