Most prevention and detection tools deliver results via fraud scores. But what do they measure, and how do they work exactly?
Whether you already have a risk detection solution in place or you’re in the market for one, chances are you’ve heard the term “fraud scores”.
And yet, even experienced business managers are sometimes unable to explain how they work, or why they help reduce risk.
In this post, we’ll break down the basics of fraud scoring, and we’ll see how you can leverage them to boost business efficiency.
Fraud Scoring: A Definition
Fraud prevention tools estimate how risky user actions are by assigning them scores. These actions can be a new signup, a login, or purchase… Each action is run through a number of rules to add or deduct points. The total amount of points lets you automatically approve, decline, or review the action.
Understanding the Concept
To understand how fraud scoring works, it helps to first look at another mechanism more people are familiar with: credit scoring.
As you will know, it’s a form of risk assessment performed by different credit bureaus across the world, such as FICO in the U.S or Equifax in the UK.
While they collect different kinds of data, the goal is to answer the simple question: how likely is the borrower to repay the loan? The educated guess is based on information such as income statements, spending habits, debt history and card usage, amongst others.
We’ll go into more detail about what kind of data is used and how the algorithm calculations are made below. But first, let’s see what makes fraud scores so useful.
The Key Benefits
To understand the benefits of fraud scores, let’s imagine you are a small online store focusing on reducing up to 27% of transaction fraud (when users pay with stolen credit card details). Your goal is to reduce chargeback, identify a legitimate account from a fraudulent one, and facilitate good payments.
- They allow automation: instead of manually reviewing every purchase, you can let the system score each action, and approve or deny it based on the results. Of course, you can also review actions where the results are indecisive for certain transactions.
- Scaling: this goes hand in hand with automation, but fraud scores will let your store process many more transactions quicker. This helps you focus on growing your ecommerce with complete peace of mind, while risk management is taken care of in the background.
- Dynamic authentication: even if your risk scores point to the need for manual review, you can still add another layer of safety with triggers. Let’s say someone signs up to your platform, but their transactions data signals they might be a risky user. Your fraud prevention system could trigger additional authentication such as a selfie ID or 2FA, which can confirm their identity, and deter potential fraudsters.
- Reduced friction / churn: final benefit of automating reviews with risk scores: you create a smoother customer journey. For instance, Amazon doesn’t ask for a credit card CVV to speed up the payment process. You can reduce the number of steps between your user and their payment, as long as only risky behaviour is reviewed.
- Better flexibility: Balancing the scores yourself lets you decide how you want to mitigate risk. This could be based on seasonality, or for specific items, such as high-value goods or low-value digital downloads. Just keep in mind that not all fraud prevention tools let you adjust the scores yourself.
How Rules Can Calculate Them
For this example, we’ll look at two users trying to make a payment on your site. The screenshots show exactly how the SEON dashboard will deliver the results:
In this first example, you can tell the transaction is risky, but it’s not 100% evident you are dealing with a fraudster. It would be a great time to alert the team that a manual review is needed, or to trigger additional verification.
The high score in this second examples lets us know we are clearly dealing with a fraudster, which would automatically block the transaction.
However, based on your risk policy, you could also send the transaction to be reviewed manually by a member of your fraud team.
Challenges: a Lack of Industry Standards
Another similarity between fraud and credit scoring: no company calculates them the same way, or gives results within the same range.
For instance, in the UK, credit scoring performed by Experian will give a score between 0-999.
If it’s performed by Equifax, the range will be between 0 and 700. The higher the score, the more likely the user will be able to borrow money.
Similarly, different fraud prevention systems have their own ranges. Some of them go from 0 – 1000, others between 0-5. Interestingly, some providers measure safety rather than risk. So a user with a low score of 0 could be excellent for one provider, but extremely risky for another.
At SEON, we set our preset thresholds as follows:
- 0 – 10: the action is safe, and will be approved automatically.
- 10 -20: the action could be risky, and should be reviewed manually. The user journey is momentarily paused, and you can create an alert via email, for instance, to manually process the action. Another option is to trigger a second set of verifications automatically at this stage.
- 20+: the action is risky and will be declined. You can blacklist the user’s data points forever if you choose to.
Note that these can be adjusted manually. But before tweaking them, it’s important to first get a good understanding of which rules gave these scores.
Getting Started With Fraud Detection Rules
The rules which help calculate fraud scoring can be:
- Preset by the provider and tailored to your industry
- Created manually
- Suggested by AI based on historical data
But when it comes to fraud rules, there is no one-size-fits-all approach. One rule might work great to catch fraudsters on a crypto exchange, but fail with iGaming operators.
This is why it’s extremely important to test the rules in a true business environment, based on your historical data.
In the case of AI or ML (machine learning) rules, you also want to be able to understand exactly what the tool is suggesting, hence the importance of whitebox systems.
Whitebox Systems Vs Blackbox Scoring
Some engines offer full transparency into their inner workings, others tend to make it harder to guess what the algorithms do. At SEON, we believe whitebox systems are always superior as they allow you to:
- Understand what each rule does. For instance, looking at how many login attempts are considered suspicious within a set time range.
- Balance the weight of each rule: You need to test how important each rule is, especially when you use dozens of them at once.
- Adjust your risk thresholds: You might want control over what is considered a risky score versus a safe one. Make sure the fraud prevention tool doesn’t lock you into their own blackbox settings there.
Our Sense Platform, which can come with industry-preset rules, machine-learning suggested rules, and custom rules, lets you visualize them through a decision tree, so you can get a clear overview of how each score is calculated.
In fact, even the rules suggested by the AI are delivered in human-readable form, so you’re never at the mercy of the algorithms.
Ensuring the Rules Give Precise Results
One key element of fraud scores: their precision is only as good as the data used to calculate them. This is why your fraud prevention system should not only collect as much data as possible, but also enrich it.
We have a full post on data enrichment here, but the core concept is that it helps:
- Validate the quality of the data you get
- Link it to external data sources, so you get more information about the user than what they submit through the fields
- Reduce the amount of data the user needs to submit, so you can speed up their customer journey.
Here is a clear example of how much extra information you can glean thanks to data enrichment solutions, and how it helps improve the precision of risk scores:
- A new user signs up on your site, with only a name and email address
- SEON is already performing a digital footprint analysis to gather extra hidden data such as IP address, social profiles based on email and phone, device used, browser, etc…
- The data is cross-referenced (enriched) with external databases
- The system receives extra data, such as email domain address info, whether it appears on blacklists, etc…
- The data is fed through the predictive rule engine
- The calculations give you the risk score.
As you can imagine, avoiding steps 3 and 4 is possible, but it could skew the fraud scoring, and reduce its precision in flagging a fraudulent customer.
Key Takeaway: Take Control of Your Solutions
Whether you are an experienced fraud manager or not, we hope this primer on fraud scoring allowed you to get a better idea of how and why they work.
More importantly, we hope you can see how important it is to truly understand which rules affect the scores. This is only possible if your fraud prevention system is a whitebox one, designed to offer transparency into its data enrichment and rule-creation processes.
This is exactly the philosophy behind SEON’s Sense platform, a powerful end-to-end solution that gives you complete control over the rules that affect your users’ fraud scores.