The riskScore, returned by the minFraud service, represents the likelihood that a given transaction is fraudulent. Online businesses use the riskScore to determine whether to accept, reject, or manually review online transactions.

The riskScore is given as a percentage, and as such it ranges from 0.01 to 99. For example, a transaction with a riskScore of 20.00 has a 20% chance of being fraudulent, while a transaction with a riskScore of 0.10 has a 0.1% chance of being fraudulent.

How is the riskScore determined?
How should I use the riskScore?
Why did I get a high riskScore for this transaction?
What is the difference between the riskScore and the IP Risk Score?
What is device tracking and how does it affect the riskScore?

How is the riskScore determined?

The riskScore is built  using a combination of machine learning models and human review of network-wide fraud patterns. 

Some of the features that go into the riskScore are:

  • Reputation of IP addresses, email addresses, shipping addresses, phone numbers and devices
  • Velocity analysis specific to your business and across the minFraud network
  • IP address analysis including proxy detection and geolocation checks
  • Fraud/not fraud reports

How should I use the riskScore?

The riskScore is a signal as to whether an online transaction is risky for your business. Determining the thresholds you set for different actions requires fine tuning over time. We recommend first considering the cost of fraud and potentially lost goods or services, the cost of manual review, and the cost of rejecting good transactions. The risk strategy relevant to your business may mean more or less tolerance for risk as you begin using the riskScore.  

One possible strategy is to at first only automatically accept transactions under a low riskScore (e.g., 5.00), only automatically reject orders above a high riskScore (e.g., 50.00), and manually review all other transactions. After monitoring the riskScores received for the manually reviewed transactions, you can adjust the thresholds appropriately to reduce the amount of manual review required.

Below is the distribution of riskScores returned by the minFraud service across all users. You can use this data to estimate the number of transactions that will be approved, rejected, or held back for review given the thresholds you set. Please note that the distribution of riskScores you observe may differ depending on the risk profile of your business.

riskScore rangePercent of orders in range
0.10 – 0.4970%
0.50 – 0.9913%
1.00 – 1.997%
2.00 – 4.994%
5.00 – 9.992%
10.00 – 49.992%
50.00 – 99.992%

Why did I get a high riskScore for this transaction?

Our machine learning models and/or fraud pattern heuristics found some combination of inputs you’ve sent us to be high risk. The signal may be coming from the minFraud network at large, or something specific to the transactions you’ve been sending through your account.

If you are a minFraud Insights user, some of the outputs we return in the response may signal what is elevating the riskScore (e.g. use of a risky anonymizing IP, large distances between IP/billing/shipping addresses, etc.). In other cases the reason for a high riskScore may not be apparent from the outputs alone (e.g. high velocity of transactions tied to a user identifier across the minFraud network).

The minFraud Factors service provides subscores that form the components of the riskScore. These subscores provide a summary, in most cases, of what is elevating the riskScore. Reviewing the subscores can be helpful in understanding a riskScore and can help you fine-tune your approach. 

What is the difference between the riskScore and the IP Risk Score?

The riskScore is the overall score for the transaction, which is based on all of the inputs passed for the request. In general, the more inputs you can pass to minFraud, the more accurately we can calculate the riskScore.

The IP Risk Score is a separate score (included in the riskScore calculation) that indicates the risk associated specifically with the IP address input only.

minFraud Insights and Factors customers can get context about the reason for a high IP Risk Score using the IP risk_reasons output. More information about this output and the risk codes that may be returned can be found on our developer’s site.

What is device tracking and how does it affect the riskScore?

The device tracking add-on for the minFraud service identifies devices as they move across networks and enhances the ability of the minFraud service to detect fraud. If a fraudster changes proxies while they are browsing your website or between visits to your website, you will observe an increased riskScore and IP Risk Score in the minFraud response associated with their transaction.

Implementing device tracking requires only that you use some JavaScript code in your site at no extra cost, which passes information about your clients’ devices (laptops, tablets, etc.) to the minFraud service for use in detecting fraud.

You may also be interested in reading: How can I make sure the minFraud Service is as effective as possible for me?