Guide to Fraud Scoring: What Is It and How Does It Work?

Most fraud prevention and detection tools deliver results via fraud scores. But what do they measure, and how exactly do they work?

In this article, we’ll break down the basics of fraud scoring, and we’ll see how you can leverage them to boost business efficiency.

What Is a Fraud Score?

A fraud score is a number that answers the question, “How likely is this person to be a fraudster?” Fraud scoring assigns a value to how risky a user action is. The fraud scores are calculated using rules which add or subtract points based on the known data points about a user.

Fraud Scores - How to Calculate

For instance, the user action may be a signup, login or card payment. Known data points include the user’s IP address, email address, or their device configuration.

In fact, there are dozens of different data points within each of these. An email address can appear on known blacklists, for example. Or an IP address, for instance, can be tied to known Tor nodes or locales. In fact, note that an IP fraud score is its own specific kind of fraud score.

How Does Fraud Scoring Work?

For fraud scoring to work, you must have versatile fraud prevention software that can look at user data. That data is fed through risk rules, which allow you to calculate how dangerous an action is.

For instance, a new user registration from someone with a high-risk ID, or a credit card that appeared on a blacklist before, is likely to be blocked, or at least forwarded for manual review by a human.

The key is that fraud scoring should allow you to automatically approve, reject, or review certain actions. In that sense, it is similar to a credit score check, where a credit bureau assesses the financial risk posed by a user action (taking out a loan, or opening a new account).

Simply put:

  1. A user attempts an action.
  2. The fraud prevention system examines what we know about the user – data either submitted (e.g. a phone number) or gathered by the system (e.g. an IP address or device configuration).
  3. SEON’s data enrichment process allows us to find even more information.
  4. All the above are fed into the fraud scoring engine.
  5. Fraud rules are applied, giving positive or negative scores to each of these.
  6. The score is calculated and the full reasoning becomes available (if the solution is whitebox).
  7. Any predefined actions are applied, depending on the score:
    • approve
    • deny
    • forward for manual review

It is important to note that the SEON platform’s fraud scoring is highly granular, which means that:

  • Every data point gathered and considered is available to view (or even download and process further).
  • You have complete control of the rules that are applied, including which rules are active, how they impact the score, when they are applied, etc.
  • You can add or remove your own custom rules at will.
  • You can apply rules that are commonly used in your industry.
  • A machine learning module learns from your users’ actions and recommends new rules, which you can choose to implement automatically or decide upon individually.
  • You can take advantage of our Customer Success team’s insight with regular check-ins and hands-on help.

Better Risk Scoring for Less Fraud

Fight fraud with fully transparent risk scoring and powerful rulesets using machine learning and human insight.

Ask an Expert

Fraud Score Calculation Example

For this example, we’ll look at a user trying to make a payment on your site. 

fraud scoring - low number set from SEON's calculation

From the score, you can tell the transaction is risky. The IP address has been found on a spam blacklist. The customer is using a data center, which are known to be the preference of cybercriminals and thus add +10 to the score. Suspicious ports are open, which could indicate spoofing. For such reasons, the score has been calculated as 19 out of 100 in this case.

Perhaps, though, it’s not 100% certain you are dealing with a fraudster. It would be a great time to alert the team that a manual review is needed, or to trigger additional verification.

Keep in mind that the risk scoring and what happens with the resulting number depends on your risk appetite and, on the SEON platform, can be very easily tweaked. For example, if you wanted to, you could set the platform to give +20 rather than +10 to data center IPs. Or to automatically block every action scored more than 5, and never push to manual review.

Advantages of Fraud Scoring

To understand the benefits of fraud scores, let’s imagine you are a small online store focusing on reducing transaction fraud (when users pay with stolen credit card details).

Fraud Scores - Why Deploy

Your goal is to reduce chargebacks, identify legitimate users, weed out fraudsters, and facilitate good payments. So, what can fraud scores do for you?

