Velocity Rules to Identify Online Card Fraud: A More Flexible Way to Leverage Historical User Behavior as a Risk Indicator
July 30, 2020
Dating back a couple of decades when ecommerce started, one of the first tools to identify online card fraud were velocity rules. Velocity rules measured the number of transactions that were performed by a particular credit card in a (short) period of time. For example, it is unusual, if not impossible, for an individual to perform 10 real transactions in a minute. In the world of fraud prevention, certainly, something to worry about.
Velocity rules are ubiquitous in online fraud prevention. Every fraud prevention system, no matter how simple, has a version of velocity rules. Even modern machine learning models, applied to fraud prevention and risk detection, are informed by velocity features.
Spoiler alert! What velocity is really trying to assess is behavior. But, you probably knew that already.
As time has progressed and the ability to track user behavior has become the basis for all ecommerce marketing, fraud prevention techniques have advanced as well. Now, multiple parameters from historical behaviors are being used like purchase patterns, seasonality, amount history, geolocation, time of day, etc.
The Acuant platform offers multiple ways of using the history of an identity to inform the risk assessment process:
1. Reputation. A very accurate measure of the likelihood of risk of a given identity. An identity that is identified as Trusted (the highest level of reputation) in the system, is later associated with fraud/risk only 0.03% of the time. To put this into perspective this represents 0.002% of the amount of losses associated with chargebacks. The reputation in the Acuant platform is the result of heuristics, deterministic and statistical models. These models are informed by the history of the transactions and the results of the evaluation of those transactions within the Acuant ecosystem. There are three additional levels of reputation: Suspicious, Bad, and Unknown. While Suspicious and Bad have similar accuracy measures, Unknown is when there is not enough behavior in the system to calculate an accurate reputation score.
2. Graph Score. The graph score is a measure of the identity risk based on the complexity of the attributes that make their identity as they are correlated to many other attributes and other identities. This score is the result of supervised machine learning algorithms. A high score is usually a good indicator, while a low score is considered risky. You can learn more about our graph score here and by watching our Graph Intelligence Demo:
3. Security Tests. The security tests are factual risk factors. We have over 40 security tests that calculate whether a transaction has passed the limits of established thresholds for, say, velocity. We have tests that can measure either the number of transactions or the aggregated amount associated with transactions performed by the same identity. Security tests in general, within the platform, are simple to configure and use.
4. ARP. The automated review policy is a mechanism within the platform to accept transactions. One of the ARP models measures users’ consistent good behavior as a way to accept transactions that, while considered risky, are associated with users in which that specific behavior is considered acceptable.
Now, as advanced as the platform is in the use of historical data, the security test infrastructure (with over 400 security tests) is a bit rigid in the sense that our development team can only add new tests to it. These are usually not hard to add, but it does require involvement from our team.
Part of the reason for this rigidity is to ensure that the platform can continue to perform in real-time. No matter how complex, all transactions are evaluated in real-time and the platform has to perform in milliseconds.
One of the real issues we face as we onboard new clients that are moving away from their fraud prevention systems is to provide tools with comparable models (e.g. rules) to the system they had in place. In a way, you (and I mean we) always have to demonstrate you can start from the same baseline, and then grow to whatever other paradigms and tools our platform offers. These may require specific evaluation of historical transactions, in specific ways. This is where the rigidity of our security tests was disadvantageous.
As a result, we introduce a more flexible way to setup velocity rules with our patented eDNA™ to use the historical transactions associated with a user.
Contact us to learn more about Acuant Compliance.