Why Do You Need Fraud / Risk Orchestration
There are four reasons that fraud continues to be a growing problem, despite all of the available solutions. Fraudsters continuously evolve their attacks, fraudsters look for cracks between existing protections, fraud/policy abuse is often nuanced with few generalizable commonalities, and fraud protections can’t reduce revenue.
An effective fraud prevention system must address all four problems. It must: continuously evolve with attacks, span across your entire product with no cracks or seams, be able to segment users and deploy targeted protections, and minimize fraud while maximizing revenue.
Many solutions address types of fraud, but only fraud orchestration can address all four root causes of fraud.
Fraud orchestration provides a system for your company to engineer and deploy new protections as fast as fraudsters evolve. It views your entire product as one user journey and lets you deploy holistic protections. It allows you to test narrow fraud hypotheses, and deploy targeted mitigations. It allows you to do all of this with a keen eye towards maximizing revenue.
How to Build a Fraud Orchestration Platform
Depending on the sophistication required and the resourcing available, fraud orchestration platforms can vary. You’ll have to consider three pillars in creating a minimum-viable-product fraud orchestration platform: integrating fraud tools and data sources, tracking and analyzing user data, and deploying rules and logic.
Here's a list of features to consider when building a fraud orchestration platform:
- Integrations: Connect fraud, trust & safety, and risk services. Expect:
- Sandbox access hassles (sometimes nonexistent).
- Documentation struggles (incomplete, unavailable, or bad).
- Constant spec and documentation changes.
- Integration code (with timeouts, retries, and error handling).
- Integration testing (deployed APIs may differ from docs).
- Production account hurdles (often requiring management involvement).
- Secret management for credentials (including production key rotation).
- Data Mapping: Translate data between services with different formats and field requirements. Maintain state data between workflow steps.
- Multi-Request Interactions: To utilize IDV or 2FA/MFA, you’ll need to support additional user input through multi-request interactions.
- Custom Data Transformations: Go beyond basic mapping with calculations and extractions.
- User History Access: Build features like velocity calculations (e.g., actions within X time frame).
- A/B Testing: Continuously improve workflows and integrations to stop more fraud and reduce friction.
- Monitoring & Analytics: Track integration performance, service responses, and potential bottlenecks.
- Custom Endpoints: Send webhooks, call/train custom models.
- Deployment & Maintenance: Manage code across development, QA, sandbox, demo, and production environments.
- Workflow Visualization: Understand current risk workflows, keep documentation in-sync with deployed code.
- Rapid Updates: Deploy workflow updates without deployment schedule constraints (Fraudsters don’t care that you only do deploys Tuesday nights at 1am).
- Global Allow/Deny Lists: Implement global controls for system access.
- Data Storage: Store user and integration data for access, analysis, and historical reference (optimize for cost and performance).
- Auditability & Debugging: Log every decision with inputs and outputs for each workflow step to debug and improve.
- Performance Measurement: Quantify results for reporting to leadership.
Alternative to Building
Yes, pre-built fraud / risk orchestration platforms exist, offering speed, efficiency, and reduced development effort. These platforms orchestrate all of your fraud tools & workflows, stitch them together into a single data platform, and enable fast, efficient, and low-effort fraud engineering.
Building vs. Buying:
- Building: Ultimate control, flexibility, deep understanding (but requires significant effort).
- Buying: Faster setup, less development & maintenance work, potentially less control.
The Choice is Yours
Weigh the options, choose your path, and remember: the goal is to protect users and your business. This guide is just the start. Stay tuned for deeper dives into specific challenges and solutions.