Score helps to protect you from the financial, reputational, and integrity damage caused by fraudulent users of your platform. We refer to your account holders, sub-merchants, or sellers as the users of your platform.
User fraud can take many different forms, and it can be hard to recognize. Score helps you detect fraudulent activity and patterns, such as collusion, stolen cards, fraud rings, account takeover, identity fraud, and fake storefronts. We use machine learning, data analysis technology, and global transaction data to help you identify fraudulent behavior, stop suspicious payouts, and flag unusual user activities.
Score is enabled for your platform by default if you integrated Adyen for Platforms after October 2024. If you do not have Score yet, contact your Adyen account manager.
How it works
Score analyzes verification data and transactions to highlight unusual behavior that indicates potential malicious or fraudulent activity. If this data or a transaction breaches a risk rule, we flag the user and the activity with a risk signal that indicates the potential risk or inconsistency.
In your Customer Area, you can see which risk rules triggered based on detected risk signals, review the case, and take action. Even when a risk signal is detected, Adyen does not disable payouts or processing. You are responsible for managing user risk by reviewing the cases and deciding which action to take, or setting up automated actions. For example, you can automatically block payouts to protect your liability when a risk signal triggers.
The actions you can take include:
- Disable payouts
- Suspend accounts
- Enforce stricter KYC checks
Score also helps you identify and investigate connected accounts and potential fraud rings by looking at linked accounts.
Risk rules, signals, and scores
When we detect anomalous behavior, for example, when a risk rule is breached or suspicious behavior is picked up by the machine learning models, we alert you by flagging your users with a risk signal.
A risk signal indicates a potential risk. For example, a risk rule can trigger and flag the user when their email address or phone number is on a high risk list. Or a user can be flagged with a risk signal that indicates possible collusion if they make an unusually high number of transactions. Risk signals also flag inconsistencies like the user's billing address being in a different country or region than the user's bank account.
You can use the default risk rules and signals defined by Adyen, or you can add your own.
| Category | Type | Description | Example risk signal |
|---|---|---|---|
| KYC rules | Adyen default | Rules trigger when we detect risk signals related to KYC information. KYC data is updated and evaluated in real time. | The account holder has the same bank account as another account holder. |
| Transactional rules | Adyen default | Rules trigger when we detect risk signals related to transactions. Transaction signals are updated on a daily basis. | There is an unusual number of refusals where issuers indicated fraud. |
| High risk list rules | Custom | Rules trigger based on risk signals from items on high risk lists. You can add KYC values from confirmed fraudulent account holders to a high risk list, so you will receive a risk signal if they come back to your platform. High risk list signals are evaluated in real time. | A user is flagged with a risk signal because they have a bank account number that is on the high risk list. |
| Custom risk rules | Custom | Rules trigger based on the conditions and parameters that you define. You can combine conditions and parameters, and define what actions to take when the rule triggers. Custom risk signals are evaluated in real time. | A user is flagged with a risk signal because they meet all the conditions specified in your custom risk rule. |
We calculate a numerical risk score for each user in your platform that represents their risk level. The value ranges from 0 to 100, with 100 being the highest possible risk score. While a risk score of 100 does not mean that malicious or fraudulent behavior is confirmed, it does signify there is a high possibility of fraud. No automatic actions are taken as a result of reaching a score of 100.
We calculate risk scores based on risk signals. Each risk signal has a weight that signifies the severity of the impact if the scenario occurred. Because of this, some risk signals contribute more to the risk score than others. An example of a risk signal that strongly increases the risk score is a user having the same bank account as a previously suspended user. You can change the weight of a risk signal or add your own signals to influence the risk score.
Linked accounts
Score analyzes the KYC data of all the users in your platform to detect who shares data, such as two users with the same name. We link these accounts and group them together into an identity. Risk signals raised for a user are automatically applied to the whole group, giving the same risk score to all users.
Take the following scenario as an example:
- User A has bank account ABZ003. Their risk score is 20.
- User B signs up to your platform. Their bank account number is also ABZ003.
- We detect the shared data and links the two users, creating Group_1.
- We set the risk score of User B to 100. The whole group gets a risk score of 100.
- Because User A is part of Group_1, their risk score also increases to 100.