Effectively managing fraud requires a multi-tiered strategy. It is essential to adopt a fraud prevention strategy with a broad view, encompassing multiple user interaction events, and phased decision-making points.
A user interacts in many ways on a merchant’s website, such as searching for products, updating account info, writing a review, adding or removing items from their cart, or signing up for events or newsletters. Each of these interactions provides tell-tale signs of their behavior and intent. Analyzing all of these interactions cohesively helps to identify fraud more accurately and provides a seamless experience to legitimate customers.
The classic approach to fraud is to look for specific events to identify certain types of fraud, like purchases with a stolen credit card or account takeovers. Most tools support this approach, to assess specific generic events such as purchases, sign-up, sign-in, or coupon redemption. Evolving beyond this classic approach requires tools that can help you tailor a fraud prevention strategy to best suit the unique interactions between your business and your customers.
Custom assessments are available as part of Dynamics 365 Fraud Protection and enable you to tailor a fraud prevention strategy that best suits your business and customer needs.
Analyzing the customer journey in your business is the first step in understanding where to deploy custom assessments.
Identify key touchpoints of a user journey
Begin by identifying user actions that could indicate a high risk of fraud or help you track unusual behavior later in the user’s journey. These actions can vary by the type of business you run. For example, a user updates the physical address on their account. If a restaurant offers promotions for users from certain locations, an address change may indicate a risk of fraud or abuse of the promotion and you may choose to act immediately. In contrast, if you are an e-commerce merchant offering gifts and accessories, this event alone may not indicate risk, but subsequent actions may. In this case, you can add an additional check if the next action was updating the phone number, as it may indicate the risk of a compromised account.
Create custom assessments for these key touchpoints
After you have listed the touchpoints that are key indicators, you can add assessments to these events. Custom assessments have the flexibility to define every part of the assessment to match your business-specific scenario — including the API name, event name, and the payload. This helps you to easily manage all the assessments.
Using the rules engine to determine actions
After your custom assessments are created, you can use the rules engine to configure what actions you want to take on them. From the earlier example for a restaurant, you can create rules for the address change event to check the distance between both addresses or the history of orders from that user and return a reject decision to block the user. Or if you are the e-commerce merchant, return this event to a watch list for action later.
You can view the performance of your custom assessments, including the total volume of events and what rules were triggered if any, in the scorecard tab of the assessment.