Set thresholds for risk scores
In order to leverage the minFraud web services for automation, many users take action based on certain thresholds for the risk score or scores, in conjunction with various risk data outputs. In the most basic automation, you might wish to automatically accept transactions with a relatively low risk score (e.g., 5.00 or lower), automatically reject transactions with a relatively high risk score (e.g., 50.00 and higher), and manually review all other transactions.
Continue reading to learn more about how risk scores are distributed across transactions, which may help you with setting thresholds:
- Understanding risk scores and thresholds
- Overall risk score distribution across minFraud users
- IP risk score distribution across minFraud users
Understanding risk scores and thresholds
The risk score is a signal as to whether an online transaction is risky for your business. Learn more about the overall risk score.
Determining the thresholds you set for different actions requires fine tuning over time. We recommend first considering the cost of fraud and potentially lost goods or services, the cost of manual review, and the cost of rejecting good transactions. The risk strategy relevant to your business may mean more or less tolerance for risk as you begin using the risk score.
After monitoring the risk scores received for the manually reviewed transactions, you can adjust the thresholds appropriately to reduce the amount of manual review required. Learn more about setting a disposition for transactions based on the risk score and other values.
Overall risk score distribution across minFraud users
Risk score distribution across all users will change over time, and risk score distribution varies from user to user. Ultimately, you should analyze the distribution of your own risk scores along with an analysis of fraudulent transactions and an estimate of the cost of false negatives to set your own thresholds.
Below is the chance that a risk score will be greater than or equal to given values based on a snapshot of the risk score distribution across all minFraud users. For example, the chart below shows that there's about a 20% chance that a risk score will be greater than or equal to 1.
Value | Probability |
---|---|
0.2+ | 43% |
1+ | 20% |
2+ | 14% |
5+ | 9% |
10+ | 7% |
50+ | 3% |
95+ | 1% |
IP risk score distribution across minFraud users
IP risk score distribution across all users will change over time, and IP risk score distribution varies from user to user. Ultimately, you should analyze the distribution of your own IP risk scores along with an analysis of fraudulent transactions and an estimate of the cost of false negatives to set your own thresholds.
The IP risk score is a signal about how risky the IP address associated with a transaction is in and of itself, regardless of other factors. Learn more about the IP risk score.
Below is the chance that the IP risk score will be greater than or equal to given values based on a snapshot of the IP risk score distribution across all minFraud users. For example, the chart below shows that there's about a 7.5% chance that the IP risk score will be greater than or equal to 0.5.
Value | Probability |
---|---|
0.01 | 91% |
0.5+ | 7.5% |
3+ | 6% |
12+ | 5% |
30+ | 2.5% |
50+ | 1.25% |
60+ | 1% |
Notice that the vast majority of IP risk scores (91%) are 0.01, the minimum value for a minFraud risk score. This is because most IP addresses are not risky in and of themselves.
The overall risk score is based on all transaction inputs, as well as patterns in transactions over time. Even if you are only passing the IP address as an input to minFraud, the overall risk score and the IP risk score will not be the same.
An otherwise lower risk IP address may begin to show patterns of use that are associated with higher risk, at which point the overall risk score will reflect those patterns of usage. Learn more about velocity checks, which are one of the ways that minFraud detects risky patterns of usage.
To improve overall risk scoring, you should send as much data about your transactions as possible. Learn more about the value of sending various minFraud inputs.