Most fraud prevention and detection tools deliver results via fraud scores, but what do they measure, and how exactly do they work? In this article, we’ll break down the basics of fraud scoring and explore how you can leverage them to boost business efficiency.

What Is a Fraud Score?

A fraud score is a number that answers the question, “How likely is this person to be a fraudster?” Fraud scoring assigns a value to how risky a user action is. The fraud scores are calculated using rules which add or subtract points based on the known data points about a user.

For instance, the user action may be a signup, login or card payment. Known data points include the user’s IP address, email address, or their device configuration.

In fact, there are dozens of different data points within each of these. An email address can appear on known blacklists, for example. Or an IP address, for instance, can be tied to known Tor nodes or locales. In fact, note that an IP fraud score is its own specific kind of fraud score.

How Does Fraud Scoring Work?

For fraud scoring to work, you need versatile fraud prevention software that can analyze user data and run it through risk rules to calculate how risky an action is. For example, a new user registration tied to a high-risk ID or a blacklisted credit card would likely be blocked or flagged for manual review. The key is that fraud scoring should let you automatically approve, reject, or review actions, much like a credit bureau assesses financial risk when someone applies for a loan or opens a new account.

Simply put:

1. A user tries to perform an action.
2. The fraud prevention system checks the available data about the user — either information they submitted (like a phone number) or data the system collected (like an IP address or device setup).
3. SEON’s data enrichment process uncovers even more information about the user.
4. All of this data is fed into the fraud scoring engine.
5. Fraud rules are applied, assigning positive or negative scores to each data point.
6. The final score is calculated, and if the solution is a whitebox model, you can view the full reasoning behind it.
7. Depending on the score, the system automatically applies a predefined action:
   • Approve
   • Deny
   • Forward for manual review

It’s important to note that SEON’s fraud scoring is highly granular, meaning:

• Every piece of data gathered is visible and can be downloaded for further analysis.
• You have full control over the fraud rules — you decide which ones are active, how much they impact the score, and when they are triggered.
• You can create, add, or remove your own custom rules at any time.
• You can use rules that are standard in your industry.
• Our machine learning module monitors user behavior and suggests new rules, which you can either approve individually or set to apply automatically.
• You also get expert support from our Customer Success team through regular check-ins and hands-on assistance.

Fraud Score Calculation Example

For this example, we’ll look at a user trying to make a payment on your site. 

From the score, you can tell the transaction is risky. The IP address has been found on a spam blacklist. The customer is using a data center, which are known to be the preference of cybercriminals and thus add +10 to the score. Suspicious ports are open, which could indicate spoofing. For such reasons, the score has been calculated as 19 out of 100 in this case.

Perhaps, though, it’s not 100% certain you are dealing with a fraudster. It would be a great time to alert the team that a manual review is needed, or to trigger additional verification.

Keep in mind that the risk scoring and what happens with the resulting number depends on your risk appetite and, on the SEON platform, can be very easily tweaked. For example, if you wanted to, you could set the platform to give +20 rather than +10 to data center IPs. Or to automatically block every action scored more than 5, and never push to manual review.

Advantages of Fraud Scoring

To understand the benefits of fraud scores, let’s imagine you are a small online store focusing on reducing transaction fraud (when users pay with stolen credit card details).

Your goal is to reduce chargebacks, identify legitimate users, weed out fraudsters, and facilitate good payments. So, what can fraud scores do for you?

• They allow automation: Instead of manually reviewing every purchase, you can let the system assign a value to each action, and approve or deny it based on the results. Of course, you can also review actions where the results are indecisive for certain transactions.
  
• Scaling: Fraud scores will let your store process many more transactions, more quickly. This helps you focus on growing your business with complete peace of mind, while risk management is taken care of in the background.
  
• Dynamic authentication: Even if your risk numbers point to the need for manual review, you can still add another layer of safety with triggers. Let’s say someone signs up to your platform, but their transactions data signals they might be a risky user. Your risk prevention system could trigger additional authentication such as 2FA, which can confirm their identity, and deter potential fraudsters.
  
• Reduced friction and customer churn: When you automate reviews with risk scores, you create a smoother customer journey. For instance, Amazon doesn’t ask for a credit card CVV to speed up the payment process. You can reduce the number of steps between your user and their payment, as long as only risky behavior is reviewed.
  
• Better flexibility: Balancing the numbers yourself lets you decide how you want to mitigate risk. This could be based on seasonality, or for specific items, such as high-value goods or low-value digital downloads. Just keep in mind that not all fraud prevention tools let you adjust the thresholds yourself.

Disadvantages of Fraud Scoring

The biggest disadvantage of fraud scoring is that no two companies use the same standards, so switching providers often means relearning how to assess risk. For example, a score of 0 could mean an excellent user for one provider but a risky one for another. At SEON, we offer preset thresholds to help you get started — but you can easily customize them at any time.

