How to use regular aggregates

Updated on 28.11.23
6 minutes to read
Copy link


Starting with the basics, aggregate data is a high-level form of data that is created by combining single data points. 

Aggregate functions are used to describe the method of that combination. Common aggregate functions include average (avg), sum, count, minimum (min), maximum (max), to name only a few.

Regular aggregates add a layer of complexity by allowing you to calculate aggregates using aggregate data collected in regularly recurring intervals.

For example, SEON can calculate the average daily transaction amount of a user. This is a simple aggregate. A regular aggregate could take all the daily averages of a given month and calculate their average.

How aggregates and regular aggregates relate (Click to enlarge)


Why use regular aggregate rules in fraud-fighting?

Regular aggregates provide you with an additional layer of granularity to spot changes in patterns or to have a better overview of user behavior. For example, they help you track behavior patterns that are potentially suspicious only when considered within a specific timeframe. These could be sudden spikes in spending, increases in user activity, or unexpected changes to devices.

For example, a regular aggregate rule can flag a user ID if it has accessed your site with at least five different cookie hashes within the last three months. While clearing cookies from a browser is a good troubleshooting step, most users don't do it several times a month. As a result, changing hashes can often signal dishonest behavior.

Another regular aggregate rule could monitor the average number of transactions completed each day by the same user ID over the last month. A rule like this could be used to flag increases in a user’s activity. Depending on how you set the rule up, it could flag potential account take over attempts, or be used as a part of problem gambling monitoring in iGaming.


How to set up regular aggregate rules

In SEON, regular aggregates are an additional option when setting up velocity rules. Let's take a look at how to create one step-by-step:

1. Head to the Scoring Engine.

2. Open the Custom Rules tab.

3. Click Create New Rule.

4. Toggle Turn on rule if you want the rule to take effect immediately.

5. Name the rule and set what should happen if a transaction triggers the rule using the Action toggle. (Learn more about rule actions.)

6. Set Rule Parameter to Velocity.

7. Select the aggregate and data field you want to compare.

8. Set the regular aggregate in the field below. Rules can calculate hourly, daily, weekly and monthly aggregates.

9. Select the operator for your rule in the middle column.

10. Set the data fieldf you'd like to compare the aggregate to in the right-side column. We'll filter data fields to ensure your rule sentence is logically correct.

11. Check that the rule sentence reflects your intended settings.

12. Confirm the rule by clicking on the green arrow.

13. Click Save Rule.


Hands-on with a regular aggregate rule

Diving into the details, let’s take a look at a real-world example. Another check regular aggregates could perform is checking that the average of maximum daily transaction amounts for the same User ID in the last month is less than the current Transaction amount. A rule like this could flag potentially suspicious changes in spending habits.


Was this guide helpful?