Dynamic risk scoring

Make informed decisions based on multiple factors and their weight.

Dynamic risk scoring assesses applicants and their activity in real-time based on the applicant events (i.e. transactions, sign up, login, and so on) received via the API. Each event is screened through multiple factors, each weighted differently depending on their importance to a specific company.

Such a flexible approach allows for the creation of customizable risk profiles, adapting dynamically to user-specific criteria and guaranteeing accurate and timely risk assessment.

The multi-factor risk score shows how likely a user is to engage in suspicious or fraudulent behavior. It might be calculated based on multiple factors, such as:

  • KYC documents.
  • Email and phone data.
  • Device intelligence.
  • Behavior patterns.
  • Transaction history, and so on.

The score helps companies decide whether to investigate their users further, apply additional checks, or reject them.

The risk score also helps reveal suspicious behaviors, such as unusual login frequency or timing, anomalies in user location, and device-related security risks.

The risk matrix is a chart that assesses factors affecting the user risk score and categorizes the detected risks as low, medium, or high to help companies prioritize them.

📘

Note

Since each company defines its own factors, there is no universal matrix.

How it works

Ongoing risk assessment utilizes risk factors represented by scoring tags. You can create a tag for any risk factor related to your applicants and specify the weight for it.

These tags will be added to Rules to enable Sumsub to summarize their weights and produce the final risk score associated with an applicant as a separate tag.

Here are some tag examples that you can use to express risk factors:

Sample factorDescription
Onboarding scoreOnboarding behavior signals.
GEOIP-based applicant residence detection results.
Risky payment methodPayment method check results.
Payment accountsNumber of payment accounts used by the applicant.
DeviceData fingerprint analysis to ensure the device does not belong to multiple accounts.
SoISource of income analysis based on the questionnaire answers.
Txn riskThe financial transaction risk score based on the screening results.

Such a breakdown allows you to adapt your risk matrix to your business needs and adjust the factors weight to reduce false positives and perfect your rules.

Set up dynamic risk scoring

To set up dynamic risk scoring:

  1. Create transaction monitoring tags representing risk factors that you need, like the ones described above, and the name of the tag which will represent the total score, e.g. Total Risk Score.
  2. Add the tags you created above to your rules to start scoring transactions based on the transaction type.
  3. Create and install a post-scoring rule that will constantly summarize the scores from all the rules with the scoring tags and calculate the final score based on the tags weight.
  4. Set the post-scoring rule and the output tag (Total Risk Score) that will display the total score.

Now your risk matrix is ready and will dynamically update the applicant risk score on each event received.

📘

Note

The transaction tags differ from the applicant tags as they are associated particularly with transactions versus that of applicant tags, which are always associated with your applicants. The applicant tags can be set up on the Tags page in the Dashboard.

Step 1: Create tags

To create a tag:

  1. In the Dashboard, open the Tags page and click Add tag. The first tag should represent the total score of the dynamic risk assessment.
  2. Enter the tag name (Total Risk Score), choose the bar color, and select the Score applicant checkbox to use the tag for scoring applicants as part of ongoing risk assessment, and keep weight to 100%.
  3. Create a tag (or tags) representing the desired risk factors which will be assigned to the rules, and assign % weight to each tag.
  4. Save your changes.

🚧

Important

To use tags for ongoing risk assessment, make sure to select the Score applicant checkbox when creating the tag.

Step 2: Add tags to rules

To add a tag to a rule:

  1. Create a rule and set up its condition. For example, you may want to create two rules:
    • The first rule to calculate a geographical risk factor by crossmatching the applicant country against the ID document issuing country.
    • The second rule to track financial risks by alerting you about all transactions >€5k in the nearest 24 hours.
  2. Navigate to the Rule actions section.
  3. From the Add tags to transaction drop-down list, select the necessary scoring tags for each rule (GEO for the first rule and Txn risk — for the second).
  4. Set up the score for each rule.

Step 3: Configure calculation logic

To set up calculation logic:

  1. From the Rules Library, install the post-scoring rule — Calculates applicant assessment aggregates.
  2. Once installed, open the rule and switch to Edit mode.
  3. Scroll down to Tag configuration.
  4. From the Output tag drop-down list, select the Total Risk Score output tag which will represent the total sum of all scoring factors.
  5. From the Input tags drop-down list, select the input tags — GEO and Txn risk.
  6. Save your changes.

Review results

The applied tags and their scores (if applicable) are displayed in the Assessment section of the Case Management page in the applicant profile.

Each time the rule containing the tag is triggered, the assessment score in the applicant profile is updated as per the most recent transaction with the relevant tag.

In the same section, you can find the onboarding score located in the top-right corner.

📘

Note

The onboarding score is only displayed if you create KYC transactions during onboarding, which can be configured in the general level settings. The onboarding score does not represent the sum of all your assessment scores. However, you can use the onboarding transactions within your risk assessment.

Create custom risk assessment matrices

Dynamic risk scoring allows you to create custom risk matrices tailored to your policies and requirements.

For example, you can create a matrix combining the user location, nationality, and the document issuing country as risk factors. To do so:

  1. Create lists containing countries with different risk levels.
  2. Create tags for each list and assign their weight.
  3. Create rules that will check the applicant country/nationality/location and attribute them to the lists you created.
  4. Set the rules to apply specific tags each time the applicant country, nationality, or location falls into your lists and is considered risky.

👍

Tip

Our support engineers are always eager to help you set up the needed tags and rules.