Blog post

Why are most RFPs to find fraud detection vendors so bad?

By Akif Khan | October 30, 2020 | 10 Comments

Security and Risk Management Leaders

As a Gartner analyst, I have about 20-30 client calls each week.  One of the most common topics is regarding how to choose a new vendor for online fraud detection. And a subset of this is specifically regarding the RFP that an organisation may be issuing to help them find that right vendor.

I worked on the vendor side for many years before joining Gartner, and so I know exactly how it feels to be spending huge swathes of time responding to RFPs – the sense of frustration at having to jump through these specific hoops, knowing full well that the structure of the questions being asked doesn’t give you any scope to really position yourself how you’d like to.

Whilst working at some of those vendors, we also had requirements for online fraud screening as part of the solution that we were offering, and so I also recall being on the client side and creating RFPs and trying to figure out how to write one that would enable us to choose the right vendor.

These myriad experiences have coalesced in my mind to drive the following thoughts on how clients should be creating their RFPs for online fraud detection. If you’re pressed for time or are already losing interest, the statement below sums up my overall guidance on this topic:


The purpose of the RFP is not to make a final vendor selection — the actual purpose is to enable shortlisting of relevant vendors for evaluation.


Here are three ways to think about your RFP differently and to drive better outcomes:


Stakeholder Engagement

The vendor selection process should be based on the understanding that fraud detection is a cornerstone for digital business success. To this end, it has high relevance and importance for many  phases of the customer journey in addition to a broad range of internal business units.

As a result, it is critically important to gather input from stakeholders across all lines of business that may have a direct or indirect interest in fraud detection. Include stakeholders that represent all segments of the customer journey — both the journey experienced by your customers, and the journey of those customers internal to your business.

Finance teams will be interested in reporting; customer support teams will be interested in what insights from the solution will help them to manage customers calling the contact centre after being blocked online; infrastructure teams will be interested in implementation options; legal teams will be interested in how customer data is processed; CX teams will be interested in what friction any fraud screening adds……..and so on and so on.

Gather all these stakeholders, align on an overall approach to fraud detection, and make sure that their voices are heard in the RFP.


Business Outcomes

I have lost count of the number of  RFPs that I’ve seen for fraud detection that focus solely on vendor capabilities, without sufficient detail on what the vendor is actually being asked to achieve.  Businesses vary greatly, with the fraud environment, product margins, attitudes toward customer experience and risk appetite being markedly different across industries and geographies. 

Hopefully you have KPIs for your current fraud detection processes (accept rate, reject rate, manual review rate, fraud rate etc). Why are you getting a new vendor? Which of those KPIs isn’t satisfactory today? How do you want to influence them?

By stating what your desired business outcomes are in working with a new vendor solution, rather than generically asking about fraud detection capabilities, you’ll receive far more focused and tailored RFP responses that align with your requirements.


Differentiating Requirements

The trap that many authors of RFPs fall into is listing every conceivable feature within the field of fraud detection in a bid to obtain a comprehensive view of what each vendor offers. The focus should instead be on asking the vendors to describe how the features they have will support achieving the stated desired business outcomes.  A classic example: “What machine learning algorithms do you use?”. I mean, please, come on. Is anyone really choosing a vendor because they happen to use random forest rather than hierarchical clustering? Surely it’s better to ask questions about how the vendor’s approach to machine learning can help you achieve your business outcomes.

Design questions to drive answers that will allow you to differentiate between vendors. Ask questions in such a way that you don’t end up with multiple respondents simply answering ‘yes’ or ticking a box.  What use is that in helping you narrow the field?



…in most cases, after RFP responses have been collated, shortlisted vendors are invited to demonstrate their solutions. This is a far more appropriate forum to better understand the actual features within the vendor solution rather than via the RFP itself.  As stated earlier, remember that the purpose of the RFP is not to make a final selection of a new vendor. The actual purpose of the RFP is to enable shortlisting of vendors.

For a deeper dive on this topic, check out my research note Best Practices for Better Online Payment Fraud Detection RFPs.

Leave a Comment


  • Maximus says:

    Thanks for sharing it!

  • David Ryan says:

    Thanks for Sharing it

  • Tina Esther says:

    Great post. Informative, Keep sharing.

  • Bessiejoans says:

    Very informative insights, thanks.

  • The Farmer says:

    This is some good information.

  • Pepper says:

    The 3 ways to think a REP to drive far better – Very Nicz

  • MLM Software says:

    Thanks for sharing this useful information!