November 14, 2017
ThreatMetrix Smart Rules are advanced behavioral analytics rules which enable better understanding of legitimate user behavior and more accurate detection of genuine fraud.
As digital transactions continue to proliferate, the way that users interact online has become incredibly diverse. People travel across geographies, sometimes on a range of different devices defining an online footprint that is multifarious and unique to them. Blocking online activity, or subjecting consumers to interventions based on a static set of pre-defined rules, creates unnecessary friction at best and at worst, defection to a competitor.
ThreatMetrix Smart Rules help businesses understand genuine user behavior, in all its rich diversity, while accurately detecting potential fraud and reducing false positives. Smart Rules leverage dynamic global intelligence from the ThreatMetrix Digital Identity Network which collects and processes millions of daily consumer interactions including logins, payments, and new account applications, building a unique digital identity for each user.
The Smart Rules Advantage
Configuring of dynamic thresholds, calculated based on the context of the transaction. Businesses can compare current events with historical information specific to the user, resulting in genuine fraud detection.
Analysis of consumer behavior at different levels of granularity. Smart Rules can be defined at a user level or at an entity level like IP address or device, for more accurate fraud detection.
Can be defined in a hierarchical manner by combining different sets of rules; either using all Smart Rules or a combination of Smart Rules and static business rules.
|Static Rule||ThreatMetrix Smart Rule||Business Benefit|
|Customer travelled more than X miles a day||Compare today’s distance against average distance traveled per week in last 6 weeks|
Reduced friction for users who travel regularly
Operational efficiency with reduced false positives/manual reviews
|Money transfer needs additional approval for amount greater than X||Money transfer needs additional approval for amount greater than twice maximum amount in last 90 days (up to value of X)|
Reduced friction for high spenders
Reduced manual reviews/false positives
|Flag events using Remote Access software for the first time||Compare today’s event with user’s history for last 30 days for Remote Access software||Reduced false positives for users who use Remote Access software legitimately|
Smart Rules Success in Practice
To better detect genuinely fraudulent account logins
Transforming static business rules into Smart Rules related to user behavior to reduce false positive and better detect missed fraud. For example:
- Existing customer using a new device where current location of new device is different to previous behavior
- Unusual number of devices accessing a customer account
- Unusually high volume of customer logins per device in comparison to previous behavior
- Time spent on website pages by comparing time spent today vs average time spent in last few days to check for fraud associated with social engineering
- Replacing a static ‘multiple device’ rule, with a Smart Rule equivalent reduced false positives by 90 percent while detecting five times more fraud
- A single Smart Rule identified tens of thousands of pounds of missed fraud in a two-week period
Online Payments Provider
To better detect fraudsters using stolen credit cards
Setting a benchmark of legitimate customer behavior using dynamic data from the ThreatMetrix Digital Identity Network, this
- provider used Smart Rules to better identify behavior that deviated from these trusted patterns of individual users. For example:
- New devices used online, linked to unusual velocities of point-of-sale transactions
- Incorporating dynamic thresholds that can be adjusted as fraudulent/anomalous behavior evolves
- Reduced false positives by 15 percent
- Reduced customer friction, with over 80 percent of users rated as trusted
- Significant reduction in fraud-to-sales ratio