Content Library

How an SDK can help companies catch more fraud

What started as a simple piece of technology has evolved to help banks and fintechs stay ahead of ever-changing fraud risks.

NEW SDK blog

Working in any sector, especially in technology, it’s easy to get caught up in the acronyms and jargon that we use day-to-day and forget the real meaning behind some of these terms. I was particularly struck by this when someone asked me recently why I am so hyped on Alloy’s SDK. The question made me realize what sets Alloy’s SDK apart. SDKs are not new, and not novel on their own. But Alloy’s SDK is not an ordinary SDK because it doesn’t just make developers’ lives easier; it gives banks and fintechs superpowers (more on this later).

Taking a step back, if you aren’t already familiar with the term, an SDK, or software development kit, is a collection of software development tools that allow developers to create applications for a specific platform.

In the identity risk management space, SDKs are typically used to facilitate document verification and liveness checks by providing a user interface that guides applicants through a document capture and upload process. SDKs can also be used for passive data collection, like device monitoring or behavioral analytics.

Why use an SDK?

Let’s take a look at some common use cases for SDKs in identity and fraud management:

Seamlessly introducing step-up verification

SDKs make integrating step-up verifications into your onboarding and ongoing workflows easier. Step-up verification adds a layer of identity verification for applicants needing extra validation to determine if they are fraudulent without adding too much friction for the end user. For example, if a bank or fintech cannot verify a customer’s address, they could enable a document verification step-up process that requires the customer to upload a picture of their driver’s license. Or, if someone is logging in from a new device, the bank or fintech may send them a step-up phone verification that sends the account holder a link on their phone that verifies they are in possession of their device.

Passively collecting device and behavioral data for fraud protection

Fraudsters are constantly evolving their tactics. Banks and fintechs must keep up to protect their customers and bottom line. Device data and behavioral signals — like cursor movement, touchscreen navigation, and keystroke patterns — can be key indicators of fraudulent intent. However, building these monitoring controls into your front-end can require substantial developer effort to deploy and maintain. A bank or fintech might utilize an SDK to make building these integrations easier.

The challenges of traditional SDKs in fraud prevention

A data vendor’s SDK speeds up the integration process to add these measures into your fraud tech stack. However, even for vendors with their own SDKs, we’ve seen these integrations take over six months.

When you add into consideration the fact that most banks and fintechs use a combination of these fraud controls — for example, they might use device and behavioral data from one vendor, document verification from another vendor, and multi-factor authentication from another vendor — you could be looking at implementing and managing three different SDKs or custom-built integrations. In addition, they would have to manage the back-end decisioning logic for each vendor, further adding to the complexity.

Taking it a step further, if you wanted to test new vendors to find the best one that fits your specific needs, you’d have to spend time building out an additional integration before knowing if the data vendor works better than the one you already have.

Here’s where the magic of Alloy’s SDK comes into play…

What makes the Alloy SDK special?

Okay, it’s time to geek out a bit about why Alloy’s SDK changes the game. Imagine if every time you signed up for a new streaming service, they sent you a physical TV. So, you had one TV to watch Netflix. Another TV to watch Hulu, another for Amazon Prime, and a fourth TV for HBO Max. That is how SDKs in the identity and fraud space traditionally worked: think of each separate TV as an SDK and each streaming service as a data vendor. Sure, it makes watching the streaming service easier than if you had to build your own TV, but you still have four different TVs clunking up your living room.

Now, imagine you get a TV with a smart hub programmed in it that allows you to watch all your streaming services from the same TV. Sounds a bit cleaner, right? That’s how Alloy’s SDK works: one SDK for all the different data vendors you may want to use (or test) in one place.

Alloy’s SDK is like a microcosm of Alloy — you start with a streamlined integration, then you get access to best-in-class data sources through that same integration, you can orchestrate the flow that you want by testing out different data vendors, and you can make automatic decisions based on this data, or route the customer through additional verification measures.

"The Alloy SDK provides us with the flexibility we were looking for to manage our full scope of third-party identity verification solutions easily and seamlessly, without having to write a line of code. Even better, we're completely future-proofed, even in times of heightened fraud threats, giving us more time to prioritize positive customer experiences." - Matt Lee, Head of Product, Clear Street

Here are some key benefits clients will see when using Alloy’s SDK:

  1. Provide a frictionless, consistent customer experience: Despite the ongoing battle against fraud, delivering a frictionless customer experience is paramount. Banks and fintechs with overly complex or unwieldy identity verification flows may see high drop-off rates. With the Alloy SDK, you can orchestrate your optimal verification flow to maximize conversions, for example - automatically routing a customer that doesn’t pass your first step-up check to an alternate IDV vendor until they are successfully verified.

    Learn more about how to use identity and transaction data to improve your customer experience

  2. Manage from end-to-end, codelessly: Alloy helps you control and coordinate the back-end logic for the SDK — such as which plugins to render, deciphering the output from the checks that were run, and routing applicants from one state to another based on the rules defined — without ever having to write a line of code. The SDK runs on Journeys, the flexible architecture underpinning the Alloy platform. As new use cases arise, Journeys makes it seamless to make changes to your policy without any incremental development effort, no matter how complex. In short, Journeys provides the automation, flexibility, and know-how that are core to modern fraud prevention and compliance management. This means easier implementation, virtually no code, and a seamless experience for the end user.

  3. Future-proof fraud controls: The Alloy SDK supports both consumer-facing and passive information collection products in a single toolkit. No other SDK in the market is able to provide device risk monitoring, behavioral monitoring, document verification, and phone-based verification through one integration. A client already using the Alloy SDK for Doc-V can turn on additional fraud protection by leveraging device or behavioral monitoring with just a few lines of code. The Alloy SDK allows clients to be truly future-proofed for all potential use cases by providing access to best-in-class fraud and compliance tooling through a singular integration.

    Learn how to future-proof your fraud workflows

  4. Increase developer productivity:Lack of developer talent was listed as one of the biggest potential threats to businesses, according to a 2018 Stripe survey. Building integrations directly with third-party data vendors can substantially drain your engineering resources. How can you ensure your valuable developer teams are focused on work that drives differentiation instead of dealing with maintenance tasks or addressing technical debt? The Alloy SDK can save your engineering teams valuable time by vastly simplifying the integration process so they can get back to building and launching your products. Integrate once and iterate endlessly, without having to bother your engineering teams.

  5. Test best-in-class vendors across every category and geography and say goodbye to vendor lock-in: Don't settle for a single vendor; choose the best vendor for your use case. At any point, you may experiment and test new data vendors to improve conversion rates and reduce fraud losses.

    For example, one vendor may be great at identity document-based verification, another may be better at verifying non-identity documents like utility bills, bank statements, and paystubs, and another may have the global coverage you’re looking for. Aren’t sure which vendor will yield the best results? You can try out different vendors risk-free, with a single integration, reducing the cost of adopting new technologies.

    Learn more about Alloy's Testing Suite

Are you as hyped as I am yet? Check out a demo of our SDK below.

Related content