Trustmi Talks

Should You Build or Buy a Business Payment Security Platform?

The Trustketeer
10 min
Build vs Buy for Business Payment Security Tech
Build vs Buy for Business Payment Security Tech

When an organization requires a new application or service, there is always the question of whether they should build it themselves or buy it ready-made from a third party.  We’ve heard this dilemma time and time again, and there are pros and cons to each side.  There are a variety of factors when building or buying a product to secure the full payment process and the supply chain. And it's important for businesses to take stock of all the factors involved in a B2B payment solution to ensure they make the decision that is right for them. There are some very nuanced considerations that businesses must evaluate, which we’ll examine here.

What’s Involved

But first, let’s remember that building a B2B payment security solution isn’t like building a small point solution.  The only way to fully protect business payments is by creating an end-to-end solution that covers off on every part of the payment process, starting with the first email between the vendor and organization all the way through to funds release. A solution of this kind must also address every part in between. For this reason, this type of solution isn’t just a simple platform protecting one process. A solution that truly delivers real payment security value to a business must be comprehensive and be able to detect BEC, ERP attacks, suspicious changes in databases, unauthorized access to other systems, anomalies within the payment approval flow, and more. It also needs to secure the supply chain, protect the vendor onboarding process, enforce controls across systems, provide automation for manual processes, be flexible so that all teams can run their processes their way, and scale with the business. What we’ve described is, in fact, several solutions all wrapped up into one that connects all the dots across every piece of the puzzle. The breadth of capabilities required to make an exceptional AI solution is greater than it may seem at first, which is important to note as we examine the factors that must be considered in this build vs. buy discussion.

Why DIY?

Building your own in-house security solution to combat payment fraud and errors can be a good way to go if you feel more confident that your team can build a product that exactly fits your needs. You won’t have to pay for any extraneous frills or buy a solution as a package deal, which is sometimes the case with some vendors. By building the product yourself, you can have full ownership and control over the solution. Other reasons why an organization may prefer to build a solution themselves would be if they have a highly complex tech stack built in house that requires a fully customized integration that they don't believe a third-party solution would be able to integrate with seamlessly. If you already have the human capital and technology available to do it, and you have the time to wait until the project is complete, building your own security application is doable.  

One area to consider is if your organization can maintain and upgrade any technology like this. As needs evolve and shift over time, the platform must as well so that it continues to serve those needs. For organizations that are in no hurry to get the product up and running, have a large budget to manage it in house, and a team available to build the product from the ground up and maintain the product over the long run, this could be great.  

The decision to build or buy will come down to four parameters: time, money, resources and expertise.  If a company has ample amounts of all four then it might make sense to build in-house.

However, as mentioned earlier, a business payment security platform is not your typical technology. There are subtleties in building this type of solution that can make it challenging for a business to take it on themselves, especially if building financial solutions is not the company’s focus. Let’s take a closer look at some of the benefits of buying rather than building.

Why Buy?

Let’s review the four parameters that you must consider when either building or buying a tech product: time, money, resources, and expertise. Let’s walk through each one to see, in this case, where buying a solution might make more sense than building.  

Time

One of the main benefits of any technology is that it helps people and organizations save time. Technology can do this in many ways, such as automating manual processes, helping businesses go to market faster, or solving advanced problems. But when it comes to the question of build vs. buy, time spent is easily measured. Building a new solution takes time.  It isn’t something you can do overnight. Consider the moment once the business decides it needs a specific type of tool to improve a process, or in this case, to protect business payments. If the organization decides to build the product in-house, there is a lot of work to be done. In the first place the team that will build the product needs to be assembled, which may require hiring new employees. Hiring good talent is a process and takes time, as does onboarding new employees. There is a lot of upfront time needed to get the project off the ground.  

When building a product from scratch, everything needs to be architected and scoped out carefully, which can take many months or even years. In the case of protecting business funds, if a company decides they want to build a robust platform it is most likely because they have already experienced B2B payment fraud or cyberattacks and are looking to protect themselves sooner rather than later. This means that there is an urgency to get a solution in place quickly to prevent a future attack or fraud attempt. But for businesses that are not well resourced or unprepared to undertake such a project, building a solution can take a long time to deploy and if the company is faced with growing fraud risks, a slow deployment can be problematic. With a surge in business payment fraud and supply chain attacks in recent months and years, most businesses don’t have any time to lose and must get a solution in place quickly.

Money

Both building and buying a solution costs money.  But in many cases, buying can be more cost-effective. Building a solution from scratch means that resources must be secured to do the work, which includes scoping, planning, architecting, developing, deploying, fixing, maintaining, and everything else in between.  Hiring more people means spending more money. When you consider the cost of multiple developers and product managers and any number of other people that might get involved in a project of this scope, you could be looking at well over a dozen people, many of whom have hefty salaries. Or, if you decide to outsource the product to an outside agency to help supplement your team, there is also a cost there. The benefit of buying a SaaS solution is enormous in this case. It will amount to a fraction of the cost because it’s ready-made and the vendor has taken on the headcount cost to build the product in the first place.  

