Skip to main content

Overview

Yuno’s risk engine evaluates every transaction against multiple signals to produce a risk score between 0 (lowest risk) and 100 (highest risk). You can configure custom rules that use these signals to automatically approve, decline, send to manual review, or trigger 3DS challenges for transactions.
Risk scoring runs automatically on every payment. No additional integration is required to benefit from baseline fraud detection. Custom rules extend the default behavior.

Risk Signals

The risk engine collects and analyzes signals across several categories. Each signal contributes to the composite risk score.

Device Fingerprinting

Device fingerprinting creates a unique identifier based on the customer’s browser and device characteristics:
SignalDescription
Browser type and versionIdentifies the browser engine and release
Operating systemOS type, version, and architecture
Screen resolutionDisplay dimensions and pixel density
Installed pluginsActive browser extensions and plugins
Timezone and localeSystem timezone offset and language settings
Canvas fingerprintRendered graphics hash for device identification
WebGL rendererGPU and driver information
Device fingerprinting is collected automatically through the Yuno Web SDK. Direct API integrations must include the device_fingerprint field obtained from the SDK’s getDeviceFingerprint() method.

Behavioral Analytics

Behavioral signals analyze how the customer interacts with the checkout page:
SignalDescriptionRisk Indicator
Typing speedKeystroke timing on form fieldsBot-like speed suggests automation
Mouse patternsMovement trajectories and click patternsLinear paths suggest scripted input
Session durationTime from page load to payment submissionVery fast sessions indicate automated attacks
Copy-paste detectionWhether card data was pasted vs. typedPasted data may indicate carding
Field focus sequenceOrder in which form fields are completedUnusual sequences flag automated tools

Velocity Checks

Velocity checks detect unusual transaction volumes within time windows:
CheckDescription
Transactions per cardNumber of transactions from the same card within a time period
Transactions per emailNumber of transactions from the same email address
Transactions per IPNumber of transactions from the same IP address
Transactions per deviceNumber of transactions from the same device fingerprint
Amount per card per dayTotal transaction value from a card within 24 hours
Unique cards per emailNumber of distinct cards used with the same email
Unique emails per cardNumber of distinct emails used with the same card

Geolocation

Geolocation compares the customer’s IP-derived location against their billing and shipping information:
SignalDescriptionRisk Indicator
IP country vs. billing countryLocation mismatchHigh risk if countries differ significantly
IP city vs. shipping cityDelivery location mismatchModerate risk if distant
VPN/proxy detectionWhether the IP belongs to a known VPN or proxyHigher risk with anonymous IPs
IP reputationHistorical fraud association of the IPKnown bad IPs flag immediately

BIN Analysis

Bank Identification Number (BIN) analysis examines the first 6-8 digits of the card:
SignalDescription
Card typeCredit, debit, or prepaid
Issuing bankThe bank that issued the card
Issuer countryCountry where the card was issued
Card levelStandard, gold, platinum, corporate
Prepaid flagWhether the card is prepaid (higher risk for some merchants)

Aida Fraud Detection

Aida is Yuno’s AI-powered fraud detection engine. It uses machine learning models trained on aggregated transaction data across the Yuno network to detect fraud patterns.

How Aida Works

  1. Feature extraction: Aida extracts 200+ features from each transaction, combining raw signals with computed features (e.g., deviation from customer’s normal spending pattern).
  2. Model scoring: Multiple models evaluate the transaction simultaneously, including supervised models trained on confirmed fraud and unsupervised models detecting anomalies.
  3. Score aggregation: Individual model scores are combined into a single risk score, weighted by model performance on your merchant segment.
  4. Recommendation: Aida outputs a recommendation (approve, decline, review) based on the composite score and your configured thresholds.
Aida’s models improve over time as more transactions flow through your account. Marking transactions as fraudulent in the Dashboard feeds the model and improves accuracy.

Configuring Custom Risk Rules

Custom rules extend the default risk engine with merchant-specific logic. Configure rules in the Dashboard under Risk > Rules.

