Fraud Scoring: What Is It & How Does It Work

Most fraud prevention and detection tools deliver results via fraud scores, but what do they measure, and how exactly do they work? In this article, we’ll break down the basics of fraud scoring and explore how you can leverage them to boost business efficiency.

What Is a Fraud Score?

A fraud score is a number that answers the question, “How likely is this person to be a fraudster?” Fraud scoring assigns a value to how risky a user action is. The fraud scores are calculated using rules which add or subtract points based on the known data points about a user.

For instance, the user action may be a signup, login or card payment. Known data points include the user’s IP address, email address, or their device configuration.

In fact, there are dozens of different data points within each of these. An email address can appear on known blacklists, for example. Or an IP address, for instance, can be tied to known Tor nodes or locales. In fact, note that an IP fraud score is its own specific kind of fraud score.

How Does Fraud Scoring Work?

For fraud scoring to work, you need versatile fraud prevention software that can analyze user data and run it through risk rules to calculate how risky an action is. For example, a new user registration tied to a high-risk ID or a blacklisted credit card would likely be blocked or flagged for manual review. The key is that fraud scoring should let you automatically approve, reject, or review actions, much like a credit bureau assesses financial risk when someone applies for a loan or opens a new account.

Simply put:

A user tries to perform an action.
The fraud prevention system checks the available data about the user — either information they submitted (like a phone number) or data the system collected (like an IP address or device setup).
SEON’s data enrichment process uncovers even more information about the user.
All of this data is fed into the fraud scoring engine.
Fraud rules are applied, assigning positive or negative scores to each data point.
The final score is calculated, and if the solution is a whitebox model, you can view the full reasoning behind it.
Depending on the score, the system automatically applies a predefined action:
- Approve
- Deny
- Forward for manual review

It’s important to note that SEON’s fraud scoring is highly granular, meaning:

Every piece of data gathered is visible and can be downloaded for further analysis.
You have full control over the fraud rules — you decide which ones are active, how much they impact the score, and when they are triggered.
You can create, add, or remove your own custom rules at any time.
You can use rules that are standard in your industry.
Our machine learning module monitors user behavior and suggests new rules, which you can either approve individually or set to apply automatically.
You also get expert support from our Customer Success team through regular check-ins and hands-on assistance.

Better Risk Scoring for Less Fraud

Fight fraud with fully transparent risk scoring and powerful rulesets using machine learning and human insight.

Ask an Expert

Fraud Score Calculation Example

For this example, we’ll look at a user trying to make a payment on your site.

fraud scoring - low number set from SEON's calculation

From the score, you can tell the transaction is risky. The IP address has been found on a spam blacklist. The customer is using a data center, which are known to be the preference of cybercriminals and thus add +10 to the score. Suspicious ports are open, which could indicate spoofing. For such reasons, the score has been calculated as 19 out of 100 in this case.

Perhaps, though, it’s not 100% certain you are dealing with a fraudster. It would be a great time to alert the team that a manual review is needed, or to trigger additional verification.

Keep in mind that the risk scoring and what happens with the resulting number depends on your risk appetite and, on the SEON platform, can be very easily tweaked. For example, if you wanted to, you could set the platform to give +20 rather than +10 to data center IPs. Or to automatically block every action scored more than 5, and never push to manual review.

Advantages of Fraud Scoring

To understand the benefits of fraud scores, let’s imagine you are a small online store focusing on reducing transaction fraud (when users pay with stolen credit card details).

Your goal is to reduce chargebacks, identify legitimate users, weed out fraudsters, and facilitate good payments. So, what can fraud scores do for you?

They allow automation: Instead of manually reviewing every purchase, you can let the system assign a value to each action, and approve or deny it based on the results. Of course, you can also review actions where the results are indecisive for certain transactions.
Scaling: Fraud scores will let your store process many more transactions, more quickly. This helps you focus on growing your business with complete peace of mind, while risk management is taken care of in the background.
Dynamic authentication: Even if your risk numbers point to the need for manual review, you can still add another layer of safety with triggers. Let’s say someone signs up to your platform, but their transactions data signals they might be a risky user. Your risk prevention system could trigger additional authentication such as 2FA, which can confirm their identity, and deter potential fraudsters.
Reduced friction and customer churn: When you automate reviews with risk scores, you create a smoother customer journey. For instance, Amazon doesn’t ask for a credit card CVV to speed up the payment process. You can reduce the number of steps between your user and their payment, as long as only risky behavior is reviewed.
Better flexibility: Balancing the numbers yourself lets you decide how you want to mitigate risk. This could be based on seasonality, or for specific items, such as high-value goods or low-value digital downloads. Just keep in mind that not all fraud prevention tools let you adjust the thresholds yourself.