  • They allow automation: Instead of manually reviewing every purchase, you can let the system assign a value to each action, and approve or deny it based on the results. Of course, you can also review actions where the results are indecisive for certain transactions.
  • Scaling: Fraud scores will let your store process many more transactions, more quickly. This helps you focus on growing your business with complete peace of mind, while risk management is taken care of in the background.
  • Dynamic authentication: Even if your risk numbers point to the need for manual review, you can still add another layer of safety with triggers. Let’s say someone signs up to your platform, but their transactions data signals they might be a risky user. Your risk prevention system could trigger additional authentication such as 2FA, which can confirm their identity, and deter potential fraudsters.
  • Reduced friction and customer churn: When you automate reviews with risk scores, you create a smoother customer journey. For instance, Amazon doesn’t ask for a credit card CVV to speed up the payment process. You can reduce the number of steps between your user and their payment, as long as only risky behavior is reviewed.
  • Better flexibility: Balancing the numbers yourself lets you decide how you want to mitigate risk. This could be based on seasonality, or for specific items, such as high-value goods or low-value digital downloads. Just keep in mind that not all fraud prevention tools let you adjust the thresholds yourself.

Disadvantages of Fraud Scoring

The biggest disadvantage of fraud scoring is that no two fraud companies use the same standards. If you move from one business to the next, you may have to relearn how to mitigate risk based on a completely new scale.

So a user with a low score of 0 could be excellent for one provider, but extremely risky for another.

At SEON, we set our preset thresholds as follows – but keep in mind you can change all this completely and very easily.

0 to 10:The action is safe and can be approved automatically.
10 to 20:The action could be risky, and should probably be reviewed manually. The user journey is momentarily paused, and you can create an alert via email, for instance, to manually process the action.

Another option is to trigger a second set of verifications automatically at this stage. This dynamic friction strategy will help you reduce false positives.
20 or more: The action is risky and will be declined. You can blacklist the user’s data points forever if you want.

All of these can be adjusted manually. But before tweaking them, it’s important to first get a good understanding of which rules give us a fraud score.

How to Get Started with Fraud Scoring 

Fraud scoring varies greatly from one anti-fraud tool to the next, so it helps to have an understanding of the basics before you choose your solution.

Fraud Scores - How it Works

Understand Where the Fraud Rules Come From

The rules which help calculate a fraud score can be: 

  • pre-set by the provider and/or tailored to your industry
  • created manually
  • suggested by AI based on historical data

However, when it comes to fraud rules, there is no one-size-fits-all approach. One rule might work great to catch fraudsters on a crypto exchange but fail with iGaming operators. 

This is why it’s extremely important to test the rules in a true business environment, based on your historical data

In the case of AI-powered machine learning rules, you also want to be able to understand exactly what the tool is suggesting, hence the importance of whitebox systems.

Consider Whitebox vs Blackbox Fraud Scoring

Some engines offer full transparency into their inner workings; others tend to make it harder to guess what the algorithms do. At SEON, we believe whitebox systems are always superior as they are transparent and allow you to:

  • Understand what each rule does. For instance, looking at how many login attempts are considered suspicious within a set time range.
  • Balance the weight of each rule: You need to test how important each rule is, especially when you use dozens of them at once.
  • Adjust your risk thresholds: You might want control over what is considered a risky score versus a safe one. Make sure the fraud prevention tool doesn’t lock you into their own blackbox settings there.

As we’re going to see in more detail below, SEON comes with industry-preset rules, machine-learning suggested rules and custom rules. It also lets you visualize them through a decision tree, so you can get a clear overview of how each score is calculated.

In fact, even the rules suggested by the AI are delivered in a fully transparent human-readable form, so you’re never at the mercy of an algorithm, as you are with blackbox systems.

Test the Rules for Accuracy

One key element of fraud scores is that their precision is only as good as the data used to calculate them. This is why your fraud prevention system should not only collect as much data as possible, but also enrich it.

The core concept is that it helps:

  • validate the quality of the data you get
  • link the data to external data sources, so you get more information about the user than what they submit through the fields
  • reduce the amount of data the user needs to submit so that you can speed up their customer journey

How Does Fraud Scoring Work at SEON?

Fraud scoring at SEON is fully explainable and customizable on a granular level. It is based on sets of risk rules that can be fully customized but also makes use of two separate machine learning modules, combining human and artificial intelligence.

