A Guide to Fraud Scores & Scoring Models
What is a fraud score?
A fraud score acts as a quick indicator of fraud. It’s a high-level interpretation of the level of risk associated with a particular order and helps merchants make a decision on whether to approve, decline, or further review the order. Fraud scores come from scoring models that identify traits and historical trends associated with suspicious behavior and past fraudulent orders to detect risk. Fraud scores can be applied to any industry that generates online transactions and is seeking a way to easily assess fraud concerns. Since fraud scores are indicators, they are not decisive. Instead, fraud scores can provide a recommendation on an order decision, but the merchant usually defines at what threshold to approve, decline, or review.
Which factors go into determining a fraud score?
As stated above, fraud scores are the output of a scoring model. The scoring model incorporates several variables that together can assess the riskiness of an online transaction. Many of these factors are based on personal identification, common fraud red flags, and evolving fraud trends. Here is a list of some of the most common factors that go into determining a fraud score:
- Billing & Shipping Match: While fairly simple, orders where the billing and shipping addresses match are generally classified as safer than ones that don’t.
- BIN Match: Most cardholders have a billing address in the same country as their credit card’s issuing bank, so it’s a good indicator if the BIN and billing country match.
- IP & Billing Distance: Typically the greater the distance between the IP and billing addresses of the cardholder, the higher the risk of fraud.
- Proxy Detection: The use of open or anonymous proxies is a red flag for fraud. Fraudsters are more likely to use proxies to hide their true locations or to bypass geolocation fraud detection tools.
- Email Age: The longer established an email address is, the more credible the transaction. An email address that’s been in use for 7 years is usually more legit than one that was created 3 days ago.
Why use a scoring model?
Merchants opt for scoring models because they give them full control over order decisions. Having this autonomy means that merchants are liable if the decision eventually results in a chargeback. Other fraud management models provide chargeback guarantees because they make an automatic decision, but a fraud score is just an indicator of fraud, and so it’s left up to the merchant to approve, decline, or review further. Since scoring models are not decision makers and don’t provide guarantees, they tend to be cheaper on a per-transaction basis than other fraud management solutions.
- Gives merchants full control over order decisions
- Relatively cheaper per transaction than other fraud management solutions
- Requires a manual review team to dig deeper into borderline orders
- Difficult to establish a threshold for approving vs. declining orders
On the other hand, all that control can lead to some headaches for merchants. Scoring models only provide a recommendation, which means that merchants will need an internal manual review team to evaluate ‘grey area’ transactions. Managing a large internal review team in addition to paying fees to receive a fraud score per transaction is costly and unscalable. In addition, determining the right threshold for declining an order is tricky. If you decide that every transaction with a score lower than 12 will be declined, what should you do with a transaction that receives a 12.14? As a result, thresholds are constantly being adjusted to compensate for new fraud trends and consumer behaviors.
The other major concern is that scoring model incentives are misaligned with merchants. The scoring model provider will receive revenue per processed transaction regardless of how many orders are declined or approved. In the end, the merchant pays the consequences for high chargeback rates and/or sub-optimal approval rates. Fraud scores may seem like silver bullets, but be careful before basing an entire fraud management strategy around them.