Skip to main content

Scoring

The Scoring system is a critical part of the fraud detection process, used to assess the likelihood that a given behavior is fraudulent based on the evaluation of various signals, including the user’s IP address and email address. Each behavioral event is scored against a set of predefined rules, which can either increase or decrease the fraud risk based on specific behaviors detected during the event.

How Scoring Works

The scoring system evaluates various parameters of a user’s request—such as the email, IP address, and other behavioral traits—and generates a fraud score ranging from 0 to 100. A score closer to 0 indicates a low likelihood of fraud, whereas a score closer to 100 indicates a high likelihood of fraudulent activity.

Each request undergoes an evaluation based on a set of rules. For example, if a user attempts to sign up using a disposable email address, the system will apply a rule that increases the fraud risk score significantly. This could result in a DECLINE outcome.

Example: Disposable Email Address

In this example, a user attempts to sign up using a disposable email address, which is often associated with fraudulent behavior. The score is calculated based on this behavior, leading to a high risk of fraud.

{
  "data": {
    "email": {
      "value": "[email protected]",
      "domain": "disposable.com",
      "valid": true,
      "threat_signal": {
        "is_reserved_ip": false,
        "is_web_crawler": false,
        "is_tor_exit_node": false,
        "is_proxy_server": false,
        "is_abusive_ip": false,
        "asn_malicious_ip_ratio": "Very Low",
        "is_disposable": true,
        "is_deliverable": true,
        "is_role_account": false
      }
    },
    "score": {
      "fraud_score": 95,
      "state": "DECLINE",
      "details": [
        {
          "rule_name": "Email address is disposable",
          "rule_type": "BEHAVIOUR"
        }
      ]
    }
  },
  "success": true,
  "time": "2024-11-16T18:51:17.008345663Z"
}

Explanation of Fields

  • fraud_score: This is the key indicator of the likelihood that a request is fraudulent. It ranges from 0 (low risk) to 100 (high risk). In the example above, a fraud score of 95 is generated, signaling a very high probability of fraud.

  • state: This field indicates the action to be taken based on the fraud score. A state of DECLINE means the request is considered fraudulent and should be blocked. The APPROVE state indicates the request is deemed legitimate.

  • details: This section provides information about the rule or behavior that triggered the fraud score. In the example, the rule “Email address is disposable” was triggered, increasing the fraud score. This helps to identify the exact behavior leading to the decision.

Customizing Rules

The rules used to calculate the fraud score are customizable, allowing you to adjust them according to your organization’s needs. You can define rules based on specific behaviors such as:

  • Using disposable or temporary email addresses.
  • Using IP addresses from high-risk regions or known proxies.
  • Accessing your system through VPNs or Tor networks.

These rules can either increase or decrease the fraud risk, depending on their relevance to your business requirements.

How to Interpret the Fraud Score

The fraud score helps determine the action to take on a particular request. The score is assessed alongside the state to guide whether a request should be approved, reviewed further, or declined.

  • State: APPROVE (Score of 0–20): Low risk, highly likely to be legitimate. No further action required.
  • State: REVIEW (Score of 20–40): Moderate risk, suggests additional verification or manual review is needed.
  • State: DECLINE (Score of 50–100): High to very high risk, fraudulent behavior is very likely. The request should be declined.

Key Takeaways

  • The fraud score is the result of applying rules to detected behaviors during an event.
  • Higher fraud scores indicate higher likelihoods of fraud, with lower scores suggesting more trustworthy behavior.
  • Rules such as using disposable email addresses, suspicious IP addresses, or VPN usage can contribute significantly to the fraud score.
  • State (APPROVE/DECLINE) determines the action that should be taken based on the fraud score.

Next Steps

  • Learn how to configure whitelist and blacklist to fine-tune your fraud detection.
  • Set up custom rules to further tailor the fraud detection process to your specific needs.