Guide to Bot Mitigation 2022: What Is It & How Does It Work?

Last Updated: September 11, 2023 by Bence Jendruszak
Most fraud prevention and detection tools deliver results via fraud scores. But what do they measure, and how exactly do they work?
In this article, we’ll break down the basics of fraud scoring, and we’ll see how you can leverage them to boost business efficiency.
A fraud score is a number that answers the question, “How likely is this person to be a fraudster?” Fraud scoring assigns a value to how risky a user action is. The fraud scores are calculated using rules which add or subtract points based on the known data points about a user.
For instance, the user action may be a signup, login or card payment. Known data points include the user’s IP address, email address, or their device configuration.
In fact, there are dozens of different data points within each of these. An email address can appear on known blacklists, for example. Or an IP address, for instance, can be tied to known Tor nodes or locales. In fact, note that an IP fraud score is its own specific kind of fraud score.
Wondering how this works in practice?
Enter your email or phone number below to see what SEON’s engine can tell about you from it, without knowing who you are. Such results drive fraud scoring.
For fraud scoring to work, you must have versatile fraud prevention software that can look at user data. That data is fed through risk rules, which allow you to calculate how dangerous an action is.
For instance, a new user registration from someone with a high-risk ID, or a credit card that appeared on a blacklist before, is likely to be blocked, or at least forwarded for manual review by a human.
The key is that fraud scoring should allow you to automatically approve, reject, or review certain actions. In that sense, it is similar to a credit score check, where a credit bureau assesses the financial risk posed by a user action (taking out a loan, or opening a new account).
Simply put:
It is important to note that the SEON platform’s fraud scoring is highly granular, which means that:
Fight fraud with fully transparent risk scoring and powerful rulesets using machine learning and human insight.
Ask an Expert
For this example, we’ll look at a user trying to make a payment on your site.
From the score, you can tell the transaction is risky. The IP address has been found on a spam blacklist. The customer is using a data center, which are known to be the preference of cybercriminals and thus add +10 to the score. Suspicious ports are open, which could indicate spoofing. For such reasons, the score has been calculated as 19 out of 100 in this case.
Perhaps, though, it’s not 100% certain you are dealing with a fraudster. It would be a great time to alert the team that a manual review is needed, or to trigger additional verification.
Keep in mind that the risk scoring and what happens with the resulting number depends on your risk appetite and, on the SEON platform, can be very easily tweaked. For example, if you wanted to, you could set the platform to give +20 rather than +10 to data center IPs. Or to automatically block every action scored more than 5, and never push to manual review.
To understand the benefits of fraud scores, let’s imagine you are a small online store focusing on reducing transaction fraud (when users pay with stolen credit card details).
Your goal is to reduce chargebacks, identify legitimate users, weed out fraudsters, and facilitate good payments. So, what can fraud scores do for you?
The biggest disadvantage of fraud scoring is that no two fraud companies use the same standards. If you move from one business to the next, you may have to relearn how to mitigate risk based on a completely new scale.
So a user with a low score of 0 could be excellent for one provider, but extremely risky for another.
At SEON, we set our preset thresholds as follows – but keep in mind you can change all this completely and very easily.
0 to 10: | The action is safe and can be approved automatically. |
10 to 20: | The action could be risky, and should probably be reviewed manually. The user journey is momentarily paused, and you can create an alert via email, for instance, to manually process the action. Another option is to trigger a second set of verifications automatically at this stage. This dynamic friction strategy will help you reduce false positives. |
20 or more: | The action is risky and will be declined. You can blacklist the user’s data points forever if you want. |
All of these can be adjusted manually. But before tweaking them, it’s important to first get a good understanding of which rules give us a fraud score.
Fraud scoring varies greatly from one anti-fraud tool to the next, so it helps to have an understanding of the basics before you choose your solution.
The rules which help calculate a fraud score can be:
However, when it comes to fraud rules, there is no one-size-fits-all approach. One rule might work great to catch fraudsters on a crypto exchange but fail with iGaming operators.