0 to 10:	The action is safe and can be approved automatically.
10 to 20:	The action could be risky, and should probably be reviewed manually. The user journey is momentarily paused, and you can create an alert via email, for instance, to manually process the action. Another option is to trigger a second set of verifications automatically at this stage. This dynamic friction strategy will help you reduce false positives.
20 or more:	The action is risky and will be declined. You can blacklist the user’s data points forever if you want.

All of these can be adjusted manually. But before tweaking them, it’s important to first get a good understanding of which rules give us a fraud score.

How to Get Started with Fraud Scoring 

Fraud scoring varies greatly from one anti-fraud tool to the next, so it helps to have an understanding of the basics before you choose your solution.

1. Understand Where the Fraud Rules Come From

The rules which help calculate a fraud score can be: 

• pre-set by the provider and/or tailored to your industry
• created manually
• suggested by AI based on historical data

However, when it comes to fraud rules, there is no one-size-fits-all approach. One rule might work great to catch fraudsters on a crypto exchange but fail with iGaming operators. 

This is why it’s extremely important to test the rules in a true business environment, based on your historical data. 

In the case of AI-powered machine learning rules, you also want to be able to understand exactly what the tool is suggesting, hence the importance of whitebox systems.

2. Consider Whitebox vs Blackbox Fraud Scoring

Some engines offer full transparency into their inner workings; others tend to make it harder to guess what the algorithms do. At SEON, we believe whitebox systems are always superior as they are transparent and allow you to:

• Understand what each rule does. For instance, looking at how many login attempts are considered suspicious within a set time range.
• Balance the weight of each rule: You need to test how important each rule is, especially when you use dozens of them at once.
• Adjust your risk thresholds: You might want control over what is considered a risky score versus a safe one. Make sure the fraud prevention tool doesn’t lock you into their own blackbox settings there.

As we’re going to see in more detail below, SEON comes with industry-preset rules, machine-learning suggested rules and custom rules. It also lets you visualize them through a decision tree, so you can get a clear overview of how each score is calculated.

In fact, even the rules suggested by the AI are delivered in a fully transparent human-readable form, so you’re never at the mercy of an algorithm, as you are with blackbox systems.

3. Test the Rules for Accuracy

One key element of fraud scores is that their precision is only as good as the data used to calculate them. This is why your fraud prevention system should not only collect as much data as possible, but also enrich it.

The core concept is that it helps:

• validate the quality of the data you get
• link the data to external data sources, so you get more information about the user than what they submit through the fields
• reduce the amount of data the user needs to submit so that you can speed up their customer journey

How Does Fraud Scoring Work at SEON?

Fraud scoring at SEON is fully explainable, highly customizable, and combines human input with two machine learning modules. Built to serve a wide range of industries and setups, it gives customers full control over risk rules while also offering automation options for those who prefer a hands-off approach.

Through the Admin Panel’s Scoring Engine section, users can view all available rules — active and inactive — to see exactly how scores are calculated. They can easily add or edit rules and receive machine learning insights based on historical data.

1. Default Rules

Notice the first column in the list of rules, which contains a toggle to easily turn each rule on and off.

The first tab represents the most straightforward category: default rules are best-practice rules that SEON’s team of fraud analysts has found are good to factor into risk scores, in most cases. Depending on what they focus on, they are further grouped into email rules, IP rules, etc – for quicker reference.

For example, there is a rule to add +10 points to the score of anyone using a disposable phone number. Meanwhile, any customer using a remote access protocol gets just +1.

Why? Because on its own, this is not enough to consider them highly suspicious. However, if there are additional red flags for this customer, their score will go up further, possibly triggering manual review or even blocking them.

2. Custom Rules

This type of rule gives SEON’s customers the opportunity to be in complete control of the risk scoring, creating rules from scratch based entirely on their risk appetite, industry and preferences.

The platform allows for complete and detailed customization, down to the decimal point of the added score. Specifically, actions triggered when a certain requirement is satisfied can include:

• Score: Choose how many points are added to (or subtracted from) the overall risk score, down to the decimal point.
• State: Should this new rule automatically Approve, Reject or send to manual Review the transaction?
• List: Allows you to automatically blacklist or whitelist a user whenever a set of conditions are met. For example, one might want to automatically blacklist all customers logging in from a specific IP location.

Rule parameters can be one of three types, at present:

Data match	Examines whether a value is exactly the same as, or different to, another. Operators are is equal to and is not equal to. For example, this rule can be set to flag for manual review all users whose device is at 0% battery.
Compare	This type of parameter will look at whether a value fulfills certain criteria based on standard operators, which include is equal to, is greater than, exists, does not exist, etc. For example, it can be set to remove 2 points from the risk score of anyone with more than 3 social media profiles.
Velocity	Will compare values within the dimension of time – be it across transactions and users, or for a specific customer. Operators here include all the above-mentioned, but time frame and past and present field also need to be defined (referring to what you compare to what, and over what period of time). For example, it can block and blacklist an IP if more than 15 different users log on from it within half an hour.

