Should you build or buy a device intelligence solution? What you need to know

As regulations surrounding user data and privacy continue to grow more stringent globally and third-party cookies become less effective, businesses are turning to device intelligence to help them better identify users on their sites and apps. Device intelligence works by analyzing browser and device details to recognize returning visitors and gather insights like their IP geolocation and VPN usage. 

One key use case for device intelligence is fraud prevention. Companies — especially in the gaming, gambling, banking, and e-commerce industries — that use this technology can quickly identify potentially suspicious activity, allowing them to stop fraudsters before they can do real damage. Additionally, many device intelligence solutions enable businesses to strike a balance between fraud prevention and optimizing user experiences. 

According to Juniper Research, global merchant online fraud losses are projected to reach $343 billion between 2023 and 2027. 

As new technologies like generative AI have emerged, the ability to quickly recognize and stop fraudulent activity is more important than ever. While businesses have used these new technologies to provide optimized user experiences, we’ve also seen fraudsters using them to become better at evading detection. As a result, businesses wind up suffering financial losses, reputational damage, and more. Additionally, incidents of online fraud, data breaches, and associated losses will continue to rise globally for the foreseeable future.

In their efforts to implement device intelligence to protect company data and their customers from fraudsters, some businesses have chosen to build in-house solutions while others have opted to buy instead. However, most teams tasked with building an in-house device intelligence solution aren’t aware of all the challenges they may face, including: 

• Engineering overhead and costs
• Gathering the data they need to build a comprehensive, accurate device intelligence solution
• Ongoing manual work involved with maintaining and updating the system in the face of changing browsers, devices, privacy mechanisms, and regulations 

In this guide, we share some of the key challenges and considerations teams should take into account before building a device intelligence solution. We also dive into the benefits of both building and buying a solution, as well as what you should consider in a device intelligence solution. 

Why do you need device intelligence?

Companies worldwide have been playing whack-a-mole to try to outwit fraudsters, implementing legacy authentication solutions like MFA, OTP, and CAPTCHA. 

However, having those legacy solutions alone isn’t enough to deter fraudsters as they figure out how to use gen AI to quickly write bot scripts that pass CAPTCHA tests or swap out SIM cards to bypass MFA/OTP requirements. And with the average cost of one data breach involving stolen credentials totaling $4.62 million, it’s clear that more advanced preventative measures are needed.  

Device intelligence provides an additional layer of security, enabling businesses to strengthen defenses against fraudsters. A well-built device intelligence solution should collect a wide range of user behavior, network, and device signals, and use that information to generate a unique visitor identifier — regardless of browser, location, or device. It should also be supplemented by additional signals like VPN and bot detection, impossible travel, and IP geolocation, just to name a few. 

Having the right device intelligence solution is key to preventing fraud like account takeover attacks, payment fraud, brute force attacks, and more. This protects customers from financial losses and having their data compromised — and, in turn, protects a company’s reputation and future revenues. 

Does your business need device intelligence?

Legacy authentication solutions like MFA, OTP, and CAPTCHA are no longer enough to prevent fraud. But don’t just believe us — according to a report by Abnormal Security, 63% of the 300 cybersecurity professionals they surveyed are skeptical about the effectiveness of MFA in preventing account takeover (ATO) attacks.

So, aside from realizing that MFA and CAPTCHA are no longer effective standalone fraud prevention tools, why else would you need device intelligence? You’ll need it if you want to: 

Detect and prevent account takeover attacks

ATO fraud is when a fraudster gains unauthorized access — usually with stolen credentials — to an account to gather information, conduct transactions, or simply to steal money. Once they have access, they can also change account information like mailing addresses and phone numbers. 

Device intelligence helps businesses detect and prevent unauthorized access by identifying unknown devices and prompting for additional verification right at the login step when needed. 

A reported 2.9 billion records containing Personal Identifiable Information (PII), including Social Security numbers, were stolen from National Public Data in December 2023.

Stop credential stuffing and brute-force attacks 

Credential stuffing is usually deployed as a bot-driven, brute-force attack, where combinations of usernames and passwords (usually obtained through data breaches or bought on the dark web) are submitted until a matching valid set is found and login is successful. It’s also the most commonly used method in successful ATO attacks. 

