Skip to main content

Fraud Detection

Prerequisites

Before building detection, understand:

TL;DR
  • Signals = Data points indicating risk (device, velocity, behavior, identity)
  • Rules = Fast, explainable, good for known patterns
  • ML models = Find new patterns, but need training data
  • Stack by stage: Starter (rules + AVS) → Intermediate (+ device ID + ML) → Advanced (+ behavioral)
  • Detection is layered - no single tool catches everything

How to identify fraud across the customer lifecycle.

How Detection Works

ComponentPurposeExample
SignalsRaw data pointsDevice ID, IP, velocity, AVS result
RulesKnown-pattern matching"Block if >5 cards in 1 hour"
ML ModelsPattern discoveryAnomaly score from transaction features
ReviewHuman judgmentEdge cases, high-value orders

Core Topics

Evidence Framework

The Tier 1/Tier 2 indicator system for classifying fraud signals:

  • Tier 1: High confidence, standalone indicators
  • Tier 2: Supporting evidence, combine for confidence

Rules vs. ML

Choosing the right approach:

  • When rules work best
  • When ML excels
  • Hybrid approaches

Detection Methods

MethodCoverageUse Case
Velocity RulesTransaction patternsReal-time decisioning
Device FingerprintingDevice/browser attributesAccount-level linking
Behavioral AnalyticsUser behavior patternsATO, bot detection
Identity VerificationIdentity confirmationApplication, step-up
Manual ReviewComplex/edge casesHigh-value decisions

Building Your Detection Stack

Starter Stack

  1. Basic velocity rules
  2. AVS/CVV verification
  3. Simple device ID
  4. Manual review queue

Intermediate Stack

  1. Advanced velocity rules
  2. Device fingerprinting service
  3. Email/phone intelligence
  4. ML scoring (vendor or custom)
  5. Case management system

Advanced Stack

  1. Real-time ML models
  2. Behavioral biometrics
  3. Network analysis
  4. Custom feature engineering
  5. Automated decision engine

When to Escalate

See the Evidence Framework for Tier 1/Tier 2 indicators and escalation guidance.