To create these rules, there also handy templates. A series of rule parameters can be combined to form velocity rules as well as more complex rules.

Conveniently, these can be grouped into custom categories, for reference. They are also searchable using filters. On SEON’s Scoring Engine, you can have as many or as few custom rules as you require.

In terms of testing out custom rules, there is a sandbox environment, as well as a quick way to try a new rule on recent and existing data. This will show you the results the new rule would have had on recent transactions, and helps ensure the intended result is reached and the risk scoring works as expected. It also allows you for experimentation and fine-tuning.

3. Machine Learning Rules

SEON’s algorithms learn from past activity and generate new machine learning rule suggestions. These are a set of fully explainable risk scoring rules that are tailor-made for your operations, complete with a confidence score of how well the system expects each one to work.

Through time, the ML module observes customers’ activity as well as the labels and decisions you have made based on it, and starts discerning patterns in your customers’ (as well as fraudsters’) actions and setups.

SEON’s engine generates transparent and whitebox machine learning suggestions, which means that it will fully explain what this rule would do and the logic behind it, allowing you to make better informed choices, and possibly amend it before it goes live.

For those who prefer an optimized set-and-forget approach that still makes use of the power of machine learning, there is also the option to automatically enable machine learning rule suggestions that are over a certain confidence threshold – or even all of them.

Industry Presets

From fintech to iGaming, BNPLs to online lending and travel, SEON’s team has spotted fraud trends and patterns that are more closely linked with certain industries. Some are more obvious, such as bonus abuse and multi accounting in iGaming, and others less so, like OTP interception for banking account takeovers.

We’ve used our decades’ worth of accumulated industry insight to create rulesets that can serve as industry presets, and can be added to a customer’s risk scoring engine at their request. This means that they can enjoy a set of easy-to-use custom rules that are targeting their particular industry’s pain points even more effectively. 

Blackbox Fraud Scoring at SEON

Meanwhile, a separate blackbox machine learning module works behind the scenes to calculate how probable it is that a given transaction is fraudulent, independently of the risk scoring we examined above. 

In addition to the whitebox machine learning module we discussed above, SEON’s platform leverages the power of blackbox ML fraud prevention to identify new patterns and unexpected instances of fraud, complementing the fraud score your other rules have defined. 

If they choose to use this, customers will be able to see and action two risk scores for each transaction: 

• a whitebox risk score that comes from applying all the enabled fraud scoring rules – this is fully explainable 
• a blackbox risk score that cannot be explained but can catch new trends and patterns, and is available from day one

Blackbox scoring can be activated from the Settings tab. Once it has, it will also start giving you a separate blackbox risk score for each customer action. 

Fraud analysts can take this into account when doing manual review, but you can also use blackbox score results themselves in rules. For example, you can define a custom rule that sends to manual review all blackbox risk scores that are higher than 30.

Fraud Scoring Example Workflow

The fraud scoring we’ve looked at above uses hundreds of data points from SEON’s robust data enrichment and device fingerprinting modules 

Here is a clear example of how much extra information you can glean thanks to data enrichment software solutions, and how this helps improve the precision of risk scores:

1. A new user signs up on your site, with only a name and email address.
2. Under the hood, SEON’s modules are already performing digital footprinting and device fingerprinting analysis to gather extra hidden data such as IP address, social profiles based on email and phone, device used, browser, etc.
3. The data is cross-referenced (enriched) with external databases.
4. The system receives extra data, such as email domain address info, sign-ups for social platforms using this email address, whether it appears on blacklists, etc.
5. The data is fed through the predictive rule engine.
6. The calculations give you the risk score.

As you can imagine, avoiding steps 3 and 4 is possible, but it could skew the fraud scoring, and reduce its precision in flagging a fraudulent customer.

Key Takeaways

Whether you are an experienced fraud manager or not, we hope this primer on fraud scoring has allowed you to get a better idea of how and why they work.

More importantly, we hope you can see how important it is to truly understand which rules affect the values. This is only possible if your fraud prevention system is a whitebox one, designed to offer transparency into its data enrichment and rule-creation processes.

This is exactly the philosophy behind the SEON platform, a powerful end-to-end solution that gives you complete control over the rules that affect your users’ fraud scores.

Frequently Asked Questions

Further reading:

• SEON: Top 10 Fraud Management Systems & How to Pick the Right One For You
• SEON: IP Fraud Score: How IP Analysis Works for Fraud Detection

Learn more about:

Browser Fingerprinting | Device Fingerprinting | Digital Footprinting | Fraud Detection with Machine Learning & AI