With device intelligence in place, companies can quickly spot attempted bot attacks, users logging in from unusual devices, or whether one device is being used to attempt to log into multiple accounts, which can be an indicator of fraud. 

Put an end to account sharing

Sharing account credentials is a common practice, especially as the cost of services continues to rise. It usually starts with good intentions, with a family member or friend granting access to their streaming service account or other subscription by sharing their password. 

However, what may seem like a harmless act can have serious consequences, such as increasing the risk of the data being exposed, leading to unauthorized access and account takeover fraud by malicious actors. 

Device intelligence enables businesses to detect multi-accounting browsers, in addition to identifying unique devices and associating them with a specific login. It can also recognize new devices to block new logins or trigger additional authentication steps as needed. Another plus? Using device intelligence to stop account sharing can help boost business revenue.  

Reduce payment fraud 

Financial services and e-commerce are two industries that are commonly targeted by online fraudsters. Card cracking, which is when malicious actors test a series of card numbers and CVV codes until they find a combination that works, is a common payment fraud tactic. Another is ATO, where a fraudster gains unauthorized access to an account and proceeds to make unauthorized purchases, resulting in chargebacks from the legitimate account holder.   

Device intelligence helps businesses detect and prevent payment fraud by looking for suspicious behavior such as repeated failed login attempts (which can indicate an ATO attempt), linking anonymous transactions, or detecting odd geographic locations. 

Detect and prevent account signup and promo fraud 

Coupon and promo abuse happens when people exploit a business's promotional offers for unauthorized discounts or advantages, leading to potential financial losses. Tactics typically include redeeming the same promotional code multiple times, using VPNs to take advantage of regional discounts, stacking discount codes in unintended ways, creating multiple accounts to benefit from one-time offers, or using bots to seize high-value promotional items. 

Device intelligence can help deter this type of fraud by identifying and flagging unusual or suspicious users, such as VPN usage or multiple user accounts accessed from the same device. 

In 2022, PayPal shut down 4.5 million accounts that were tied to fraudsters taking advantage of its incentives and rewards programs. 

Streamline and personalize user experiences 

Device intelligence enables businesses to streamline user experiences by allowing recognized, returning users to skip additional authentication steps and reducing friction during the login process. The ability to recognize returning visitors can also be useful in providing personalized experiences, such as remembering font preferences or items in a shopping cart even for anonymous visitors. 

Additionally, companies can use device intelligence for more accurate user analytics, reporting, and attribution models.

What requirements should be considered when building or buying a device intelligence solution?

When deciding between building a device intelligence solution in-house or buying one, there are several factors to consider, including the cost, people hours, and specialized technical expertise. In this section, we’ll take a look at the key requirements and other considerations when deciding between building an in-house solution vs. buying one. 

How much can you afford to spend on building? 

Cost is often the leading factor in the build vs. buy decision — and the numbers add up fast. To provide an example of the initial ramp-up cost for building out just a core identification solution, we took into consideration the headcount we needed at Fingerprint and the respective salaries (which we based on Glassdoor U.S. averages).   

At Fingerprint, to build an effective core identification solution, we needed 18 people focused purely on doing research and building the product. Based on Glassdoor estimates, the total cost of salaries and benefits for this team alone would cost roughly $4.4 million per year. 

And that’s only for the core identification. If you want to build in additional features like Fingerprint Smart Signals, which include Bot Detection, VPN Detection, Browser Tampering Detection, and more, you’ll need to have another dedicated team focused only on that, at an additional cost of roughly $1.7 million per year, for a total cost of over $6 million per year. 

In contrast, most off-the-shelf device intelligence solutions cost anywhere between hundreds and thousands of dollars per month, depending on usage. 

Do you have a plan to keep up with browser, device, and operating system changes?

The costs outlined in the previous section are just accounting for the initial build. Continued development, maintenance, and scaling of the solution will require significant ongoing investments in people and time.

For instance, do you have the budget for and will you be able to assign a dedicated team to continue doing research in order to keep up with continuous browser, device, and operating system updates? You will also need an engineering team to update your device intelligence based on that research to ensure that the solution remains accurate and effective as fraudsters evolve their techniques. 

If you choose to buy instead, the solution provider will be responsible for doing the research and implementing the necessary updates to stay ahead of all these changes — all without you having to lift a finger or pay anything extra. 

How will you integrate this with your current systems?

