Run a Batch Test on Your Data

Overview

Batch tests are a common way to evaluate fraud prevention solutions. However, we believe the best validation of our technology is a hands-on test, so we recommend that you use our free platform trial to experience the full capabilities of SEON. Of course, you can still run a batch test if you prefer.

 

Why batch test?

Testing SEON using your historical data can help you validate the accuracy and performance of our toolset. A historical data analysis batch test is essentially a data mining project that focuses on the historical data set of your specific user base.

Beyond sharing the results of our fraud analysis, you'll get access to all the information that SEON's data enrichment tools unearth in the progress. As SEON is highly customizable you'll get the most out of a batch test if your data science team is eager to come up with new and creative ways to use data. We recommend going through the process if you can build your own machine learning models and can ingest a wealth of data.

By analyzing transactions you know to have been honest or fraudulent, we can uncover how much you could have saved by avoiding fraud in the past. You can also use the analysis to build an accurate model of how SEON would classify your transactions in the future. Batch testing is free.

 

SEON's batch test process

  1. (Optional) Book an introductory call
    In 30 mins, our team will give you an overview of SEON's functionality and discuss your use case. This will help us ensure you get the results most useful from your batch test.
  2. (Optional) Sign a mutual NDA
    A non-disclosure agreement creates a confidential relationship between the signing parties. You can download our standard NDA here. Once completed, please forward it to our Legal Team.
  3. Prepare and send your historical data
    Selecting the data you send as part of the batch test is down to your Data Science Team.
  4. Data analysis
    Our Data Scientists will begin processing your file as soon as it arrives. We will create a trial account for you to access the results once they are ready.
  5. Results summary and workshop
    Our Data Scientists will collate the data and return the results to you. We'll follow up with a joint workshop so our team can help you build a mental picture of the data and answer any questions.

How to send us your data

Data preparation is the process of clearing up your data and organizing it in a way that makes it easier to use. To accelerate the batch testing process, please prepare your data according to the following guidelines:

  • Format: CSV
  • Name: COMPANYNAME_ANALSYIS.csv
  • Length: at least 500 rows, no more than 10,000 rows
  • You can download a template file here.
  • The email and IP address fields are the most important to get good results from the batch test.
  • You can add any labels (fraud, not fraud) to the transactions in the transaction_label column.

Keep in mind that the batch test file may contain sensitive personal information. Please take steps to protect this data. Before sending us your file, please compress the CSV into an encrypted ZIP file.

Forward the encrypted file to our Data Science Team. Do not send the file's password in the same email. Our team will confirm that they have received the file.

Understanding batch test results

We conduct batch tests using all three modules of our Fraud API, enriching data based on emails, phone numbers, and IP addresses. Batch tests use SEON's default rule set. These are the same rules that come pre-loaded in every SEON account. 

Rules can affect a transaction's fraud score or state. Fraud scores are how SEON reflects the risk associated with each transaction. When a transaction's score reaches a certain threshold, its state is changed. Transactions can have three states:

StateDefault thresholdDescription
APPROVE0–10Safe transaction
REVIEW10–20Something's fishy, a manual review would be best.
DECLINE20+Confirmed fraud attempt

Email module

The email risk score indicates how risky the email address is. We consider a score over 8 risky. Disposable domains are blocked by default, resulting in a high fraud score.

SEON's email checks will return the following results:

  • Email provider information
    If the email is registered at a free or disposable provider or a custom address tied to a company's or institution's domain. Free email providers can fall into no-risk and high-risk categories. High-risk providers do not require additional verification when users create new addresses.
  • Domain data:
    We provide domain metadata because fraudsters sometimes try to register domains to pose as legitimate company domains. This information will include the registrar's name, along with other information about mailbox settings, for example, if an accept all policy has been set on the domain or whether the MX records are valid. If not, the domain cannot receive emails. You can also validate the TLD (e.g., .com) and see if there is a live website on the domain.
  • Approximate minimum age:
    Insight into whether the email address has been involved in a data breach or not unlocks data about its age. An email being included in a data breach proves that the address was in use before the breach occurred. If the email address hasn't been in any data breaches, it may be completely fresh and thus pose a higher risk.
  • Social and digital footprint:
    Our tools check over 40 digital and social platforms in real-time to uncover if the provided email address has been used to register an account with any of them. Most people use their email address as a digital passport, while fraudsters won't create a digital footprint for their throw-away emails. The email is highly risky if it is free, has not been used online, and has not been involved in a data breach.

 

Phone module

Similarly to the Email module, the Phone module provides a risk score, which indicates the risk tied to the provided number. In our experience, a score over 4 is risky.

Our phone number checks will uncover:

  • Validity check
    A simple check to confirm that the number provided is valid and can be called. Stop fraudsters using random strings of numbers in their tracks.
  • Country, carrier, and type
    Detailed insight into a number's country of origin, its type (landline, cell, PC), and carrier information. Catch fraudsters using stolen or throw-away phone numbers.
  • Social and digital footprint
    Our tools will check if the phone number has been registered to 15+ digital and social services. Similarly to email address checks, this can help prove that a number is real, connected to a trusted customer, and in use.
  • Messenger use
    SEON can uncover when a user last logged in and the profile picture they use on a handful of messaging accounts connected to the provided phone number.

IP module

The IP module will help you spot risky connections and suspicious customers. With SEON's default settings, we'll give any IP that is a server and not residential a score over 10. VPNs are always server-type IPs, and Tor nodes will always score above 80 points.

  • Geolocation
    Uncover the geographic location of the IP connecting to your service. Correlate this information with other location data such as phone number country codes, shipping addresses, etc., to uncover fraudulent transactions before they happen.
  • IP type
    Learn if your customer is using a normal residential or mobile internet connection. Often fraudsters will connect through data center IPs. Thus these should be considered risky.
  • ISP information
    See the exact name of the Internet Service Provider (ISP). This can be useful when investigating transactions and handling clone detection as many fraudsters tend to stick to the same ISP.x
  • Open Ports
    Open ports can identify if your customer is running any web tools or servers through their IP. All proxies will leave some ports open to let other computers connect to them, so ports open mean higher risks.
  • Proxies, VPNs & Tor nodes
    Easily verify whether the IP is a Tor node, VPN, Public, or Web proxy.
  • Spam blacklists
    The spam blacklist checks indicate if the IP was marked as a spam source on any of the more than 60 Domain Name System-based Blackhole List that we check. If an address is listed more than 3–4 times, we consider it high-risk, while 1 or 2 mentions are common.

?Got a question

Talk to sales