A four-year-old London startup that builds anti-fraud software using machine learning is rapidly scaling up from selling to fellow startups into the enterprise space. Computerworld UK sat down with one of the founders of Ravelin to discuss its technology and how it sells into that fundamentally different market.
Martin Sweeney set up Ravelin alongside Nick Lally, Martin O'Riada, Leonard Austin and Stephen Whitworth, after they all left the ride-hailing company Hailo, where he was an engineer.
Speaking from its shared London office in Clerkenwell and dressed in shorts and t-shirt on a very hot day in the capital, Sweeney explained how their experience at Hailo helped them come up with the idea for Ravelin - a name which comes from the term for a colonial period outer fortification for a fortress.
"We used to be merchants ourselves and had to deal with fraud ourselves," he said. "We realised looking at the market that choice in terms of vendors wasn't great, mainly because they were our of date, didn't use machine learning and basically were built for the previous generation of online commerce."
The Leeds graduate with a masters degree in physics sees this heritage as a huge advantage when it comes to selling its software. "The best thing is we were the people we are now selling to, so we really understand what they care about and how to build a product that genuinely works and we can scale rapidly and offer huge return on investment," he said.
Scaling to the enterprise
Ravelin started by selling to on-demand companies, but soon realised the opportunity for them was in the enterprise space. "These are the guys with the scale, the buying power and the data to actually really make a material difference," according to Sweeney.
Fundamentally, what Ravelin is offering is a means to leverage machine learning - instead of a traditional, unwieldy rules engine - to be more efficient in fraud detection. Dealing with online fraud is inherently a balancing act depending on a merchant's appetite for risk: block more fraudsters and risk blocking more genuine customers, go the other way and risk losing out to fraud more often.
Sweeney eschews the arrogant, swaggering approach to enterprise sales however, preferring a more empathetic approach. "It is extremely arrogant to go in there and say 'we know this better than you do and throw away what you have and just believe in us'. It turns out you don't get a lot of love for that," Sweeney said.
"What you have to be is way more empathetic and say: ‘you guys are the experts, you have the insight, you need to grow safely and responsibly and we offer you all of the advantages of that bright shiny future with real safety nets and pressure valves and account management to ensure along the way that you and the rest of the organisation are bought in'.
"So it's important for us to map out those stakeholders, see what they are trying to achieve and tie that in with the strategic goals of the business. When we do that all the stars align and we make a material impact on their business."
In short: "If you try and sell an off the shelf SaaS fraud detection product into the enterprise, you won't be very successful. You are misunderstanding all of the different permutations and historical legacy reasons things have been done and if you ignore that you're not going to be successful."
This differs quite drastically from their old market of startups where "it tends to be whoever shouts loudest".
"Enterprise companies tend to have a much more well thought out prioritisation process, so the key for us is to understand that to get on their roadmap," he added.
Sweeney has seen a shift in the appetite from enterprise companies when engaging with smaller software providers too. "I think there has been something of a mind shift for a lot of enterprise companies, at least in the procurement world, to be a bit more open to the non-IBMs of the world," he said.
"Actually if you want to innovate and keep pushing forward then you should consider your options and that's the reason companies like us can even get in the door, because they have opened it."
Keeping up with the fraudsters
"If it hadn't been for machine learning we wouldn't have done it," Sweeney admitted. "I want technology that grows without having to add lots of people and the only way to really do that is to use statistics and machine learning to do the fraud detection for you."
Fraud detection has always been a textbook use case for machine learning, giving a system a load of transaction data and allowing the algorithm to spot unusual patterns of behaviour.
The difference for Ravelin is "keeping up with the changing techniques and attacks the fraudsters show and to make sure we link in deeply with the operational teams and the rest of the organisation.
"It's all well and good to say I can spot your fraudsters, but what are you going to do about it? How do you shape the user journey and ensure that when you make a mistake and block a real customer that you can recover that."
Naturally this places Ravelin into one of the most hotly contested battlegrounds in enterprise technology: attracting data scientists and engineers.
"Finding good people is always hard but I think there are some advantages we have," he said. "That includes having a really interesting problem to solve; we're not just selling ads online, which is what a lot of machine learning jobs boil down to."
Read next: Top UK universities working on AI
The Ravelin approach therefore is to target more grads and interns, and putting the infrastructure in place to help those people develop.
"One advantage we have in the UK is a huge talent pool of qualified university graduates and PhDs," he said. "Now the gap between a new grad and a seasoned data engineer is substantial, but I think it is the responsibility of tech companies to bridge that gap and onboard as many grads as possible and help them succeed, rather than what Google and Apple do, crudely, which is hiring those seasoned people."
Case study: Just Eat
In general terms a Ravelin implementation looks something like this, in Sweeney's words: "First we do the integration, then we look at your historical data, then we look at all the obvious fraudsters, then we roll out over time and crank up the risk appetite and only stop the people buying those really expensive items or services. Over time we hit the number you have given us as a KPI, so target fraud rate or target conversion rate."
As a SaaS company, Ravelin is keenly aware that it is always "on probation".
"There is always a proof of concept, whether it is explicit or not, it is the early relationship that counts so you read the landscape properly and making sure you deliver and carry on delivering," Sweeney said.
The way Ravelin goes about ensuring it constantly passes this probation comes down to old-school account management.
"Imagine a situation where you start working with a company and they have a lot of fraud and we take it down to a low number and the head of fraud moves on, so you are faced with a new internal stakeholder who doesn't know who you are or what you do and why they are paying you.
"A big part of what we do is constantly making sure the value add is obvious, constantly reiterating the value of having us here, what we are saving them and that is essentially old school account management and requires you going and sitting in front of people."
It is also important for Ravelin to be a developer friendly company, giving those people within an organisation plenty of reason to be advocates of your software.
"A big part is just having easy to understand and implement integrations," Sweeney said. "If we're up against an old-school competitor that has an awful integration using archaic Java APIs and requires expensive system architects to come in; or you look at us with open documentation, STKs, libraries, and we can send someone in to help you, that gets us really good advocacy from the developers, who are really important with that prioritisation."
Read next: How Just Eat runs devops at scale
This gets more into the realities of the business for Ravelin, that these enterprise relationships tend to be built on personal relationships.
Take food delivery company Just Eat as an example.
"As with most enterprise relationships they are personal relationships that develop into professional relationships, so having the right connections early on really pays off," Sweeney said. "We knew the people at Just Eat for a while and when the timing was right we started to talk more seriously about working together."
Some of that is just by virtue of being in the London startup scene and some is knowing the relevant people in the fraud and payments division of that company from attending industry events and being a member of groups like the Merchant Risk Council (MRC). In short: networking pays.