Rule Structure

Each rule consists of:
  • Conditions: One or more checks that must evaluate to true
  • Action: What to do when all conditions are met
  • Priority: Execution order (lower number = higher priority)
  • Status: Enabled or disabled

Rule Actions

ActionDescription
APPROVESkip further risk checks and approve the transaction
DECLINEReject the transaction immediately
REVIEWFlag for manual review in the Dashboard
3DS_CHALLENGETrigger 3D Secure authentication before proceeding

Creating a Rule

1

Navigate to Dashboard > Risk > Rules

2

Click 'Create Rule'

3

Define conditions using the field selector

Select a field, operator, and value for each condition. Multiple conditions use AND logic.
4

Select the action to apply when conditions match

5

Set priority (1 = highest)

6

Enable the rule and save

Rule Condition Operators

OperatorDescriptionExample
equalsExact matchcard.issuer_country equals US
not_equalsNot equalcard.type not_equals PREPAID
greater_thanNumeric comparisonamount.value greater_than 500
less_thanNumeric comparisonrisk_score less_than 20
inValue in listcustomer.country in [BR, MX, CO]
not_inValue not in listcard.issuer_country not_in [NG, GH]
containsString containscustomer.email contains @tempmail
regexRegular expressioncustomer.phone regex ^\\+55

Common Risk Rule Examples

RuleConditionsActionUse Case
Block disposable emailscustomer.email contains @tempmail OR @throwawayDECLINEPrevent fraud from temporary emails
Low-risk fast approvalrisk_score less_than 15 AND customer.is_returning equals trueAPPROVESpeed up checkout for trusted customers
High-value 3DSamount.value greater_than 10003DS_CHALLENGEExtra verification for large purchases
Prepaid card reviewcard.type equals PREPAID AND amount.value greater_than 200REVIEWManual check for high-value prepaid card transactions
Velocity blockvelocity.card_txn_1h greater_than 5DECLINEBlock rapid-fire card testing
Country mismatchcard.issuer_country not_equals customer.country3DS_CHALLENGEVerify cross-border card usage
VPN detectiondevice.is_vpn equals true AND risk_score greater_than 50REVIEWFlag suspicious VPN usage
New device + high amountdevice.is_new equals true AND amount.value greater_than 5003DS_CHALLENGEExtra check for unfamiliar devices
Trusted BIN approvalcard.bin in [411111, 520000] AND risk_score less_than 30APPROVEFast-track known low-risk BINs
Bot-like behaviorbehavior.session_duration_ms less_than 3000DECLINEBlock automated submissions
Test new rules in sandbox environment before enabling in production. Overly aggressive rules can increase false positives and decline legitimate transactions.

Monitoring Risk Performance

Track the effectiveness of your risk configuration in the Dashboard under Risk > Analytics:

Key Metrics

MetricDescriptionTarget
False positive rateLegitimate transactions incorrectly declinedBelow 2%
Catch rateFraudulent transactions correctly identifiedAbove 90%
Review ratePercentage of transactions sent to manual reviewBelow 5%
3DS challenge ratePercentage of transactions requiring 3DSBelow 15%
Chargeback rateChargebacks as percentage of total transactionsBelow 0.5%

Performance Dashboard

The risk analytics dashboard provides:
  • Real-time score distribution: Histogram of risk scores across transactions
  • Rule hit rates: How often each rule triggers
  • Action breakdown: Distribution of approve, decline, review, and 3DS actions
  • Trend analysis: Risk metrics over time (daily, weekly, monthly)
  • False positive reports: Transactions flagged for review that were later confirmed legitimate

Machine Learning Feedback Loop

Improve Aida’s accuracy by providing feedback on transaction outcomes:
  1. Mark chargebacks: When a chargeback is received, mark the original transaction in Dashboard > Payments.
  2. Resolve reviews: Approve or decline transactions in the manual review queue with the reason.
  3. Report fraud: Flag transactions identified as fraudulent through other channels.
Feedback is incorporated into Aida’s models during periodic retraining. Consistent feedback on both fraudulent and legitimate transactions produces the best model performance.

