Info/Context
Type: Blog post
Audience: CompanyName users and SEO-driven traffic
Purpose: A short guide that explains some of the most common user risk factors flagged by CompanyName’s fraud detection algorithm and how to interpret them.
Note: Some words and phrases are enclosed in [brackets] to represent hyperlinks to other docs not included in this sample library.
As part of our anti-fraud arsenal, ProductName scans your ecommerce orders for a variety of risk factors, including behavioral data, payment data, and location data, then returns a single comprehensive risk score. To provide you with as much information as possible, we also single out specific risk factors and list them on the [Order Review] page. Understanding these risk factors can help shed light on an order's risk level and guide your decision-making accordingly.
Keep reading to discover some of the most common risk factors we highlight in ProductName and what they mean. Just remember that although user risk factors are often associated with fraud, their presence doesn't guarantee that an order is fraudulent—you'll need to examine all of an order’s traits to better understand its overall threat level.
Location-based factors
Certain user risk factors are related to a user’s physical location. We gather this location data from the device that a customer uses to place their order, not the shipping and billing addresses on file for that order. Some of these location-based risk factors include:
Colocation: The user’s location originated from a server farm or data center, which are secured areas that are normally off-limits to humans. Although there’s a slim chance that a real human working in a data center made a purchase during their lunch break, it’s more likely that the order was placed by a bot. This isn't the only risk factor that identifies potential bots, but we use colocation signals to identify bots that are designed to mimic human behavior and can be otherwise difficult to detect.
University: The user’s location originated from a university or college. Although there are plenty of students and staff on college campuses who place legitimate orders, the relative anonymity of campus networks means that university-based orders carry a higher risk of fraud than average. That said, if you know that your store caters specifically to young adults, this risk factor may be less of a concern—knowing your audience is one of the most powerful tools in your fraud prevention toolkit.
Network-based factors
Other user risk factors indicate issues with a user’s network or browser. ProductName monitors each user’s connection to your storefront and flags any factors associated with a high rate of fraud, such as:
The Onion Router (Tor): Tor is a web browser that uses multi-layered encryption to hide information about a user’s network and location. There are valid reasons to use an anonymous browsing service like Tor, but very few customers use Tor for day-to-day browsing or online shopping. On the other hand, fraudsters have a strong incentive to cover their tracks and evade detection, which means Tor sessions are often associated with fraud. Additionally, since Tor can make it difficult for ProductName to track a user’s location and browsing history, we encourage you to proceed with extra caution when reviewing these orders.
Public proxy: Like Tor, proxy servers allow users to send and receive data online without exposing their network and location information. Although proxies are somewhat more common than Tor and also offer a variety of non-fraudulent uses, they still pose a moderate risk. Proxy risk factors alone may not guarantee the presence of fraud, but they carry a higher level of suspicion if other risk factors are also present.
User ID rotation: Multiple orders with unique user IDs originated from the same IP address. Under normal circumstances, each IP address should only correspond to a single user ID. User ID rotation occurs when a bot or fraudster deliberately changes their credentials to appear as several different users, despite remaining at the same IP address. Fraudsters use this tactic to place multiple orders under a variety of identities. If ProductName flags an order for user ID rotation, that order carries a high risk of fraud.
Behavior-based factors
Some risk factors highlight issues with a user’s behavior while browsing your storefront. In addition to monitoring users' location and network connection, ProductName also analyzes each interaction with your website and identifies any significant patterns that emerge. These patterns include:
Fast click and click count: A user navigated through your site too quickly or used an unusual number of clicks to do so. Most people have predictable and imperfect click patterns when navigating a website, but bots can click through pages with inhuman speed or precision. Bots may also use too few or too many clicks, either by using code to directly access certain areas of your storefront or because they struggle to navigate the website and using far more clicks than usual. Both risk factors are extremely suspicious, especially in conjunction with other risk factors, so make sure to take them seriously.
Known bot and spam bot: In addition to tracking the individual factors that indicate bot behavior, ProductName’s fraud detection algorithm can sometimes identify bots outright, either by analyzing combined patterns of behavior or comparing traffic to a known list of bot sources. If we detect either of these risk factors, the order is most likely fraudulent and we recommend canceling it.
Device-based factors
The final group of risk factors is tied to a user’s device. Like network-based factors, device-based risk factors relate to the way users accesses your storefront, but are more closely linked to a user’s physical device than their network condition. Among these risk factors are:
Viewability: The user’s device did not display your website, or only displayed it for a brief period of time. Most human users need to see your storefront in order to shop, and users who employ accessibility tools like screen readers still need to display your site on their device to use those tools. However, some bots can navigate a website by using scripts that don’t rely on visual elements or through a headless browser that uses a command-line interface instead of a standard user interface. There are legitimate uses for headless browsers, especially in web development and search engine indexing, but human users are unlikely to use these browsers for online shopping.
Spoofed user agent: The user’s device information does not match their user agent string. User agent strings are like a nametag for internet-connected devices: when you browse the internet, your user agent string provides information about your browser, device manufacturer, and operating system, which helps webpages optimize their content for your device. Web developers sometimes change this user agent string for testing purposes, but there's no real reason for someone shopping online to engage in spoofing—unless they’re a bot or fraudster trying to hide their identity. If a user’s device information and user agent don't match, their order carries a high risk of fraud.
Cookie rotation and user agent rotation: The user has changed device-related information to mask their identity, evade tracking, or appear as multiple users on different devices. Bots artificially change these identifiers every time they adopt a new false identity, which means that each session seems to originate from a new device but is still linked to the same IP address. Legitimate users have no reason to engage in this behavior, so cookie rotation and user agent rotation risk factors are grounds for canceling an order.
Putting it all together
Although these are some of the most common risk factors you’ll encounter, ProductName screens orders for many other risk factors related to user data, payment data, and more. Familiarizing yourself with our scoring process makes it easier to build custom [Order Rules] based on your industry risk and comfort level. It’s also important to remember that risk factors increase the probability of fraud, but don’t necessarily guarantee it. Understanding common risk factors can help you make informed decisions and better understand the data on our [Order Review] page.