Disadvantages of Fraud Scoring

The biggest disadvantage of fraud scoring is that no two companies use the same standards, so switching providers often means relearning how to assess risk. For example, a score of 0 could mean an excellent user for one provider but a risky one for another. At SEON, we offer preset thresholds to help you get started — but you can easily customize them at any time.

0 to 10:	The action is safe and can be approved automatically.
10 to 20:	The action could be risky, and should probably be reviewed manually. The user journey is momentarily paused, and you can create an alert via email, for instance, to manually process the action. Another option is to trigger a second set of verifications automatically at this stage. This dynamic friction strategy will help you reduce false positives.
20 or more:	The action is risky and will be declined. You can blacklist the user’s data points forever if you want.

All of these can be adjusted manually. But before tweaking them, it’s important to first get a good understanding of which rules give us a fraud score.

How to Get Started with Fraud Scoring

Fraud scoring varies greatly from one anti-fraud tool to the next, so it helps to have an understanding of the basics before you choose your solution.

1. Understand Where the Fraud Rules Come From

The rules which help calculate a fraud score can be:

pre-set by the provider and/or tailored to your industry
created manually
suggested by AI based on historical data

However, when it comes to fraud rules, there is no one-size-fits-all approach. One rule might work great to catch fraudsters on a crypto exchange but fail with iGaming operators.

This is why it’s extremely important to test the rules in a true business environment, based on your historical data.

In the case of AI-powered machine learning rules, you also want to be able to understand exactly what the tool is suggesting, hence the importance of whitebox systems.

2. Consider Whitebox vs Blackbox Fraud Scoring

Some engines offer full transparency into their inner workings; others tend to make it harder to guess what the algorithms do. At SEON, we believe whitebox systems are always superior as they are transparent and allow you to:

Understand what each rule does. For instance, looking at how many login attempts are considered suspicious within a set time range.
Balance the weight of each rule: You need to test how important each rule is, especially when you use dozens of them at once.
Adjust your risk thresholds: You might want control over what is considered a risky score versus a safe one. Make sure the fraud prevention tool doesn’t lock you into their own blackbox settings there.

As we’re going to see in more detail below, SEON comes with industry-preset rules, machine-learning suggested rules and custom rules. It also lets you visualize them through a decision tree, so you can get a clear overview of how each score is calculated.

In fact, even the rules suggested by the AI are delivered in a fully transparent human-readable form, so you’re never at the mercy of an algorithm, as you are with blackbox systems.

3. Test the Rules for Accuracy

One key element of fraud scores is that their precision is only as good as the data used to calculate them. This is why your fraud prevention system should not only collect as much data as possible, but also enrich it.

The core concept is that it helps:

validate the quality of the data you get
link the data to external data sources, so you get more information about the user than what they submit through the fields
reduce the amount of data the user needs to submit so that you can speed up their customer journey

How Does Fraud Scoring Work at SEON?

Fraud Scores - How SEON does Fraud Scoring

SEON’s fraud scoring is transparent and fully customizable. It combines human-defined rules with whitebox and blackbox machine learning models. Designed to support a broad range of industries and risk strategies, it lets users define their own rules while offering intelligent automation for those who prefer a hands-off approach.

When going into the Scoring Engine from the Admin panel, users can view, edit or add rules, while also accessing machine learning-driven insights based on historical data to optimize fraud detection.

1. Default Rules

Default rules represent SEON’s baseline recommendations, created by fraud analysts based on common fraud patterns observed across industries. To simplify navigation, these best-practice rules are grouped by category, such as email, IP and phone.

For instance, a rule might add +10 points to the score if a disposable phone number is used. In contrast, detecting a remote access protocol may only add +1 point. That’s because, in isolation, it’s not a strong fraud signal — but if multiple risk factors are present, the total score may exceed the review or block threshold.

The first column in the rule list includes a toggle switch, allowing users to easily enable or disable individual rules.

2. Custom Rules

Custom rules give SEON users complete control over fraud scoring, allowing them to define logic tailored to their risk appetite, industry and workflows. Each rule can trigger specific actions — adjusting the score, changing the transaction state (Approve, Review, Decline) or managing user lists (Blacklist/Whitelist) — with full control down to decimal-point precision.

Rules are built using one or more of the following parameter types:

Data match: Checks for exact value matches (e.g., flagging devices at 0% battery).
Compare: Uses standard operators like greater than, exists or equals (e.g., subtracting points for users with multiple social profiles).
Velocity: Analyzes behavior over time (e.g., blocking IPs used by 15+ users within 30 minutes).

