The Decision Trees for Build vs. Buy: Fraud Prevention
A survey of 800 IT managers from 10 years ago found that IT projects can be tricky:
- 62% failed to meet their schedules
- 49% suffered budget overruns
- 47% had higher-than-expected maintenance costs
- 41% failed to deliver the expected business value and ROI
- 25% of all IT projects got canceled before completion
A decade later, CIO.com says the numbers haven't gotten noticeably better and some are actually worse.
Given this dismal review of build versus buy success, it’s obvious that many IT projects fail to meet expectations in terms of schedule, budget or functionality. Perhaps this is why IT blogger Jeff Atwood from Coding Horror stated: "the best code is no code at all." However funny, we all know this is not a realistic solution for online fraud protection.
So why do companies choose to build rather than buy? The commonly held belief is this:
- Build to Compete. Buy to Standardize.
That is, build when you are dealing with a core process that truly differentiates your organization from competitors or others. Buy when you need to automate a commodity business process.
Clearly, fraud prevention is important to your business success. But is it your core business focus? If you believe so, you may need to take a deeper dive into the decision process to determine whether to build a system or purchase a third-party solution.
A popular build versus buy decision analysis technique is the decision tree. It’s a good way to apply consistent and transparent criteria to the process. In fact, there are companies that produce software just for making decision trees.
But here’s the catch: you are not going to need just one decision tree. The decision to build invokes a virtual forest of decisions. For instance, consider all of the elements necessary to develop a new system from the ground up. Here are the top five:
- New IT infrastructure
- Development environment
- Software development tools
- Third-party data sources
- Specialized staffing
For startups and newly-established eCommerce businesses, each of these elements will likely require its own decision tree. And there will be little decision trees that sprout up underneath the larger ones. Suddenly, you will face literally hundreds of decisions. Gateways and firewalls, Experian or Lexis/Nexis, this type of Fraud Analyst or that level of Risk Strategist.
Even for mature eCommerce operations, the time and effort devoted to these “decision tree(s)” can be daunting. Companies often begin to build their own fraud solutions out of urgency and expediency. They might add a Device ID tool, or perhaps geolocation capabilities. But as the need for more sophisticated levels of fraud protection grows, the complexities morph and grow like a mutant organism. Before long, you face quite an investment of time, people power and money.
And yet, it’s often difficult for organizations to move away from a “this-is-the-way-we’ve-always-done-it” mentality. Unfortunately, the resulting decision overload can result in analysis paralysis. Here are the top 10 build versus buy considerations from a whitepaper by Actuate.com, a public software analytics and reporting company:
- Size of Developer Community/Do You Have the Skills In House?
- Expertise in the Subject/Solution Area
- Readiness of a Solution in the Open Market
- How Specific to Your Organization are the Requirements?
- Timeline Considerations
- Support Considerations
- Adaptability, Reliability, Scalability and Usability
- Short- and Long-Term Costs and Savings
- Impact of Feature Deficits on Performance
- Technology Considerations
What about buying versus building? While the decision tree complexity is dramatically less for this scenario, you will still find a wide spectrum of fraud prevention options out there, ranging from simple ad hoc fraud screening tools like Device ID, to legacy on-site applications, to modern Software-as-a-Service solutions. Finding the best fit for your needs can still be challenging.
Would expert guidance be helpful? Attend the webinar “Should You Buy or Build a Fraud Management Solution?” Justin McDonald, Senior Risk Management Consultant at The Fraud Practice, will lead a serious discussion on the decisions, risks, benefits, and costs involved in building or buying enterprise-class fraud prevention capabilities.