Building in-house will allow your team to create a solution that fits your exact tech stack — but there are a lot of factors to consider, such as other systems your device intelligence solution needs to integrate with and how. For example, your team will need to think about where device identification will be used, how your fraud prevention systems collect and process data, the tooling and languages currently used, and how device intelligence fits in. 

An out-of-the-box solution, in comparison, will have APIs for easy, fast integrations, and often will offer integrations with other tools like Azure, Cloudflare, and Fastly. 

How quickly do you need a device intelligence solution? 

Are you losing money to fraud today or trying to stop account takeover or other types of fraud? Many times, we’ve seen teams face unforeseen delays when building a solution from scratch — sometimes up to months or years — which can expose businesses to the fraudulent activity that they were trying to prevent in the first place. 

Buying a solution typically means your team will be able to implement it in just a couple of months at most, protecting your business, your customers, and your revenue. 

What privacy laws and regulations are you subject to? 

Data protection and privacy regulations differ from region to region. Are you confident that you’re able to build a solution that complies with industry standards like GDPR and CCPA? For example, if you’re a fintech operating in India, how confident are you that you can build a solution that complies with the Reserve Bank of India’s Framework on Alternative Authentication Mechanisms for Digital Payment Transactions?

Ready-made device intelligence solutions are aware of updates to data protection and privacy regulations globally in order to ensure they and their customers stay compliant. By buying, you and your team don’t need to spend time researching and ensuring your solution is compliant.  

Simply put: Is device intelligence a key competency your organization needs to develop? Or would building your own device intelligence solution be a distraction to your core business? 

Benefits of building a device intelligence solution

You may now be wondering whether it makes sense to build a device intelligence solution instead of simply buying one. 

But while it may be a challenging project, there are benefits to building a solution, including: 

• Customization. Building in-house gives you complete control over the system’s design and features to ensure it meets the unique needs of your business. 
• Integration. Your team are the experts when it comes to your existing fraud tech stack. By building in-house, you can ensure the solution integrates with existing workflows and systems.
• Updates when you need them. Fraudsters evolve their tactics as quickly as businesses can keep up with them. A custom, in-house solution means your team can make updates when needed. 
• Complete control over data. You’ll have complete control over how user and device data is collected, stored, and used. 

Benefits of buying a device intelligence solution

There are benefits to buying as well — and some of the benefits may be more compelling when compared side-by-side to building, including:  

• Rapid implementation. Pre-built solutions can be rolled out quickly, enabling businesses to focus on growing market share and innovation rather than spending money and potentially years on research and building. 
• Fewer resource requirements. Buying a solution means that you don’t need to have a team dedicated to building and maintaining it. This saves time and allows your team to focus on innovating instead. 
• Ongoing support and updates. Good device intelligence solution providers will continuously update their systems to stay ahead of new fraud tactics (such as using generative AI to create convincing phishing emails) and browser changes (e.g., removing third-party cookies) so your team doesn’t have to worry about ongoing maintenance.  
• Predictable costs. Buying a solution offers a clear pricing model. Many vendors also often have service level agreements (SLAs) for specific plans that ensure a minimum performance threshold, like 99.99% uptime, for example.
• Access to expertise. By buying a solution from a reputable vendor, businesses can benefit from the vendor team’s expertise in fraud detection and device intelligence instead of having to build a team of experts themselves. 
• Access to a global network of data. The effectiveness of your in-house solution is highly dependent on your data. By buying a solution, you can take advantage of a vast global dataset, which translates into higher identification accuracy. 

What to look for when buying a device intelligence solution

If you decide that buying is the better option for your team, the next question is what criteria to look for in a vendor. We’ve compiled a list of the very basic requirements you should look for while shopping for a solution, including: 

• Accuracy. In fraud detection and prevention, high accuracy when it comes to visitor identification is key to differentiating between potential fraudsters and legitimate customers. 
• Real-time data. The ideal solution should collect data in real time so that your team can quickly take action to stop potential fraud before fraudsters can do damage. 
• Flexibility and customization. Not all device intelligence solutions offer the same amount of customization. Find what’s right for your needs — e.g., are you a small startup that just needs to be able to identify returning customers? Or do you need to detect and prevent repeated account takeover attempts on a large scale? Can you adjust the weightings of different data points in your fraud models? 
• Ease of integration. The ability to quickly and seamlessly integrate with your existing platform and technologies is important to consider. If it’s too complicated or takes too long to set up, then you’ll be exposing your business to continued risks until the solution is implemented. 
• Documentation and customer support. Look for vendors that provide strong customer support and a useful documentation library, which can help streamline implementation.
• Compliance with industry and global regulatory standards. Governments everywhere are cracking down on data privacy. Finding a vendor that is in compliance with regulatory requirements like GDPR or CCPA will help your business avoid negative headlines and possible fines.  

