Before diving into the Sift Science Console, there are two concepts that you'll need to understand to be successful.
Each of your users is assigned a Sift Score – a risk score between 0 and 100 – that predicts how likely they are to be fraudulent. The closer someone's Sift Score is to 100, the more likely they are to be a bad user. On the other hand, scores close to 0 mean that a user is highly unlikely to be a fraudster.
We currently offer 5 different types of Sift Scores, each of which correspond to our 5 product offerings: payment abuse, account abuse, account takeover, content abuse, and promotional abuse.
What goes into a Sift Score?
- A Sift Score is the computed result of all our machine learning analysis that takes into account over 5,000+ different fraud signals. The Sift Score is updated each and every time we identify new information about a user – including if we've detected a related user on another site in our vast customer network.
How do I use Sift Scores?
- Sift Scores clearly identify bad and good users, giving you the ability to create adaptive user experiences. This way you can give your good users a great experience and identify those few suspicious users you need to verify further.
- For example, you can determine your business' score thresholds based on your tolerance for risk and bandwidth for manual review.
- Good Scores: These users will likely be good and don’t require review. You might offer them an adaptive, improved user experience since you're confident they're safe users.
- Risky Scores: These users are in the "gray area" where they might be good or bad. The next step is to dive into their user details to make an informed decision. Alternatively, if you don't have time for live review you can introduce additional verification steps for this small group of users.
- Bad Scores: These users are likely bad and can be automatically blocked.
How do I make Sift Scores even more accurate?
- Sift Science's accuracy improves over time as we learn what fraud looks like for your particular business. As you send more data and give more feedback, your model's accuracy will get better and better.
Sift Science predicts which users are safe and which are fraudsters. To do this, we use a few key things: our powerful machine learning, our global network of fraud data, and feedback from our customers. When a fraud analyst for a customer reviews a user or order, they’ll come to a conclusion about whether or not the user or order is a good one. This conclusion could be that the user is good, bad, or that it’s not clear based on the available evidence. Sift Science uses these conclusions as feedback to improve our predictions about new users and orders.
Giving feedback is easy! When you take action on users or orders with Sift, you make a Decision (block order, ban user, etc.). These actions you take, called Decisions, give Sift information that we use to better identify fraudsters. For all businesses manually reviewing, this is just a normal part of your review process that can be customized to your existing processes. If you are not manually reviewing any users, see our feedback guide for a more in-depth look on when to send feedback.
Now that you've got a handle on Sift Scores and Decisions, let's start learning about the Sift Science Console!
The Sift Science Console
The Sift Science Console is a powerful tool available to all customers which surfaces insights we’ve derived from our machine learning analysis. Through the console, you can identify and explore trends, investigate suspicious users, and take business actions.
The Explore tab lets you delve into your fraud trends and discover potentially fraudulent users, orders, or patterns through Lists. Lists are completely customizable, saved searches that can be based around users or orders. You can leverage almost every piece of data you send us when creating these.
By default, every analyst on your team gets two Lists – Risky Users and Risky Orders. However, each analyst can create their own unique Lists to help them focus on the users and orders that matter the most!
Creating a List
As you add or remove search criteria, List Analytics will update in real-time to give you key information like the average Sift Score, labeling breakdowns, and the distribution of Sift Scores for the users or orders shown.
Reviewing your Lists
Use your Lists to find suspicious users, orders or fraud trends. If you do regular review of users or orders, try using Workflows to create a Review Queue!
Once you’ve identified users to investigate in the Explore tab, you can use the User Details view to dig into users and make a decision. The User Details page showcases all the information that Sift Science has collected and analyzed so you can confidently make a decision.
The Attributes section displays key user information so you can quickly evaluate a user. This section is completely customizable, so you can add, delete, and rearrange any number of features you’d like to see at a glance. As with Lists, you can leverage almost all the features you send us as well as Signals Sift has derived. This attributes section appears on both the Explore Lists and User Details pages, displaying a summary of key information so you can quickly evaluate a user.
What information or signals do you commonly use to detect fraud? Add them to your Attributes!
- Notice email address is a key indicator of fraud on your website? Add "Email Domain" or "Disposable Email Address" to your Attributes section.
In this section, you can view an itemized list of each order, payment methods, and a map showing the billing and shipping addresses.
Use the map to quickly see if an order is suspicious. Shipping to a highly fraudulent country? Unusual distance between shipping and billing address? These signs might warrant further review of an order.
The Identity section consolidates all of the identity information we’ve dug up on a user into a single place so you can get a sense of who they really are.
View information like their associated email addresses and phone numbers. View any presence they have on 70+ social networking platforms through the complementary social media card.
See all of the geographic information we’ve collected for a user on a map. You can quickly evaluate the shipping, billing, and IP addresses associated with a user’s account.
Pay close attention to a user if they have multiple addresses associated with their account (especially if they are far apart), as this is a common signal of fraudulent activity for many businesses.
Use the Network Visualizations tool to discover connections between users on your site and see exactly how they are connected.
On the left, you'll see properties of cocatrice1780 that are shared with others on your site. On the right, you'll see the users connected to cocatrice1780, as well as their Sift Score and Decision status.
Look for suspicious links between users. Does a user share the same device fingerprint or billing address with multiple people? How many known fraudsters is a user linked to?
Want to explore all of the users who share a specific property? Create a saved search for all the users who share that particular IP Address
You can use the Activity log to review all of the actions and events associated with a particular user in chronological order and see how their Sift Score has changed over time.
Want insight into why a user’s been flagged as risky? Signals shows the top reasons why our machine learning technology classified a user as suspicious and includes the relative weighting for that signal.
Tip! Confused about what a Signal means? You can expand a Signal to see a quick description, or look it up in our in-console Signals Glossary.