Fraud Rules Engine: How to Effectively Use Rules-Based Alerts to Monitor Risk on your Platform

Fraud Rules Engine: Using Rules-Based Alerts to Monitor Risk on your Platform

What is a fraud rules engine?

A fraud rules engine, sometimes also referred to as decisioning software, is an application that allows you to implement logic to manage fraud and risk on your platform. These tools allow you enact rules in many different forms ranging from drag-and-drop user interfaces to custom programming languages to machine learning (ML) models. If you're a platform that processes payments, transactions, e-commerce orders, user accounts, sensitive case data, or health records or user generated content it's likely you will need a fraud rules engine as your platform grows to monitor bad actors. Points of consideration when evaluating a fraud rules engine:

  • How will the system integrate with your company's data?
  • How will the system fit into your analysts' workflows? Does it integrate with other systems that you use? 
  • How flexible is the rules engine and will it be able to express the complexity of rules that you will need to enforce? 
  • How difficult is it for your analysts to create or update a rule?

LogicLoop: The SQL-based fraud rules engine

Modern internet businesses use LogicLoop's SQL based fraud rules engine in order to manage risk on their platform. LogicLoop is a software application that allows you to (1) connect your company's databases, data warehouses, and data from third-party vendors via API (2) use SQL to query the data that is connected, and (3) automatically trigger an action when conditions specified in the SQL rules are triggered. Using LogicLoop's user friendly dashboard, analysts can, for example, quickly create rules that run on a schedule to continuously monitor incoming transactions, apply SQL logic based on properties of those transactions that are commonly associated with fraudulent behavior, and flag them to an analyst for manual review. Business choose to use LogicLoop because of its flexibility and ease of use in the 4 key considerations: 

  • LogicLoop can connect directly to your company's Postgres, MySQL, Redshift, Snowflake, Big Query, etc. database. The integration can be done in just 15 minutes via credentials and does not require a complex integration lift from engineers.
  • LogicLoop can integrate with a variety of downstream applications such as Slack, JIRA, case management systems, APIs and even your company's own internal admin systems, allowing your rule to trigger cases in systems you already use and embed our system directly into your analysts' workflows.
  • Rules are easy to create and update in minutes using a dashboard user interface. In today's fast-moving environment, teams can't wait days for engineers to update code.
  • Finally, because LogicLoop takes advantage of SQL, the most popular data querying language, it can express a wide variety of complexity that many other rules engines struggle with.             

Different types of rules to effectively manage fraud on your platform

To take advantage of rules-based systems, you can use a variety of techniques to see what is the most effective for your business. Let's go over a few of the most popular kinds:

  • Logical if-and-or-else conditions - the most straightforward set of rules are basically a tree of if-and-or-else conditions. Think of something like "IF a transaction is > $10,000 AND the credit card is not present THEN escalate it to manual review." If-and-or-else conditions are straightforward, easy to conceptualize, and can very accurately capture heuristic or regulatory based rules.
  • Weight based risk scoring - more sophisticated users may want to incorporate weights into their equation so that not all rules are created equal. For example, perhaps a transaction if more likely to be fraudulent if amount is > $10,000 than if a credit card is not present in the transaction, so you will want to assign greater weight to order size that card present status. This can result in outputting a risk score that will trigger an alert if the aggregated score is larger than a certain amount.
  • Signal aggregation - another popular rule type is one that aggregates many signals from different sources. For example, you can have a mega-rule that uses a combination of an output from a machine learning algorithm, a vendor-assigned risk score, and internal properties to determine how to take action.
  • Event chaining - finally, a some rules take advantage of event changing and will produce outcomes based on a multi-step execution of rules that depend on outputs from other rules in order to make a decision.

For more rules types and popular fraud monitoring templates, check out our template library. What type of rule ends up being the most effective for your business will be dependent on the specifics of your platform, and we generally recommend experimenting with different types to see what ends up being the most valuable for you. Because LogicLoop is a very flexible platform, it can capture the complexity of these different types of rules, allowing you to explore the full range of what's possible.

Types of information

Different rules will incorporate different types of information, with some of the most popular data points being:

  • Location - where did the order or transaction take place?
  • IP/Device address - what is the fingerprint associated with this user and do they have prior activity on your platform?
  • Velocity/frequency - how often is this behavior occurring? Fraudulent users tend to act quickly and try to extract value from your platform as soon as possible with a deluge of newly created accounts.
  • Properties of the item itself - depending on what it is you're monitoring, you will look at properties such as amount transacted, date and age of the item, the category and status of that item, etc.
  • Identity - who is the user and has their identity been verified? What is their name, age, address and do they show up in any cross-platform searches or lists? Are they associated with other accounts on your platform? 

What happens after a rule is flagged? 

Once you've done the hard part of identifying potentially suspicious activity, the work does not end there. As a result of the rule flag, you will likely want to either (1) take some sort of automated action like accepting or denying a user, or (2) pass the alert to a case management system where an analyst can manually track, comment, and review it in order to make the final decision. With a flexible platform like LogicLoop you can easily call an internal webhook API endpoint to automatically approve or deny that user in your systems, or create a case either in LogicLoop's built-in case management system, or an external system like Slack, JIRA, Hummingbird, Asana, Trello and more. These systems can help you keep track of open tasks and some also allow you to track agent scheduling, assignment and productivity.

Improving your fraud rules

Finally, after your rules have alerted and been actioned upon, you still don't want to stop there. You want to improve your system to more accurately make the right decision for future activity. With tools like LogicLoop you can backtest new rules on old data and run analysis on what types of false-positive or false-negative rates they can generate. You can see which rules generated the most alerts and which ones were more accurate than others. This will help you tweak thresholds and rule parameters to more better detect future activity.

Conclusion

A powerful and flexible fraud rules engine can be instrumental at monitoring bad actors on your platform. At the end of the day, you want to enable your good users to onboard faster, and add more friction or prevent bad users from taking advantage of your platform. Check out LogicLoop and start improving your platform quality today!

Get started with a free trial

Improve your business operations today
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
No credit card required
Cancel anytime