![Native[risk]](http://images.squarespace-cdn.com/content/v1/65704856a75e450a6d17d647/f3aa0ca7-8a4d-4034-992f-9ae514f1127e/Native+risk_logo-invert.png?format=1500w){kind=logo}
#02 - The no. 1 reason why Fintechs pick the wrong fraud vendor
So you’re in the market for a new fraud prevention vendor.
If it’s the first time for you - congratulations! This is going to be a very educational ride. One that is likely to teach you new lessons years after you thought you got off it.
And if it’s not your first time - chin up buddy! Whether it went well in the past or not, you are probably anxious right now.
We all know that these decisions will stick with us for a long while. At the same time, we all heard of those nightmarish stories where a vendor didn’t keep their end of the bargain.
I’d like to be the bearer of good news - this can be avoided easily.
I typically use a 6-step process that helps me confirm I’m making the right choice when selecting a new vendor.
Interestingly, my experience shows that botching the first step is the top reason for faulty decisions.
So what is the first step? Analyzing your own business needs.
And what is the most common mistake I see?
Skipping it entirely.
So before you jump on demo calls, review API documentation, and download RFI templates - let’s go over the basics. How do you analyze your needs?
Analyze your business context
Ideal Customer Profile (ICP): Are you offering a B2B or a B2C product? Is there a focus on a specific segment you’re targeting? In B2B this can be the industry vertical (e.g., fashion) and in B2C that can be a buyer persona (e.g., GenZ’s).
Region: Where do you operate today? Where are you looking to expand in the next couple of years? Regions can differ in many ways that will impact how you manage risk. Starting with different risk levels (think LATAM vs. EMEA), different regulatory frameworks (don’t forget the card schemes!), and even the payment methods mix.
Payment methods: If you’re offering your customers to send or receive funds, what are the payment methods available to them? This will not only influence the data schema, but also dispute processes, costs, and fraud patterns. Are you looking to expand your offering in the next couple of years? If so, how?
While reviewing these areas, list your prominent “keywords”.
For example, you might describe yourself like this: “B2B, SMB, LATAM, Credit Cards, POS”.
Alternatively, it can look like this: “B2C, emigrants, North America, Instant Bank Transfers”.
These two businesses are highly unlikely to choose the same fraud prevention vendor.
Identify your relevant attack surfaces
Look at your different user journeys. What features do you offer your customers? Here are some examples:
Open (and log in) to their own account
Send payments
Accept payments
Take a loan
Payouts
Issue a credit/debit card
Etc.
Each of these journeys poses different levels of risk and exposure to your business. Are you already feeling the pain in some of them?
Don’t discount the ones that are less painful now, they might not have been discovered by fraudsters yet. At the same time, think about the features you’d like to rollout in the next couple of years. Are they all covered on your list?
Order these by priority level: a simple matrix of “fraud losses” and “overall volume” will inform you which vulnerability points you want to solve first.
Together with the keywords you collected above, you should already have a very clear idea of what you’ll need to see and hear from your chosen vendor.
Define your operational model
So we’ve analyzed your customers and how you serve them. One thing still needs to be defined: How are you going to manage risk?
I mostly see these three models:
Builders - these companies are building their own fraud prevention tech-stack and are operating it end-to-end. Builders will usually look to buy additional data to power their algorithms.
Operators - these companies decided against building their own stack, but they still want to own their fraud operations (e.g., case investigation, rule-writing, reporting, etc.). Operators will look to buy tooling that will help them with either scaling operations, or increasing their effectiveness.
Delegators - these companies would rather someone else take care of fraud for them. It might not be a big-enough pain point, or they might simply not have the capacity for it. In any case, they want to outsource their fraud operations. Delegators would look for managed services, either in the form of SaaS products or professional services.
Now ask yourself - what’s your fraud operations strategy? Different approaches call for different solutions.
Of course, reality tends to be more complex than that, and you might find your needs to require a set of solutions. That is fine.
As long as you understand how you’re going to operate and which solution you'll need for that, you’ll make a better vendor selection decision.
TL;DR
Want to future-proof your fraud vendor selection?
Spend a couple of hours on:
Describing your customers
Describing how you serve them
Defining your operational model
Remember: do not consider only the current state of affairs. Take a look at your product & GTM roadmaps, so you’re not surprised when fraud comes at you from a new direction.
That’s all for this week.
See you next Saturday.
P.S. Feel like you're stuck with the same fraud challenges for months and need expert advice quickly? Book a consultation call with me to get clear, actionable recommendations that fit your budget. Guaranteed.
Book a Call Now >>
Enjoyed this and want to read more? Sign up to my newsletter to get fresh, practical insights weekly!