Users can combine multiple conditions, group rules into custom categories and use templates to speed up setup. All rules are searchable and testable against historical data via a built-in preview feature or the sandbox environment, making it easy to finetune risk strategies with confidence.

3. Machine Learning Rules

SEON’s whitebox machine learning module generates rule suggestions based on patterns it detects from historical data and user-labeled decisions. These rules are fully transparent, with each suggestion showing its logic and an associated confidence score, so you understand why it was recommended and how reliable it is.

Over time, the model learns from your team’s Approve/Review/Decline actions and uncovers behavioral trends across both legitimate users and fraudsters. Suggested rules can be reviewed, edited or enabled directly in the Scoring Engine.

For a more automated setup, you can choose to auto-activate machine learning-generated rules above a set confidence threshold (or all of them), streamlining fraud prevention while maintaining visibility and control.

SEON's dashboard showing machine learning rules

4. Industry Presets

In addition to SEON’s transparent (whitebox) fraud scoring, the platform also offers a powerful blackbox machine learning module that independently assesses the probability of fraud for each transaction. This system operates in the background, identifying subtle patterns and evolving fraud tactics that may not yet be covered by rule-based scoring.

Once enabled, Blackbox scoring starts assigning a separate risk score, from 0 to 100, to each transaction. This score is based on SEON’s continuously trained machine learning model, which draws on global fraud data and customer-specific trends. While the logic behind the score is not exposed, it offers valuable predictive power from day one.

Blackbox scores can also be incorporated into custom rules, for example, automatically flagging or reviewing transactions with a blackbox score above 30, further enhancing customer risk assessment and decision automation.

Fraud Scoring Example Workflow

SEON’s fraud scoring engine draws on hundreds of data points via digital footprint assessment and device intelligence to deliver precise, real-time risk evaluations. Here’s how that process works in practice:

User signs up: A user registers on your platform, providing only a name and email address.
Automated enrichment begins: In the background, SEON gathers data via digital footprint and device analysis, uncovering details such as IP address, device type, browser version and linked social media accounts based on the email or phone number.
Cross-referencing external data: This raw data is enriched using external sources to reveal insights like the email’s domain quality, presence on blacklists or history of use across platforms.
Scoring engine activation: The enriched dataset is passed through the rule-based and machine learning scoring engines.
Risk score output: A fraud score is returned, helping determine whether the user should be approved, reviewed or blocked.

Skipping enrichment steps would limit visibility into the user’s digital footprint, weakening the effectiveness of your customer risk assessment and potentially allowing fraudulent behavior to slip through.

Key Takeaways

A robust fraud scoring strategy relies on the combination of two critical elements: transparency and adaptability. This is best achieved by integrating both whitebox and blackbox machine learning models and custom risk rules.

Whitebox models provide clarity and control, allowing fraud teams to define, adjust and audit scoring rules based on clear logic and explainable outcomes. Blackbox models, on the other hand, deliver dynamic, data-driven insights. By analyzing historical patterns and user-labeled outcomes, these systems uncover correlations and emerging fraud trends that static rule sets might miss. Even though the logic behind their scores isn’t visible, they provide valuable signals that enhance detection accuracy from the outset.

Together, these approaches offer a complementary framework: one that empowers organizations to understand and shape their fraud prevention strategy while also staying ahead of evolving threats. The ability to customize risk rules, incorporate machine learning and adjust thresholds to fit business needs is what distinguishes effective, modern fraud prevention systems.

Block Risky Transactions with Fraud Scores

SEON gives you full control over fraud scoring, combining transparent rule logic with powerful machine learning to stop threats before they impact your business.

Speak with an Expert

Frequently Asked Questions

How is a fraud score calculated?

Fraud scores are calculated by feeding user data through risk rules. The total score should fall within a range that lets you know whether you should accept, decline, or review the action.

Do more rules mean higher loading time?

It depends. Generally, longer rules weigh down the system more than more rules. In other words, longer rules that involve more parameters will have a greater impact on performance than shorter rules. Sometimes, an easy solution to this is to break them up into shorter, simpler rules. Made up of fraud managers and analysts exclusively, SEON’s Customer Success team can help you identify any such rules and optimize them to speed up your operations.

Is fraud scoring reliable?

Fraud scoring can give out results with extremely high accuracy. However, the quality of the results depends on the kind of rules in place, how up to date they are, and even what kind of industry you are in.

Further reading:

Learn more about:

Browser Fingerprinting | Device Fingerprinting | Digital Footprinting | Fraud Detection with Machine Learning & AI