Velocity Detection

If fraudsters were content to place a single order and then leave the targeted merchant alone, they would be less of a nuisance but much harder to detect. Looking at patterns of how different transactions are related in time can help highlight which orders are riskier.

Basic Velocity Check: How Much Money Has This Customer Spent in the Last Day?

The simplest pattern to look for is essentially, “How much activity has User X had lately?” Combinations of signals may point broadly to common fraud patterns. For example, conducting three or more transactions in the space of an hour might, for a given business, be something that most fraudsters do but legitimate customers rarely do. Dollars spent, rather than a count of orders placed, can be used as well.

Potentially Fraudulent Behavior

You may want to track activity by something other than account, as well. Merchants can track how many transactions have come from a single device in a day, for example, or how many orders have been placed with a particular shipping address.

Advanced Velocity Check: How Many Accounts Have Been Seen on This IP Address in the Last 30 days?

It is somewhat more technically tricky to track, but another strong signal is “How many unique instances of X have been seen that have Y in common in period of time Z?” One example of this might be how many unique accounts have placed orders sharing a single IP address in the last 30 days. There are a few ways to do this programmatically on the front end, and many fraud services do it by default. Again, the key is to find which signals are most closely tied to fraud.

If you can, experiment with different measures of velocity and measure which most clearly differentiate good orders from bad. Some starting points for things to count (and to count by) are:

  • User ID / Email
  • Device Signature
  • IP Address
  • Browser Cookie
  • Shipping Address
  • Payment Method

In general, anything that you would be surprised to find that two users share is a good velocity to look into! If you have a loyalty program, for instance, you might get a useful signal out of how many different billing zip codes have been seen sharing a loyalty number in the past month.