What is the riskScore?

The riskScore, returned by the minFraud service, represents the likelihood that a given transaction is fraudulent. Merchants use the riskScore to determine whether to accept, reject, manually review, or submit transactions to complementary services for further screening.The riskScore is given as a percentage, and as such it ranges from 0.01 to 99. For example, an order with a riskScore of 20.00 has a 20% chance of being fraudulent, while an order with a riskScore of 0.10 has a 0.1% chance of being fraudulent.

How is the riskScore determined?
The riskScore is based on a statistical analysis of the following:

Reputations and real-time monitoring of

  • IP addresses
  • Devices
  • Email addresses
  • Geolocation checks
  • Proxy detection
  • Bank Identification Number checks
  • The minFraud Network

At what riskScore values should I accept, reject, or manually review transactions?
There is no single recommended set of riskScore values to use for deciding whether to accept, reject, manually review, or submit transactions to complementary services for analysis. In determining what thresholds to set, you should consider the costs of chargebacks and lost goods, the cost of manual review, the cost of complementary services, and the cost of potentially rejecting good orders.

A recommended strategy is to at first only automatically accept orders under a low riskScore (e.g., 3.00), only automatically reject orders above a high riskScore (e.g., 70.00), and manually review all other transactions. After monitoring the riskScores received for the manually reviewed transactions, you can adjust the thresholds appropriately to reduce the amount of manual review required.

Below is the distribution of riskScores returned by the minFraud service across all users. You can use this data to estimate the number of orders that will be approved, rejected, or held back for review given the thresholds you set. Please note that the distribution of riskScores you observe may differ.

Approximate distribution of riskScores across all minFraud clients
riskScore range Percent of orders in range
0.10 – 4.99 90%
5.00 – 9.99 5%
10.00 – 29.99 3%
30.00 – 99 2%

What is device tracking and how does it affect the riskScore?
The device tracking add-on for the minFraud service identifies devices as they move across networks and enhances the ability of the minFraud service to detect fraud. If a fraudster changes proxies while they are browsing your website or between visits to your website, you will observe an increased proxyScore and riskScore in the minFraud output associated with their transactions.

Implementing device tracking requires only that you use some JavaScript code in your site, which passes information about your clients’ devices (laptops, tablets, etc.) to the minFraud service for use in detecting fraud.

How do the score and explanation parameters relate to the riskScore?
minFraud Legacy versions 1.2 and earlier return score and explanation fields. The score is based on a simple, static formula and the explanation provides a narrative explanation of it. The score is now deprecated. (The score and explanation fields are no longer supported.)

Neither the score nor the explanation is related to the riskScore. We strongly recommend clients use the riskScore and ignore the score and explanation when determining whether to accept, reject, or manually review transactions.