 Fraud Scores - How SEON does Fraud Scoring

As an industry-agnostic solution that caters to different setups and needs, we allow customers complete control over fraud scoring. However, we also offer ways to automate with efficiency for those who prefer a hands-off approach.

The Admin Panel features a Scoring Engine section, which contains all the fraud scoring rules that are available, including activated and deactivated rules. 

This provides an overview of how risk and fraud scores are calculated under the hood, as well as the opportunity to add new rules, edit existing ones and receive machine learning insights into what else could work based on historical data.

1. Default Rules

all default rules at SEON's platform

Notice the first column in the list of rules, which contains a toggle to easily turn each rule on and off.

The first tab represents the most straightforward category: default rules are best-practice rules that SEON’s team of fraud analysts has found are good to factor into risk scores, in most cases. Depending on what they focus on, they are further grouped into email rules, IP rules, etc – for quicker reference.

For example, there is a rule to add +10 points to the score of anyone using a disposable phone number. Meanwhile, any customer using a remote access protocol gets just +1.

Why? Because on its own, this is not enough to consider them highly suspicious. However, if there are additional red flags for this customer, their score will go up further, possibly triggering manual review or even blocking them.

2. Custom Rules

This type of rule gives SEON’s customers the opportunity to be in complete control of the risk scoring, creating rules from scratch based entirely on their risk appetite, industry and preferences.

new rule

The platform allows for complete and detailed customization, down to the decimal point of the added score. Specifically, actions triggered when a certain requirement is satisfied can include:

  • Score: Choose how many points are added to (or subtracted from) the overall risk score, down to the decimal point.
  • State: Should this new rule automatically Approve, Reject or send to manual Review the transaction?
  • List: Allows you to automatically blacklist or whitelist a user whenever a set of conditions are met. For example, one might want to automatically blacklist all customers logging in from a specific IP location.

Rule parameters can be one of three types, at present:

Data matchExamines whether a value is exactly the same as, or different to, another. Operators are is equal to and is not equal to.

For example, this rule can be set to flag for manual review all users whose device is at 0% battery. 
CompareThis type of parameter will look at whether a value fulfills certain criteria based on standard operators, which include is equal to, is greater than, exists, does not exist, etc.

For example, it can be set to remove 2 points from the risk score of anyone with more than 3 social media profiles.
VelocityWill compare values within the dimension of time – be it across transactions and users, or for a specific customer. Operators here include all the above-mentioned, but time frame and past and present field also need to be defined (referring to what you compare to what, and over what period of time).

For example, it can block and blacklist an IP if more than 15 different users log on from it within half an hour.

To create these rules, there also handy templates. A series of rule parameters can be combined to form velocity rules as well as more complex rules.

Conveniently, these can be grouped into custom categories, for reference. They are also searchable using filters. On SEON’s Scoring Engine, you can have as many or as few custom rules as you require.

In terms of testing out custom rules, there is a sandbox environment, as well as a quick way to try a new rule on recent and existing data. This will show you the results the new rule would have had on recent transactions, and helps ensure the intended result is reached and the risk scoring works as expected. It also allows you for experimentation and fine-tuning.

rule testing

3. Machine Learning Rules

SEON’s algorithms learn from past activity and generate new machine learning rule suggestions. These are a set of fully explainable risk scoring rules that are tailor-made for your operations, complete with a confidence score of how well the system expects each one to work.

Through time, the ML module observes customers’ activity as well as the labels and decisions you have made based on it, and starts discerning patterns in your customers’ (as well as fraudsters’) actions and setups.

machine learning SEON

SEON’s engine generates transparent and whitebox machine learning suggestions, which means that it will fully explain what this rule would do and the logic behind it, allowing you to make better informed choices, and possibly amend it before it goes live.

For those who prefer an optimized set-and-forget approach that still makes use of the power of machine learning, there is also the option to automatically enable machine learning rule suggestions that are over a certain confidence threshold – or even all of them.

Industry Presets

From fintech to iGaming, BNPLs to online lending and travel, SEON’s team has spotted fraud trends and patterns that are more closely linked with certain industries. Some are more obvious, such as bonus abuse and multi accounting in iGaming, and others less so, like OTP interception for banking account takeovers.

