A fraud score is a numerical value assigned to a payment transaction by a fraud detection system that represents the estimated probability that the transaction is fraudulent. Fraud scoring models evaluate dozens to hundreds of data signals associated with the transaction and the cardholder’s behavior, producing a single score that merchants, gateways, and issuers use to make accept, review, or decline decisions.
Higher scores indicate higher fraud risk. Merchants and gateways configure thresholds that determine how each score range is handled. Transactions below the threshold are approved automatically. Transactions above the threshold are declined or flagged for manual review depending on the merchant’s risk tolerance and the value of the transaction.
Fraud scores are generated by both issuer-side systems during authorization and merchant or gateway-side systems prior to or alongside authorization. The two scoring layers operate independently and may reach different conclusions about the same transaction.
Diving Deeper into Fraud Score
Fraud scoring is the application of statistical modeling and machine learning to the problem of distinguishing legitimate transactions from fraudulent ones in real time. The core challenge is that fraud and legitimate transactions often look similar from a data perspective, and both false positives and false negatives carry meaningful costs. A false positive declines a legitimate customer. A false negative approves a fraudulent transaction. Effective fraud scoring minimizes both error types simultaneously.
Modern fraud scoring systems process hundreds of data signals per transaction and produce a score in milliseconds, fast enough to be incorporated into the authorization decision without adding perceptible latency to the checkout experience.
What Signals Drive a Fraud Score
Fraud scoring models draw on a wide range of data signals, which fall into several broad categories.
Transaction Characteristics
The transaction amount, merchant category, time of day, and whether the transaction is card-present or card-not-present all contribute to the score. Unusually large transactions, transactions at unusual hours, or transactions in high-risk merchant categories score higher than transactions that fit the cardholder’s normal patterns.
Device and Network Signals
In card-not-present environments, the device used to initiate the transaction provides rich fraud signals. Device fingerprint, IP address, geolocation, whether the IP address is associated with a proxy or VPN, the browser and operating system, and whether the device has been seen before all contribute. A transaction initiated from a device and IP address that match the cardholder’s historical patterns scores lower than one initiated from an unfamiliar device in an unexpected geographic location.
Behavioral Signals
How the user interacted with the checkout page provides behavioral signals that distinguish human shoppers from automated fraud tools. Time spent on the page, mouse movement patterns, typing cadence, and navigation flow are all signals that behavioral analytics systems evaluate. Automated card testing attacks, where fraudsters run rapid sequences of small transactions to validate stolen card credentials, produce distinctive behavioral patterns that score very differently from legitimate checkout sessions.
Historical Patterns
The cardholder’s transaction history provides a baseline against which the current transaction is compared. A transaction that matches the cardholder’s normal spending patterns in terms of amount, merchant type, and location scores lower than one that deviates significantly. Cardholders who suddenly make large purchases in new categories or locations, particularly after a period of inactivity, generate higher risk scores.
Card and Identity Signals
AVS match status, CVV match status, and whether the email address, phone number, or shipping address submitted at checkout match data associated with the card all contribute to the score. Mismatches between submitted identity data and card-associated data are meaningful fraud signals.
Issuer-Side vs. Merchant-Side Scoring
Fraud scoring happens at multiple points in the transaction lifecycle, and the scoring on the merchant or gateway side is distinct from the scoring performed by the issuer during authorization.
Merchant and gateway-side fraud scoring happens before or simultaneously with the authorization request. The merchant’s system evaluates the transaction against its own model and decides whether to submit the authorization at all, or whether to submit it with additional authentication such as 3D Secure.
Issuer-side fraud scoring happens during authorization. The issuer’s system independently evaluates the transaction and decides whether to approve or decline. The issuer has access to data the merchant does not, including the full history of the cardholder’s account and real-time signals about other transactions on the card.
Both layers can decline a transaction independently. A transaction that passes the merchant’s fraud score threshold may still be declined by the issuer’s risk engine, and vice versa.
Threshold Configuration and Risk Tolerance
Merchants configure their fraud scoring thresholds based on their specific risk tolerance, business model, and the cost of fraud versus the cost of false declines. A merchant selling digital goods with no physical delivery cost and high chargeback exposure may set aggressive thresholds that decline more borderline transactions. A merchant selling high-value physical goods may accept more fraud risk in exchange for higher approval rates.
Threshold configuration is not static. Effective fraud management involves ongoing monitoring of approval rates, false positive rates, and chargeback rates to identify when thresholds need adjustment. Seasonal patterns, new fraud attack vectors, and changes in the customer base all create reasons to revisit threshold settings.