In my last article Reducing Friendly and Malicious Fraud, I listed a handful of companies that focus on various aspects of fraud prevention and chargeback resolution. While there are tons of options out there, you need to first answer whether it makes sense to outsource. Then, you need consider to what extent you should outsource. This article outlines the basics in considering vendors for fraud prevention. Additionally, you’ll have an initial dataset to give to these companies as you start reaching out.
You will need to answer the following questions:

  1. what is my chargeback spectrum?
  2. what basic protections do I already have in place?
  3. what’s my budget?
  4. how much time can my team spend setting up a new vendor?
  5. what truly needs to be done?


What is my chargeback spectrum?

Before you consider potential options, know what problems you are trying to solve. First, understand your historical loss to chargebacks and start digging in. You need to know your total chargeback rate and the rates broken out by credit card providers such as Visa or Mastercard. The industry standard cap rate is 1%, meaning that in a given month you may only have 1 chargeback filed for every 100 successfully placed orders. Chargebacks 911 offers a quick breakdown of chargeback rate requirements by Visa and Mastercard. If you are approaching 1% or find the cost of the chargebacks to be too high, then you should work on creating a solution.
Next, you must understand the breakdown of chargebacks due to service/product issues, friendly fraud, and malicious fraud. You need to know the financial impact of each and estimate impact of reducing any given piece. It’s critical that you have a rough idea of how often malicious versus friendly fraud is happening. If most chargebacks are from fraudulent orders, you can pick solutions like Signifyd that helps you to filter out those orders. If that is not the case, it dramatically changes what vendors can offer effective solutions to your problem. For friendly fraud, I tend to implement more customized solutions with an internally led team. Remember, friendly fraud is a normal looking order and cannot be prevented at the time of order placement.
Ultimately, you must differentiate your various fraud drivers. With a clear breakdown, you can isolate appropriate solutions that will target maximum reduction in loss.

What basic protections do you already have in place?

Do some research on industry standards and compare to your internal processes. Do you require CVV/CVC passes verification? Are your charges clearly labeled on bank account statements so customers can recognize the charge source? Do you ban users who file chargebacks? A quick Google search will surface lots of basic things you can do today that can reduce chargebacks. Here’s an example article to get you started.
If you find that you aren’t doing the standard practices, that might be a better place to start than outsourcing. Outsourcing has a very heavy initial cost. You want to make sure your investment is worthwhile. If you aren’t really casting a net to catch fraud yet, you might find that it diminishes once you do start. The areas that diminish can completely change what type of outsourcing you require.

What’s my budget?

This is an obvious but important question. Fraud prevention can get pricey and there are tons of customizations that can cause it to fluctuate. Understanding your budget means understanding the whole picture. Compare your current chargeback costs with the options of outsourcing versus building a solution internally. Subsequent articles will dig into the nuts and bolts of building an internal system, which can help you estimate the cost more accurately. For now, we will glance over the basic cost drivers.
Understanding current cost of fraud

  • chargebacks rate and chargeback fees
  • costs to respond to chargebacks
  • savings if chargeback are reduced

Basic cost components of building internally

  • labor cost for developers to build an internal manual review system (one-time)
  • labor and hiring cost of fraud prevention system manager (on-going)
  • labor and hiring cost for the manual review team (on-going)
  • labor and hiring costs for chargeback analysis and resolution (on-going)

Building internally also has a high initial cost, but the monthly reoccurring costs can be substantially lower than monthly vendor costs. In past projects, I’ve set up companies with a Philippines based manual review team for a monthly cost of under $2k. It is important to note that building internally does require expertise. Hiring somebody with expertise should be one of the key costs you consider and can definitely be a pain point.
To recap, you need to understand what types of fraud are behind your chargebacks, the current costs of those chargebacks, and then the projected cost to build an internal solution. After that, you should project how much the internal system will reduce your current chargeback costs. Now you have two separate estimates: expected cost of fraud + cost of building and operating internally. Combined, these two give you a spending limit for outsourcing.
To consider outsourcing, the vendor should reduce your chargeback loss and cost less than building internally. Create a price range that indicates when outsourcing makes sense to your company. This range will be important as you talk to different vendors. Most are flexible and some can create special packages that fit your range. Simply put, you want to know: I can afford to spend $X per month on your service but need to see an ROI of $Y from ABC chargeback drivers. This will put my total out of pocket loss for fraud as $Z, which is under my estimated costs of doing this internally.
In summary, you’ll need the following high-level financial estimates:

