The concept of rules is similar to that of whitelists, blacklists and graylists. However, instead of relying on list matches, a rule per- forms a test, the result of which is usually binary.
There are at least two rule subtypes:
- matching and
- threshold rules.
Rules are either matching or based on a threshold
|1||Partial, complete, or regular expression match.|
|2||Less than or greater than a threshold.|
Examples of rules
Examples of such rules include the following:
- Is this payment made from the United States?
- Is this an order for a high risk product from our catalogue?
- Is this amount greater than the threshold value?
A triggered rule forces a review or add point to the risk score
|1||Forcing||Forces a review by risk operation analysts.|
|2||Scoring||Add points to a risk score.|
Pros and cons of rules
In terms of pros and cons, rules are also simple to setup, configure, and understand, which makes them very attractive initially. However, rules are difficult to manage over time too, particularly if there are many of them.
Moreover, because rules are expensive to audit and review, the set of rules of the fraud detection system becomes less accurate over time. More false positive or type I errors are made over time, which is another instance of the drift in time. This is a major drawback, too.