How to use regular aggregates

Updated on 20.05.22
6 minutes to read
Copy link

What are regular aggregates?

Starting with the basics, aggregate data is a high-level form of data that is created by combining single data points. 

Aggregate functions are used to describe the method of that combination. Common aggregate functions include average (avg), sum, count, minimum (min), maximum (max), to name only a few.

Regular aggregates add a layer of complexity by allowing you to calculate aggregates using aggregate data collected in regularly recurring intervals.

For example, SEON can calculate the average daily transaction amount of a user. This is a simple aggregate. A regular aggregate could take all the daily averages of a given month and calculate their average.

A graphic explaining aggregates and regular aggregates.
How aggregates and regular aggregates relate (Click to enlarge)

 

Why use regular aggregate rules in fraud-fighting?

Regular aggregates provide you with an additional layer of granularity to spot changes in patterns or to have a better overview of user behavior. For example, they help you track behavior patterns that are potentially suspicious only when considered within a specific timeframe. These could be sudden spikes in spending, increases in user activity, or unexpected changes to devices.

For example, a regular aggregate rule can flag a user ID if it has accessed your site with at least five different cookie hashes within the last three months. While clearing cookies from a browser is a good troubleshooting step, most users don't do it several times a month. As a result, changing hashes can often signal dishonest behavior.

Another regular aggregate rule could monitor the average number of transactions completed each day by the same user ID over the last month. A rule like this could be used to flag increases in a user’s activity. Depending on how you set the rule up, it could flag potential account take over attempts, or be used as a part of problem gambling monitoring in iGaming.

 

How to set up regular aggregate rules

In SEON, regular aggregates are an additional option when setting up velocity rules. Let's take a look at how to create one step-by-step:

1. Head to the Scoring Engine.

2. Open the Custom Rules tab.

3. Click Create New Rule.

4. Toggle Turn on rule if you want the rule to take effect immediately.

5. Name the rule and set what should happen if a transaction triggers the rule using the Action toggle. (Learn more about rule actions.)

6. Set Rule Parameter to Velocity.

7. Set up the properties of your rule as normal.

8. Click on Additional Settings to expand.

9. Set the time frame using the drop-down menu in the Regular Aggregate row. Rules can calculate hourly, daily, weekly and monthly aggregates.

10. Use the second drop-down menu in the Regular Aggregate row to set the aggregate you want to use: average, min, max, or sum.

11. Check that the rule sentence reflects your intended settings.

12. Confirm the rule by clicking on the green arrow.

13. Click Save Rule.

 

Hands-on with a regular aggregate rule

Diving into the details, let’s take a look at a real-world example. Another check regular aggregates could perform is checking that the average of maximum daily transaction amounts for the same User ID in the last month is less than the current Transaction amount. A rule like this could flag potentially suspicious changes in spending habits.

 

?Got a question

Talk to sales