This is why it’s extremely important to test the rules in a true business environment, based on your historical data.
In the case of AI-powered machine learning rules, you also want to be able to understand exactly what the tool is suggesting, hence the importance of whitebox systems.
Some engines offer full transparency into their inner workings; others tend to make it harder to guess what the algorithms do. At SEON, we believe whitebox systems are always superior as they are transparent and allow you to:
As we’re going to see in more detail below, SEON comes with industry-preset rules, machine-learning suggested rules and custom rules. It also lets you visualize them through a decision tree, so you can get a clear overview of how each score is calculated.
In fact, even the rules suggested by the AI are delivered in a fully transparent human-readable form, so you’re never at the mercy of an algorithm, as you are with blackbox systems.
One key element of fraud scores is that their precision is only as good as the data used to calculate them. This is why your fraud prevention system should not only collect as much data as possible, but also enrich it.
The core concept is that it helps:
Fraud scoring at SEON is fully explainable and customizable on a granular level. It is based on sets of risk rules that can be fully customized but also makes use of two separate machine learning modules, combining human and artificial intelligence.
As an industry-agnostic solution that caters to different setups and needs, we allow customers complete control over fraud scoring. However, we also offer ways to automate with efficiency for those who prefer a hands-off approach.
The Admin Panel features a Scoring Engine section, which contains all the fraud scoring rules that are available, including activated and deactivated rules.
This provides an overview of how risk and fraud scores are calculated under the hood, as well as the opportunity to add new rules, edit existing ones and receive machine learning insights into what else could work based on historical data.
Notice the first column in the list of rules, which contains a toggle to easily turn each rule on and off.
The first tab represents the most straightforward category: default rules are best-practice rules that SEON’s team of fraud analysts has found are good to factor into risk scores, in most cases. Depending on what they focus on, they are further grouped into email rules, IP rules, etc – for quicker reference.
For example, there is a rule to add +10 points to the score of anyone using a disposable phone number. Meanwhile, any customer using a remote access protocol gets just +1.
Why? Because on its own, this is not enough to consider them highly suspicious. However, if there are additional red flags for this customer, their score will go up further, possibly triggering manual review or even blocking them.
This type of rule gives SEON’s customers the opportunity to be in complete control of the risk scoring, creating rules from scratch based entirely on their risk appetite, industry and preferences.
The platform allows for complete and detailed customization, down to the decimal point of the added score. Specifically, actions triggered when a certain requirement is satisfied can include:
Rule parameters can be one of three types, at present:
Data match | Examines whether a value is exactly the same as, or different to, another. Operators are is equal to and is not equal to. For example, this rule can be set to flag for manual review all users whose device is at 0% battery. |
Compare | This type of parameter will look at whether a value fulfills certain criteria based on standard operators, which include is equal to, is greater than, exists, does not exist, etc. For example, it can be set to remove 2 points from the risk score of anyone with more than 3 social media profiles. |
Velocity | Will compare values within the dimension of time – be it across transactions and users, or for a specific customer. Operators here include all the above-mentioned, but time frame and past and present field also need to be defined (referring to what you compare to what, and over what period of time). For example, it can block and blacklist an IP if more than 15 different users log on from it within half an hour. |
To create these rules, there also handy templates. A series of rule parameters can be combined to form velocity rules as well as more complex rules.
Conveniently, these can be grouped into custom categories, for reference. They are also searchable using filters. On SEON’s Scoring Engine, you can have as many or as few custom rules as you require.
In terms of testing out custom rules, there is a sandbox environment, as well as a quick way to try a new rule on recent and existing data. This will show you the results the new rule would have had on recent transactions, and helps ensure the intended result is reached and the risk scoring works as expected. It also allows you for experimentation and fine-tuning.
SEON’s algorithms learn from past activity and generate new machine learning rule suggestions. These are a set of fully explainable risk scoring rules that are tailor-made for your operations, complete with a confidence score of how well the system expects each one to work.
