Risk scoring
Rebilly offers fully customizable risk scoring using the rules engine. Build rules to add or detract points from the risk score of the transaction, and take some action based on the risk score. Most commonly, you will want to add the customer and payment instrument to a blocklist to stop the transaction.
Building a risk score
Use the Transaction process requested [event] to program rules to evaluate the transaction and the Add risk score action to change the risk score.
Consistency checks
Use the risk metadata mismatched
items to filter for inconsistent information. Merchants commonly check for consistent:
- Bank country
- Billing country
- Time zone
- Cardholder name and name in primary address
VPN, proxy, and TOR usage check
Use the transaction risk metadata to search for VPN, proxy, or TOR usage.
Distance check
If you sell a physical product, use the risk metadata to check the distance between the shipping address and the billing address.
Velocity checks
Velocity refers to the number of transactions in the last 24 hours. Use the risk metadata to perform the following velocity checks:
- Velocity - the number of transactions made by a customer for a single merchant.
- Payment instrument velocity - the number of transactions made with the same payment instrument (PAN fingerprint for payment cards or bank account fingerprint for bank transfers) across all Rebilly merchants.
- Device velocity - the number of transactions made from the same device (using device fingerprint) across all Rebilly merchants.
- Billing address velocity - the number of transactions made with the same billing address across all Rebilly merchants.
- Email velocity - the number of transactions made with the same email address across all Rebilly merchants.
- IP velocity - the number of transactions made with the same IP address across all Rebilly merchants.
Use the conditions to filter for transactions with a velocity higher than X. For example, I'll use a velocity higher than 5.
Blocking risky transactions
Once you've programmed your checks, use the risk score changed
event and the blocklist
action to stop the transaction. You may blocklist any or all of the following:
- Customer ID
- Fingerprint
- IP address
- Payment card
The block may be temporary or permanent.