Velocity Rules

Velocity rules provide a way to flag transactions that involve a suspicious number of actions taken within a given time period. For example you could create a rule that would raise a flag if the same ID number is submitted in five or more transactions across multiple accounts within a ten-minute time frame. Velocity rules can be created around devices, IPs, and other data points to help prevent high-risk transactions by detecting data anomalies in the user’s transaction history.

Contact your Jumio Account Manager or Technical Support if you are interested in using velocity rules.

Use Cases

Fraud Detection in Financial Transactions:

Use Case: Detecting fraudulent activities such as credit card fraud or account takeover.

  • Action: Trigger an alert if the number of transactions or transaction amounts exceed predefined thresholds, indicating potential fraudulent activity.

  • Action: Trigger an alert if the number of times an end user uses multiple IP addresses or the same ID exceeds predefined thresholds, indicating potential fraudulent activity.

Authentication Anomaly Detection:

Use Case: Identifying abnormal authentication patterns that may indicate an account takeover attempt.

  • Velocity Rule: Monitor the velocity of authentication attempts for each user account within short time intervals (e.g. 5-minute windows).

  • Action: Trigger an alert if the number of login attempts from a single user account exceeds a predefined threshold, indicating potential unauthorized access.

Location-Based Anomaly Detection:

Use Case: Detecting account creation attempts from unusual or unexpected locations with repeated data.

  • Velocity Rule: Monitor the velocity of account creation attempts from different geographic locations with the same ID, within hourly or daily intervals.

  • Action: Flag login attempts originating from locations that deviate significantly from the user's initial login patterns, indicating potential account compromise.

Device Fingerprinting:

Use Case: Identifying account creation attempts from unrecognized or suspicious devices.

  • Velocity Rule: Analyze the velocity of account creation attempts associated with unique device identifiers (e.g. device fingerprints) within short time intervals (e.g. 1-hour windows).

  • Action: Raise alerts for account creation attempts from devices with unusual or inconsistent characteristics, indicating potential fraudulent access attempts.

Velocity Rule Examples

Basic Rule Examples:

  • when Device ID Alias was seen 5 times in 10 minutes in within network, then risk score =15

  • when Device ID Alias, was seen 20 times in 1 day in assosciated network, then risk score =27

  • when ID Number was seen 5 times in 10 minutes in global network, then risk score =34

  • when ID Number was seen 20 times in 1 day in within network, then risk score =20

Complex Rule Examples:

  • Same Device ID Alias, 5 times in 1 minute, WITH different IPs. - (Device ID Alias in 1 minute - Device ID Alias in 1 minute with same ip inside network > 5, then risk score =23)

  • Same Device ID Alias, 5 times in 1 minute, WITH different CustomerReferences. (Device ID Alias in 1 minute - Device ID Alias in 1 minute with same Customer Internal References inside network > 5, then risk score =27)

  • Same Device ID Alias, 30 times in 1 day, WITH different ID Numbers. (Device ID Alias in 1 minute - Device ID Alias + ID Number + ID Type + ID Sub Type in 1 day with same Customer Internal References inside network > 30, then risk score =17)

  • Same ID Number, 5 times in 1 minute, WITH different Full Name + DOB.

  • Same ID Number, 5 times in 1 minute, WITH different CustomerReferences.

  • Same ID Number, 30 times in 1 day, WITH different Device IDs.