Fraud Detection
Prerequisites
Before building detection, understand:
- Fraud types you're protecting against
- Risk appetite and tolerance thresholds
- Fraud metrics to measure success
TL;DR
- Signals = Data points indicating risk (device, velocity, behavior, identity)
- Rules = Fast, explainable, good for known patterns
- ML models = Find new patterns, but need training data
- Stack by stage: Starter (rules + AVS) → Intermediate (+ device ID + ML) → Advanced (+ behavioral)
- Detection is layered - no single tool catches everything
How to identify fraud across the customer lifecycle.
How Detection Works
| Component | Purpose | Example |
|---|---|---|
| Signals | Raw data points | Device ID, IP, velocity, AVS result |
| Rules | Known-pattern matching | "Block if >5 cards in 1 hour" |
| ML Models | Pattern discovery | Anomaly score from transaction features |
| Review | Human judgment | Edge cases, high-value orders |
Core Topics
Evidence Framework
The Tier 1/Tier 2 indicator system for classifying fraud signals:
- Tier 1: High confidence, standalone indicators
- Tier 2: Supporting evidence, combine for confidence
Rules vs. ML
Choosing the right approach:
- When rules work best
- When ML excels
- Hybrid approaches
Detection Methods
| Method | Coverage | Use Case |
|---|---|---|
| Velocity Rules | Transaction patterns | Real-time decisioning |
| Device Fingerprinting | Device/browser attributes | Account-level linking |
| Behavioral Analytics | User behavior patterns | ATO, bot detection |
| Identity Verification | Identity confirmation | Application, step-up |
| Manual Review | Complex/edge cases | High-value decisions |
Building Your Detection Stack
Starter Stack
- Basic velocity rules
- AVS/CVV verification
- Simple device ID
- Manual review queue
Intermediate Stack
- Advanced velocity rules
- Device fingerprinting service
- Email/phone intelligence
- ML scoring (vendor or custom)
- Case management system
Advanced Stack
- Real-time ML models
- Behavioral biometrics
- Network analysis
- Custom feature engineering
- Automated decision engine
When to Escalate
See the Evidence Framework for Tier 1/Tier 2 indicators and escalation guidance.
Popular in This Section
- Evidence Framework - Tier 1/Tier 2 indicator system
- Velocity Rules - Real-time transaction limits
- Device Fingerprinting - Identifying devices across sessions
- Manual Review - When humans beat algorithms
Related Topics
- Fraud Types - Know what you're detecting
- Prevention Strategies - Stop fraud before it happens
- Fraud Metrics - Measure detection effectiveness
- Risk Appetite - Tolerance thresholds
- Fraud Economics - Cost of fraud decisions
- Processor Rules Configuration - Native fraud tools
- Fraud Vendor Landscape - Third-party tools
- Chargeback Alerts - Deflection before dispute
- Compelling Evidence - Evidence for representment
- Network Programs - Monitoring thresholds
- Benchmarks - Industry comparisons
- 3D Secure - Authentication layer