We’ve used our decades’ worth of accumulated industry insight to create rulesets that can serve as industry presets, and can be added to a customer’s risk scoring engine at their request. This means that they can enjoy a set of easy-to-use custom rules that are targeting their particular industry’s pain points even more effectively. 

Blackbox Fraud Scoring at SEON

Meanwhile, a separate blackbox machine learning module works behind the scenes to calculate how probable it is that a given transaction is fraudulent, independently of the risk scoring we examined above. 

In addition to the whitebox machine learning module we discussed above, SEON’s platform leverages the power of blackbox ML fraud prevention to identify new patterns and unexpected instances of fraud, complementing the fraud score your other rules have defined. 

If they choose to use this, customers will be able to see and action two risk scores for each transaction: 

  • a whitebox risk score that comes from applying all the enabled fraud scoring rules – this is fully explainable 
  • a blackbox risk score that cannot be explained but can catch new trends and patterns, and is available from day one

Blackbox scoring can be activated from the Settings tab. Once it has, it will also start giving you a separate blackbox risk score for each customer action. 

Fraud analysts can take this into account when doing manual review, but you can also use blackbox score results themselves in rules. For example, you can define a custom rule that sends to manual review all blackbox risk scores that are higher than 30.

Fraud Scoring Example Workflow

The fraud scoring we’ve looked at above uses hundreds of data points from SEON’s robust data enrichment and device fingerprinting modules 

Here is a clear example of how much extra information you can glean thanks to data enrichment software solutions, and how this helps improve the precision of risk scores:

  1. A new user signs up on your site, with only a name and email address.
  2. Under the hood, SEON’s modules are already performing digital footprinting and device fingerprinting analysis to gather extra hidden data such as IP address, social profiles based on email and phone, device used, browser, etc.
  3. The data is cross-referenced (enriched) with external databases.
  4. The system receives extra data, such as email domain address info, sign-ups for social platforms using this email address, whether it appears on blacklists, etc.
  5. The data is fed through the predictive rule engine.
  6. The calculations give you the risk score.

As you can imagine, avoiding steps 3 and 4 is possible, but it could skew the fraud scoring, and reduce its precision in flagging a fraudulent customer.

Key Takeaways

Whether you are an experienced fraud manager or not, we hope this primer on fraud scoring has allowed you to get a better idea of how and why they work.

More importantly, we hope you can see how important it is to truly understand which rules affect the values. This is only possible if your fraud prevention system is a whitebox one, designed to offer transparency into its data enrichment and rule-creation processes.

This is exactly the philosophy behind the SEON platform, a powerful end-to-end solution that gives you complete control over the rules that affect your users’ fraud scores.

Block Risky Transactions with Fraud Scores

SEON is a powerful end-to-end solution that gives you complete control over the rules that affect your users’ fraud scores, with two types of machine learning tech.

Ask an Expert

Frequently Asked Questions

How is a fraud score calculated?

Fraud scores are calculated by feeding user data through risk rules. The total score should fall within a range that lets you know whether you should accept, decline, or review the action.

Do more rules mean higher loading time?

It depends. Generally, longer rules weigh down the system more than more rules. In other words, longer rules that involve more parameters will have a greater impact on performance than shorter rules. Sometimes, an easy solution to this is to break them up into shorter, simpler rules. Made up of fraud managers and analysts exclusively, SEON’s Customer Success team can help you identify any such rules and optimize them to speed up your operations.

Is fraud scoring reliable?

Fraud scoring can give out results with extremely high accuracy. However, the quality of the results depends on the kind of rules in place, how up to date they are, and even what kind of industry you are in.

Further reading:

Learn more about:

Browser Fingerprinting | Device Fingerprinting | Fraud Detection API | Fraud Detection with Machine Learning & AI

Share article

Speak with a fraud fighter.

Click here

Author avatar
Bence Jendruszak

Bence Jendruszák is the Chief Operating Officer and co-founder of SEON. Thanks to his leadership, the company received the biggest Series A in Hungarian history in 2021. Bence is passionate about cybersecurity and its overlap with business success. You can find him leading webinars with industry leaders on topics such as iGaming fraud, identity proofing or machine learning (when he’s not brewing questionable coffee for his colleagues).


Sign up for our newsletter

The top stories of the month delivered straight to your inbox