The ThreatMetrix approach to Machine Learning integrates dynamic Digital Identity Intelligence with advanced behavioral analytics (ThreatMetrix Smart Rules) to produce optimized models.

A Clear-Box Approach to Machine Learning for Optimized Fraud Prevention and Reduced False Positives

The digital landscape continues to morph and evolve, with diverse and unpredictable user behavior, faster payments, real-time decisioning and ever more complex fraud patterns. Businesses need a robust fraud and security strategy that helps them adapt to this changing digital environment; offering a frictionless experience for genuine customers.

Machine Learning from ThreatMetrix helps businesses combine real-time actionable data from the Digital Identity Network with an organization’s truth data (feedback data including parameters such as event type (login or payment for example), event tag etc.).

Leveraging this combined intelligence, a model is auto-generated which is capable of constantly adapting itself automatically over time to ensure consistent performance.

ThreatMetrix Machine Learning Differentiators

Traditional Machine Learning
ThreatMetrix Smart Learning
Hides details associated with decisioning
Employs a ‘clear-box’ approach, transparently showing businesses why a specific decision was taken by the auto-generated model

Difficult to Operationalize
Flexibility of defining the operational targets such as Challenge Rate, Maximum Review Rate

Tends to degrade faster resulting in reduced accuracy and more customer friction
Seamless integration with Business Rules and Smart Rules helps businesses to easily incorporate the model. This results in quick adaption to changing behavior identified by the Smart Learning Model

The Smart Learning Advantage

  • Machine Learning from ThreatMetrix employs an iterative approach to adapt to changing customer behaviors over time.
  • Businesses can choose to ‘selectively’ incorporate rules generated via a Smart Learning model to augment their existing policy.
  • Other machine learning offerings require additional operational effort cleaning data coming in from disparate sources before it can be consumed by the machine learning platform. Since ThreatMetrix Smart Learning consumes data coming in from the ThreatMetrix policy engine, the data is already cleansed and normalized, saving time and money.
  • Smart Learning provides a summary report comparing challenge rate/catch rate, highlighting the enhanced results from the Smart Learning model over the current policy.
  • Smart Learning models work in dual mode – Silent and Active:
    • When in Silent mode, the policy is executed giving out response variables but it doesn’t affect the currently active policy. Customers can monitor results associated with a Smart Learning model and can incorporate into decisioning as required.
    • When in Active mode, decisioning is based on the model generated via Smart Learning.
  • The model generated via Smart Learning looks exactly like the pre-existing ThreatMetrix policies, resulting in the same user experience but enhanced fraud detection.

Smart Learning Success Stories

A Large Online Marketplace

To better detect genuinely fraudulent account logins


Introduced auto-generated combination of Business Rules and Smart Rules by analyzing changing user behavior patterns using ThreatMetrix Smart Learning capabilities. The following patterns were identified and restricted:

  • Cooking wiping detected with multiple logins; Smart Learning could tie these events back to the same device
  • Mismatch between the time zone and IP address pattern associated with a geography for a device at login
  • High velocity account logins detected for some accounts in comparison with their previous behavior seen in The Digital Identity Network
  • Fraudulent buying activities were restricted within a short timespan by introducing additional set of rules that automatically identified changes in user behavior
  • With this new rule set introduced, this online marketplace was able to capture double the level of fraud with fewer false positives, compared to their existing policy
arge Online Marketplace

A Large Online Retailer

Restrict fraud in new account registration and payments


The following fraud patterns were identified and restricted by introduing a Smart Learning model

  • Devices identified having ExactID or IP address blacklisted in The Digital Identity Network
  • Transaction amount exceeding a dynamic threshold considering context of the transaction
  • VPN, TOR detection for payment events
  • Multiple accounts linked to a same phone number attempting transactions
  • With this Smart Learning implementation, this retailer saw an improvement in fraud capture by 20% , 33% and 34% for review rates of 2.7%, 4.8% and 7.4% respectively

Large Online Retailer

A Large Financial Services Organization

Restrict fraudulent new account openings and credit card applications


Reduced fraud in new account opening and credit card applications by tuning the policy with autogenerated rules using Smart Learning. The following patterns were identified and restricted:

  • Identification of multiple account registrations from the same device
  • Account registrations attempted with different IP address and email combination using the same phone number
  • With Smart Learning, this financial services organization saw a 22% improvement in fraud detection compared to the existing policy, with no increase in false positives

Large Financial Services Organization

Request a Demo or Meeting

Start Today
close btn