Through time, the ML module observes customers’ activity as well as the labels and decisions you have made based on it, and starts discerning patterns in your customers’ (as well as fraudsters’) actions and setups.
SEON’s engine generates transparent and whitebox machine learning suggestions, which means that it will fully explain what this rule would do and the logic behind it, allowing you to make better informed choices, and possibly amend it before it goes live.
For those who prefer an optimized set-and-forget approach that still makes use of the power of machine learning, there is also the option to automatically enable machine learning rule suggestions that are over a certain confidence threshold – or even all of them.
From fintech to iGaming, BNPLs to online lending and travel, SEON’s team has spotted fraud trends and patterns that are more closely linked with certain industries. Some are more obvious, such as bonus abuse and multi accounting in iGaming, and others less so, like OTP interception for banking account takeovers.
We’ve used our decades’ worth of accumulated industry insight to create rulesets that can serve as industry presets, and can be added to a customer’s risk scoring engine at their request. This means that they can enjoy a set of easy-to-use custom rules that are targeting their particular industry’s pain points even more effectively.
Meanwhile, a separate blackbox machine learning module works behind the scenes to calculate how probable it is that a given transaction is fraudulent, independently of the risk scoring we examined above.
In addition to the whitebox machine learning module we discussed above, SEON’s platform leverages the power of blackbox ML fraud prevention to identify new patterns and unexpected instances of fraud, complementing the fraud score your other rules have defined.
If they choose to use this, customers will be able to see and action two risk scores for each transaction:
Blackbox scoring can be activated from the Settings tab. Once it has, it will also start giving you a separate blackbox risk score for each customer action.
Fraud analysts can take this into account when doing manual review, but you can also use blackbox score results themselves in rules. For example, you can define a custom rule that sends to manual review all blackbox risk scores that are higher than 30.
The fraud scoring we’ve looked at above uses hundreds of data points from SEON’s robust data enrichment and device fingerprinting modules
Here is a clear example of how much extra information you can glean thanks to data enrichment software solutions, and how this helps improve the precision of risk scores:
As you can imagine, avoiding steps 3 and 4 is possible, but it could skew the fraud scoring, and reduce its precision in flagging a fraudulent customer.
Whether you are an experienced fraud manager or not, we hope this primer on fraud scoring has allowed you to get a better idea of how and why they work.
More importantly, we hope you can see how important it is to truly understand which rules affect the values. This is only possible if your fraud prevention system is a whitebox one, designed to offer transparency into its data enrichment and rule-creation processes.
This is exactly the philosophy behind the SEON platform, a powerful end-to-end solution that gives you complete control over the rules that affect your users’ fraud scores.
SEON is a powerful end-to-end solution that gives you complete control over the rules that affect your users’ fraud scores, with two types of machine learning tech.
Ask an Expert
Fraud scores are calculated by feeding user data through risk rules. The total score should fall within a range that lets you know whether you should accept, decline, or review the action.
It depends. Generally, longer rules weigh down the system more than more rules. In other words, longer rules that involve more parameters will have a greater impact on performance than shorter rules. Sometimes, an easy solution to this is to break them up into shorter, simpler rules. Made up of fraud managers and analysts exclusively, SEON’s Customer Success team can help you identify any such rules and optimize them to speed up your operations.
Fraud scoring can give out results with extremely high accuracy. However, the quality of the results depends on the kind of rules in place, how up to date they are, and even what kind of industry you are in.
Further reading:
Learn more about:
Browser Fingerprinting | Device Fingerprinting | Fraud Detection API | Fraud Detection with Machine Learning & AI
Showing all with `` tag
Click here
Bence Jendruszák is the Chief Operating Officer and co-founder of SEON. Thanks to his leadership, the company received the biggest Series A in Hungarian history in 2021. Bence is passionate about cybersecurity and its overlap with business success. You can find him leading webinars with industry leaders on topics such as iGaming fraud, identity proofing or machine learning (when he’s not brewing questionable coffee for his colleagues).
The top stories of the month delivered straight to your inbox