Understanding the Risk Analysis Fraud Prevention Screening



A very common reason that a potential customer's order may fail is when the order fails our risk analysis, which is our fraud prevention screening. If you click on Order Search from SpringBoard’s Store Home and find the failed order, and If the order has a yellow icon at the top that says Risk Analysis, then the order failed our risk analysis fraud screening.

Risk Analysis Details

To get more details about why the order did not pass the risk analysis, under Events, click on Risk Analysis.


Any risk factor values that are not 0 contributed to the fraud screen preventing the order from completing. 

Sample Credit Card Risk Factor Report Sample PayPal Risk Factor Report
735.png 736.png

Explanations of Risk Factors

Many of the risk factors are described below, but please note that not all risk factors will display for all orders. Some only appear for certain payment methods, and some will not appear unless there is a potential risk found.

Free Email Domain

A value of true means the email used by the customer is from a free email domain service (such as Hotmail, Gmail, or Yahoo!). 

Many fraudulent customers use free email providers that allow them to be anonymous, so a free email domain is a potential risk. Note: there are many legitimate potential customers who use free email domains as well. 

High Risk Email

A value of true means that the email used by the customer is in database of high risk email addresses. 

Card Validation Number Check

For credit card purchases, describes whether the CVV2 credit card security code entered in the order form matches the customer's credit card or whether there is an error in the security code.

IP Address Distance (KM)

The distance between the customer's IP address location and the address entered in the order form, in kilometers.

If potential customers claim to be in a certain location in our order form, but our Geo-location service detects that their computer is located elsewhere, this can be a potential risk. The approximate distance between their location and their credit card billing address will be provided, and large distances are one factor that may cause the risk analysis to prevent the order. Note: in some situations, the potential customer may simply be traveling when attempting the purchase of your product, or the potential customer could be using a business card issues to a company branch in a different city or country than their ip address.

IP Address Country Mismatch / IP Address Country Mismatch Detail

A value of true means there was an IP country mismatch, meaning that the country of the IP address detected does not match the billing address supplied by the potential customer (both of which are given in IP Address Country Mismatch Detail), and this can be a potential risk. Many international credit card companies do not support verification of address, and so they check the Bank Identification Number (BIN) to see if the issuing bank for the credit card is in the same country as the location of the potential customer. Note: There are many legitimate potential customers that use a credit card from another country.

MM Proxy Score

This score shows the likelihood that the potential customer is using an open or anonymous proxy, which allows the customer to fake their ip address, to access the order pages. A good order will have a value of 0. Low fraud orders, which may not fail the risk analysis, have values ranging from 0 to 3. Any score higher than a 3 has a very high chance of being fraudulent. The proxy score ranges from 0 to 10.

Many fraudulent customers use open or anonymous proxies to evade attempts to track them because these proxies hide their true location. For example, a fraudulent Nigerian customer may want to purchase your product with a stolen credit card that has a billing address in New York. Since an order can be blocked based on IP address distance or IP address country mismatch, the fraudulent customer attempts to bypass this restriction by using a proxy to fake his IP address to make it appear as though he is in New York. Some companies restrict the sale of products to certain countries, or offer different pricing for specific countries, and a fraudulent customer may spoof his IP address to make it appear he is in a different country to be able to purchase something, which may be illegal to purchase in his country, or to gain the better pricing.

Note: some legitimate potential customers can come from open or anonymous proxies. Typically, these customers are unknowingly infected with a virus that allows others to hijack their computer. It is estimated that about 4% of legitimate potential customers have open proxies. 

MM Score %

This weighted score is the most important part of the risk analysis as it gives the probability that an order is fraudulent. The higher the score, the more likely the order is fraudulent. The score, which is given as a percent and ranges from 0.01 to 100.00,  combines factors like whether a customer's email is from a free email domain service,  the distance between a customer's IP location and the address entered for the order, whether the customer used an open or anonymous proxy, if the billing address or ip address is in a high risk country, and other information that the system might have gathered about a particular customer. A score of 95.66% means that the order had a 95.66% chance of being fraudulent. About 90% of orders, in general, have a score under 5.

Explanations of Non-Risk Factors

IP Address Country

The two letter country ISO 3166-2 code that our Geo-location service detects as the customer's IP location.

IP Address Region

More specific information for some countries that our Geo-location service detects from the customer's IP location. In the United States, this is usually the two-letter state abbreviation, while in other countries, this is usually a two-letter or two-number region of the country.

Payment Type

The payment method, such as credit card or PayPal, used by the customer. 

Card Country

The country associated with the credit card used.

Risk Analysis Threshold Settings

There are different risk analysis threshold settings, which change the degree to which a questionable order fails or succeeds. These settings may be adjusted based on typical fraud patterns for a product.

What to do if Potential Customer is Not Fraudulent

While we strongly believe in the accuracy of our risk analysis detection, and we encourage you always to look at the MM Score % for the percent chance that the order is fraudulent, there are certainly cases where a legitimate customer is blocked by the fraud screening. In these circumstances, please open a support ticket, provide us with the failed order ID and let us know that you have reviewed the risk analysis details but that you believe this order was legitimate.

We're Here to Help

If you need more assistance understanding the risk analysis for a failed order, or are concerned about the number of legitimate orders that fail our risk analysis, please open a support ticket.

Have more questions? Submit a request


Powered by Zendesk