  • What is my current monthly spending on fraud?
    • chargebacks and chargeback fee, broken out by total versus lost chargebacks
    • costs to resolve chargebacks (fraud analyst)
  • What would an internal fraud prevention system cost to build and operate?
    • a system to flag suspicious orders
    • manual review team to reject bad orders
    • someone to manage the system
  • What price range can a fraud prevention system cost?

If you find that your projected chargeback costs + projected costs to build internally is higher than the cost to outsource, you should proceed with considering to outsource. Don’t forget to also consider the cost of convenience. Building internally takes knowledge and effort, so figure out what that is worth and factor that into the calculation.

How much time can my team spend setting up a new vendor?

Beyond the simple monetary cost of outsourcing, a perhaps harder to overcome bottleneck is the resources cost. You need full clarity on your team’s bandwidth. Key players include your risk team, your product team, and your dev team.
A. Know your available internal resources.
You will need both developers and business operations people working on this full-time. The initial setup cost is generally very high, so you need to know what you can afford. All companies will require some sort of upfront time investment, but the amount can vary significantly.
Setting up a fraud prevention vendor is usually very engineering heavy in the beginning. Sometimes outsourcing seems like the quick fix. This might not be true. Integrating with a new vendor can take weeks or even more. Each integration is different and it depends on your internal system and the team at hand. If you do not have the engineering resources to connect to a new platform right now, it is not the time to outsource.
You also want to be very open about available resources from the beginning when communicating with potential vendors. This will allow vendors to think through what really needs to be done to provide help now, versus what can be delayed. Furthermore, many providers will utilize their own internal team to help where possible if they know you are strapped for resources. Being honest upfront will provide room to create the best outcome. Overall, outsourcing is initially a very heavy cost to your team’s time but a large time saver once it is all set up.
B. Understand your internal timeline requirements
Are you looking for an immediate solution to a huge fraud problem? Some vendor models can take weeks or months to train. If you are facing a serious issue with fraud today that needed to be fixed yesterday, this narrows down which companies can help you. If you are just looking to fix an immediate fire, then there are probably better ways to minimize damage today than outsourcing. Bringing on a chargeback consultant would probably help more than trying to integrate with a new service.
Generally, connecting with a fraud prevention vendor will help in the near to long term. Not today. Know what you need and when you need it by before you look for solutions.

What truly needs to be done?

So here’s what you should know from the previous questions:

  1. Cost breakdown of fraud types and key drivers
  2. Summary of current defense against those drivers
  3. Financial limits for new vendor
  4. Time restrictions for new vendor

With these key pieces, you can step back. What 20% of your fraud is driving 80% of the cost? You need to sit down and think about what major piece you could reduce to save the most. When outsourcing, companies might try to pitch you on the bigger package to build the best possible fraud prevention system. I bet you do not need that right now. I bet it will be easier to do the minimum now as long as it reduces the top cost driver. The rest can be perfected over time.  Outsourcing is about being smart with your time and money. Take the information you’ve collected, particularly the financial analysis, and think about the idea of a minimal viable product. You might find that it would be far cheaper to hire an expert consultant short-term than to spend 1-2 months of dev + business ops setting up this new system. You might find that outsourcing actually will save you massive amounts of time and effort rather soon. The only way you can decide this is by taking apart the various cost pieces and figuring out what you really need. From there, you can review various vendors and pick the one that best fits your unique case.
Another critical factor to mention is that you can really customize your approach! The most successful fraud-fighting strategies I’ve seen combine an internal manual review queue with external vendors and automation. You can build a complex solution as you grow your company and become more sophisticated in the fraud space. Use outsourcing where it makes sense, but don’t be afraid to leverage your own team too.