Risk scoring

Rebilly offers fully customizable risk scoring using the rules engine. Build rules to add or detract points from the risk score of the transaction, and take some action based on the risk score. Most commonly, you will want to add the customer and/or payment instrument to a blocklist to stop the transaction.

risk analysis

Building a risk score

Use the transaction process requested event to program rules to evaluate the transaction and the `ad../../concepts-and-features/concept/action-types.mdaction](action-types.md) to change the risk score.

Consistency checks

Use the risk metadata mismatched items to filter for inconsistent information. Merchants commonly check for consistent:

  • Bank country
  • Billing country
  • Time zone
  • Cardholder name and name in primary address

mismatched risk score

VPN, proxy, and TOR usage check

Use the transaction risk metadata to search for VPN, proxy, or TOR usage.

VPN, Proxy, or TOR check

Distance check

If you sell a physical product, use the risk metadata to check the distance between the shipping address and the billing address.

distance check

Velocity checks

Velocity refers to the number of transactions in the last 24 hours. Use the risk metadata to perform the following velocity checks:

  • Velocity - the number of transactions made by a customer for a single merchant.
  • Payment instrument velocity - the number of transactions made with a payment instrument (PAN fingerprint for payment cards or bank account fingerprint for bank transfers) across all Rebilly merchants.
  • Device velocity - the number of transactions made from a device (using device fingerprint) across all Rebilly merchants.

Use the conditions to filter for transactions with a velocity higher than X. For example, I'll use a velocity higher than 5.

velocity check

Blocking risky transactions

Once you've programmed your checks, use the risk score changed event and the blocklist action to stop the transaction. You may blocklist any or all of the following:

  • Customer ID
  • Email
  • Fingerprint
  • IP address
  • Payment card

The block may be temporary or permanent.

blocklist action