Best Practices

  • Start with monitoring mode: Enable new rules in “log only” mode before applying actions. Review the logged matches before activating enforcement.
  • Layer rules by priority: Use high-priority rules for known good/bad patterns and lower-priority rules for nuanced checks.
  • Review regularly: Audit rule performance monthly. Disable rules with high false positive rates.
  • Combine signals: Single-signal rules are prone to false positives. Combine multiple conditions (e.g., VPN + high amount + new device) for precision.
  • Avoid over-blocking: Declining too aggressively hurts revenue more than fraud. Prefer 3DS challenges and manual review over outright declines for borderline cases.
  • Feed the model: Consistently mark chargebacks and fraud in the Dashboard to improve Aida’s accuracy over time.

Vertical-Specific Risk Profiles

Different business verticals have fundamentally different risk profiles. Use these benchmarks to calibrate your risk thresholds and rule configurations based on your industry.
VerticalTypical Fraud RateTypical Chargeback RateRecommended Risk ThresholdKey Risk SignalsCommon Attack Vectors
Digital goods1.5-3.0%0.8-1.5%55-65Device fingerprint, session speed, email ageAccount takeover, resale of digital codes, bot purchases
Physical retail0.3-0.8%0.2-0.5%70-80Shipping/billing mismatch, geolocationStolen cards with reshipping, friendly fraud
SaaS / Subscriptions0.5-1.2%0.3-0.8%65-75Card testing velocity, free trial abuse, email domainCard testing on trial signup, subscription fraud
Travel1.0-2.5%0.5-1.2%60-70Booking lead time, one-way trips, last-minute purchasesStolen cards for flights, loyalty fraud
Marketplace0.8-2.0%0.4-1.0%60-70New seller velocity, price anomalies, buyer/seller collusionFake sellers, triangulation fraud

Applying Vertical Profiles

1

Identify your primary vertical

Select the vertical that best matches your business model. If you span multiple verticals (e.g., a marketplace selling digital goods), use the higher-risk profile as your baseline.
2

Set initial risk thresholds

Configure your DECLINE threshold at the recommended level in Dashboard > Risk > Thresholds. Set your REVIEW threshold 10-15 points below the decline threshold (e.g., decline at 65, review at 50).
3

Configure vertical-specific rules

Add custom rules targeting the key risk signals for your vertical. For example, digital goods merchants should add session duration and email age checks; travel merchants should add booking lead time rules.
4

Monitor and adjust over 30 days

Track false positive rate, catch rate, and chargeback rate for 30 days. Adjust thresholds in 5-point increments based on results.
Digital goods merchants should consider implementing a mandatory 3DS challenge for first-time buyers with risk scores above 40, rather than declining outright. This preserves conversion while adding verification for higher-risk transactions.

Vertical-Specific Rule Examples

VerticalRuleConditionsAction
Digital goodsBlock instant delivery fraudsession_duration_ms <5000 AND amount.value greater_than 50 AND product_type equals DIGITALDECLINE
SaaSFree trial card testingvelocity.unique_cards_per_email_24h greater_than 2 AND payment_type equals TRIALDECLINE
TravelLast-minute one-way bookingbooking_lead_days less_than 1 AND trip_type equals ONE_WAY AND amount.value greater_than 5003DS_CHALLENGE
MarketplaceNew seller high-valueseller.account_age_days less_than 30 AND amount.value greater_than 300REVIEW

LatAm Regional Risk Patterns

Latin American markets present unique fraud patterns that require region-specific rules. Configure these alongside your global risk rules for optimal protection.