As we've already mentioned, a payment security platform isn’t a simple point solution that solves one small problem and can be thrown together and quickly deployed. The most effective solution must encompass all parts of the process to solve the entire problem. Building a small point solution in-house could be easy to do. Perhaps a couple of developers can whip something together and get it up and running quickly to solve a straightforward problem, and perhaps in this case, the cost of building in-house makes perfect sense. But building a comprehensive solution that involves a unified data layer that connects all the dots across all the systems within the process is not so simple to develop. It’s almost like building half a dozen products that are all fully interconnected. And this is just for the core payment security platform before even considering all the other necessary features and modules to protect vendor onboarding, supply chain management, and payment approvals, along with providing support for SOX Compliance. The cost of the internal development, product, and project management headcount necessary to build all of that will come out much higher than a SaaS solution like Trustmi.

Resources

Any discussion that looks at time and money must be rounded out with resources because they are all intertwined. We touched on some of the resourcing involved in building a product above, however there are a few additional corners to explore here. Unfortunately, most companies don’t have the luxury of hiring a dozen people to come and build a new product internally. Resources are incredibly valuable, especially as budgets get tighter and companies are expected to do more with fewer people and less resources.  Sometimes hiring just isn’t an option. So if a business can’t hire, then what would they need to do?  Most likely, the organization will leverage internal teams and people already working at the company to build the new product.  

In other words, it is likely that the business might take precious tech resources off other projects critical to the business to work on building the product. And as we’ve touched on previously, a business payment security platform isn't something you can build overnight, which means it might require several people to be taken away from their other regular work. Or perhaps other projects might need to be reprioritized and delayed to accommodate this project.  

The main note here is that moving around resources can be a dangerous thing.  Development teams and tech teams have goals they are focused on and projects that are mission critical to the business that are part of their objectives for the year.  Working on a new project that isn’t aligned to their goals can cause distraction and friction as teams try to juggle conflicting or competing priorities. Additionally, pulling resources off one project to put them to work building a new tool adds to the workload of everyone across all the projects, leading to an overwhelmed workforce and potential burn out.

Expertise

Unless your organization is focused on financial operations or business payment fraud, it's very possible that you will have little to no in-house expertise to scope, build, deploy and manage an end-to-end business payment security platform. As mentioned previously, this type of tech isn’t a point solution. It requires specialized resources to build it right and add all the features that your company will need in the future as AI-driven cyberattacks become more intricate and risks for fraud increase. The team building a unique product like this one must have advanced experience in both fintech and cybersecurity to ensure that best practices from both areas are incorporated into the platform.  

Expertise is closely tied to the other parameters (time, money and resources). Bringing in expertise externally means additional time for hiring and onboarding new employees or consultants. Bringing in experts costs money and may even demand a premium for the specialized experience. Gathering an expert team could mean pulling internal resources off other mission critical work that is important to the business, and even then, expertise isn’t guaranteed in the pool of internal employees.  

Your Business, Your Choice

There are some benefits to building but you should be cautious and judicious in making that choice.  We laid out several of the challenges because we want to be sure that organizations really understand both sides of the coin, and what they would be up against no matter which direction they decide to go.  

Again, building internally could be the right decision depending on how your organization is structured and if you have all the tools you need from a time, money, resources, and expertise perspective. But why build if you’ve already got a comprehensive business payment security solution ready to go, easy to implement and deploy, and that comes with numerous other benefits to manage vendors, suppliers, and the payment approval flow, and provide reporting capabilities for SOX compliance?

Trustmi’s solution has numerous benefits.  From a time perspective, the tool is already built and can be calibrated and deployed quickly. We can get a POC up and running in one day, gather data over one week, and then present the findings in a risk assessment presentation by the second week. In other words, we can rapidly deliver value and show what our product can do within days.  

From a money perspective, you’re paying a fraction for Trustmi compared to what you would pay if you hired multiple developers, product managers and project managers to tackle a solution of this breadth. Again, fully loaded employees are expensive, and going back to the time issue, they take time to hire and onboard, which has its own cost attached.

Both time and money have a direct relationship to resources and expertise, where hiring or redistributing workloads internally can a variety of issues.  But more importantly, Trustmi’s team has a depth of experience that combines both fintech and cybersecurity, which is not a common combination and would take an organization awhile to build internally or hire. And what about maintaining and supporting a robust payment security solution once it’s built? We’ve already got that covered. But for businesses that decide to build in-house, that adds additional resources on an ongoing basis.

With resources already in place and a product already built that is fit for purpose, Trustmi provides value out of the gate. And it’s a no brainer that most organizations would prefer to buy our tech rather than start from scratch, especially to solve a problem involving the protection of their company’s most valuable assets: their funds.