Fingerprint: A device intelligence solution that scales with your business 

Fingerprint is a comprehensive device intelligence solution designed to easily integrate with your website or mobile app, so your team is armed with the information they need to detect and prevent fraudsters before they can do damage. 

Some of the key features offered include: 

Industry-leading identification accuracy

Fingerprint offers highly accurate visitor identification by analyzing over 100 signals from browser and mobile devices. We process that data to create a unique visitor ID that persists over months and years, even as browsers are updated or a visitor is trying to hide their identity via VPN or incognito mode.

Actionable insights with customizable dashboards

Fingerprint’s device intelligence platform collects and analyzes behavioral, network, and device data useful in detecting potentially suspicious activity, such as bot attacks or account takeover attempts. Fraud prevention teams can use and customize Fingerprint’s proprietary Smart Signals technology to optimize fraud detection models, in addition to gaining real-time insights into new and returning visitors. 

Armed with this data, fraud teams can quickly decide what action to take if suspicious activity is detected in order to stop fraudsters before they can even gain access to accounts or your platform. 

Seamless integrations

All the data Fingerprint provides is easily accessible from APIs making Fingerprint adaptable for any platform. We also have multiple SDKs for popular languages and frameworks that make it easy to integrate Fingerprint into your project. Additionally, we provide cloud proxy integrations including Akamai, Azure, Cloudflare, CloudFront, and Fastly, to maximize identification coverage and scale with your business as it grows.

Compliance, security, and privacy

Fingerprint continuously monitors and is up-to-date with privacy regulations like GDPR and CCPA, and is ISO 27001 certified and SOC 2 Type II compliant.  

Customer story: Why Korsit decided to buy a device intelligence solution to reduce payment fraud

Korsit is one of the leading providers of digital prepaid cards in Europe. They offer a wide range of prepaid cards, gift cards, and game keys to users and businesses around the world. 

Korsit’s B2C marketplace allows customers to easily purchase online gift and payment cards; however, its customers were victims of phishing attempts and fraudulent transactions — and that translated into a large number of chargebacks for Korsit. To reduce financial losses and curtail the risk of losing partnerships with payment processors, the company needed a way to reduce the number of chargebacks.

Before Fingerprint, Korsit used an in-house fraud engine that ingested data from other third-party fraud prevention tools. The problem was in the way their marketplace was set up: Korsit customers did not have to create an account to purchase gift cards, making it difficult for the company to identify repeat anonymous offenders of payment fraud.

After incorporating Fingerprint into their fraud engine, Korsit can now generate unique visitor IDs for all their customers, enabling the company to better link purchase history to specific devices. 

“We heavily rely on Fingerprint’s signals to power our internal fraud detection solution,” shared Pepijn Jansen, fraud prevention officer at Korsit. “Without Fingerprint, we wouldn’t be able to allow customers to make purchases without creating an account, which would significantly reduce our total revenue.” 

As a result, Korsit can more easily detect telltale signs of payment fraud, such as multiple transactions from one device in rapid succession — and has reduced the amount of payment fraud and chargebacks from their customers. 

Should you build or buy a device intelligence solution? Key takeaways

Deciding to build or buy a device intelligence solution isn’t a simple, fast decision. As we’ve outlined in this guide, there are many factors you need to take into account. 

For example, do you have a team that can dedicate their time to building and maintaining an in-house solution indefinitely? Can your team guarantee that the custom solution is compliant with global privacy regulations — and make the updates needed when those regulations change? 

Not only that, but does your team have the required skills to build the different components that go into it? For example, building a machine learning model and continuously training it on past and new datasets is key to having an effective device intelligence solution. 

If you’re looking to buy a solution and would like to learn more about how Fingerprint helps businesses mitigate fraud and improve user experiences, get in touch with us today.