Brazil

Brazil has the highest digital payment fraud rates in LatAm, driven by the prevalence of CPF identity theft and sophisticated fraud rings targeting digital banks.
PatternDescriptionRecommended Rule
CPF fraudFraudsters use stolen CPF numbers to create accounts and make purchases. Validate CPF against customer identity.customer.document_type equals CPF AND device.is_new equals true AND amount.value greater_than 200 -> REVIEW
Digital bank velocityNeobank cards (Nubank, Inter, C6) see higher fraud velocity due to instant card issuancecard.issuer in [NUBANK, INTER, C6_BANK] AND velocity.card_txn_1h greater_than 3 -> 3DS_CHALLENGE
PIX fraudInstant PIX transfers are used for quick fraud monetizationpayment_method equals PIX AND amount.value greater_than 1000 AND customer.account_age_days less_than 7 -> REVIEW
Boleto fraudFraudulent boleto generation for money launderingpayment_method equals BOLETO AND velocity.boleto_per_email_24h greater_than 3 -> DECLINE
Brazil-specific velocity thresholds:
  • Maximum 5 card transactions per hour per device (vs. 10 global default)
  • Maximum 3 PIX transactions per hour per CPF
  • Maximum R$5,000 total card spend per day per CPF

Mexico

Mexico’s fraud landscape is characterized by identity theft and credential stuffing attacks, particularly targeting e-commerce and digital services.
PatternDescriptionRecommended Rule
CURP/INE identity theftStolen government IDs used for account creationcustomer.country equals MX AND device.is_new equals true AND customer.account_age_days less_than 1 -> 3DS_CHALLENGE
Cross-border card fraudUS-issued cards used with Mexican shipping addressescard.issuer_country equals US AND customer.country equals MX AND amount.value greater_than 300 -> REVIEW
OXXO voucher abuseMultiple OXXO vouchers generated to circumvent card limitspayment_method equals OXXO AND velocity.oxxo_per_email_24h greater_than 2 -> DECLINE
Credential stuffingAutomated login and purchase attemptsbehavior.session_duration_ms less_than 2000 AND device.is_vpn equals true -> DECLINE
Mexico-specific velocity thresholds:
  • Maximum 3 OXXO vouchers per email per 24 hours
  • Maximum MXN 50,000 total card spend per day per device
  • Maximum 8 card transactions per hour per IP address

Colombia

Colombia enforces strict CVV and 3DS requirements, and fraud patterns often involve social engineering and SIM swapping.
PatternDescriptionRecommended Rule
CVV strictnessColombian issuers have zero tolerance for CVV mismatches; always send CVVEnsure CVV is always collected and submitted for Colombian transactions
SIM swap fraudFraudsters port phone numbers to intercept OTPscustomer.country equals CO AND customer.phone_changed_days less_than 7 AND amount.value greater_than 500 -> REVIEW
PSE redirect fraudFraudsters redirect PSE bank transfers using phishingpayment_method equals PSE AND device.is_vpn equals true -> DECLINE
Colombia-specific velocity thresholds:
  • Maximum 3 PSE transactions per email per 24 hours
  • Maximum COP 5,000,000 total spend per day per card
  • Maximum 5 card transactions per hour per device

Argentina

Argentina’s volatile economic environment and currency controls create unique fraud patterns, particularly around installment payments and parallel exchange rate arbitrage.
PatternDescriptionRecommended Rule
Installment fraudFraudsters exploit high-installment plans (12-18 months) with stolen cards, maximizing exposure before detectioncustomer.country equals AR AND installments greater_than 6 AND device.is_new equals true -> 3DS_CHALLENGE
Currency arbitragePurchases made to exploit the gap between official and parallel exchange ratescustomer.country equals AR AND card.issuer_country not_equals AR AND amount.value greater_than 500 -> REVIEW
Prepaid card abusePrepaid cards used for rapid fraud monetizationcard.type equals PREPAID AND customer.country equals AR AND amount.value greater_than 200 -> REVIEW
Argentina-specific velocity thresholds:
  • Maximum 3 installment purchases per card per 24 hours
  • Maximum ARS 500,000 total spend per day per card
  • Maximum 4 card transactions per hour per device
LatAm fraud patterns evolve rapidly. Review and update regional rules quarterly. Monitor the chargeback rate per country in Dashboard > Risk > Analytics filtered by customer.country to detect emerging patterns.