Alert Scores determine the importance of a newly generated alert.
Scores are build on a machine learning model that learns from your previous alerts to determine how important your new alerts are.
Alert Scores work on a scale of 0-100 to provide a numerical value that fraud agents can easily interpret. This value can also be used to triage alerts into alert queues.
Alert Queues can be easily sorted by alert scores, so only the highest priority alerts get the attention they deserve. This makes the process of working through alerts easier and reduces false-positive rates to free up your team’s valuable time.
If you are interested in turning on Alert Scores for your organization, please contact your Unit21 rep. Our expert ML team will create a custom model for you.
Once your model is live, you can find alert scores in the Alerts page. Make sure that the column for Alert Scores is visible by customizing your view:
Alert Scores are based on a vetted machine learning model that is trained on your prior alert dispositions and behaviors.
The Alert score appears in the Summary section of the Alert detail page:
If you want to know how the score is computed, you can click on the Alert score tab:
The tab will show which information from the alert (such as instrument name, age of entity...) we used to compute the alert score:
In this example, the last receiver instrument holds the greatest negative weight in the score computation. Whereas max alert hit transaction holds the greatest positive weight in the alert score:
- Red features contribute to increase Alert Score
- Blue features contribute to decrease Alert Score
Every time you press the Show More button, you will see additional items used in the computation:
Below is a list of all the information Unit21 uses to compute an alert score:
Field used to comp score | Name displayed | Description |
---|---|---|
MAX_TXN_ROW_NUMBER | Max Transaction Row Number | Count of transaction events associated with this Alert Hit |
AVG/MIN/MAX/SUM_ALERT_HIT_TXN _AMOUNT |
Avg, Min, Max, or Sum Alert Hit Transaction Amount | Average, Minimum, Maximum or Sum of transaction amount across all transactions for this Alert Hit |
STDDEV/MEDIAN/KURTOSIS_ALERT_HIT_TXN _AMOUNT |
Standard Deviation, Median, or Kurtosis Alert Hit Transaction Amount | Standard deviation, Median, Kurtosis of transaction amounts across all transactions for this Alert Hit |
ALERT_HIT_TXN_AMOUNT_TOTAL | Alert Hit Transaction Amount Total | Maximum sum of transaction amounts (between current and all prior transactions), across all transactions for this Alert Hit |
AVG/MIN/MAX/SUM_ALERT_HIT_TXN_SENT _AMOUNT |
Avg, Min, Max, Sum Alert Hit Transaction Sent Amount | Average, Minimum, Maximum or Sum of sent amount across all transactions for this Alert Hit |
AVG/MIN/MAX/SUM_ALERT_HIT_TXN_RECEIVED _AMOUNT |
Avg, Min, Max, Sum Alert Hit Transaction Received Amount | Average, Minimum, Maximum or Sum of received amount across all transactions for this Alert Hit |
AVG/MIN/MAX/SUM_ALERT_HIT_TXN_INTERNAL _FEE |
Avg, Min, Max, Sum Alert Hit Transaction Internal Fee | Average, Minimum, Maximum or Sum of internal fee across all transactions for this Alert Hit |
AVG/MIN/MAX/SUM_ALERT_HIT_TXN_EXTERNAL _FEE |
Avg, Min, Max, Sum Alert Hit Transaction External Fee | Average, Minimum, Maximum or Sum of external fee across all transactions for this Alert Hit |
SUM_EVENT_TYPE_ACTION | Sum Event Type Action | Count of all actions associated with the alert hit |
SUM_EVENT_TYPE_TXN | Sum Event Type Transaction | Count of all the transaction events associated with this alert hit |
DISTINCT_EVENT | Distinct Event | Count of events associated with this Alert Hit |
DISTINCT_EVENT_QA | Distinct Event Qa | Count of events associated with this Alert Hit |
DISTINCT_DEVICE | Distinct Device | Count of distinct device IDs across all transaction events for this Alert Hit |
DISTINCT_SENDER/RECEIVER_ENTITY_ID | Distinct Sender, Receiver Entity Id | Count of distinct sender or receiver entity IDs across all transactions for this Alert Hit |
DISTINCT_ENTITY_ID | Distinct Entity Id | Count of distinct entity IDs across all events associated with this Alert Hit |
TOTAL_ALERT_HITS | Total Alert Hits | Count of Alert Hits for this Alert that have occurred prior (in terms of most recent transaction event time) to the current Alert Hit |
ALERT_HIT_MOST_RECENT_TXN_AMOUNT | Alert Hit Most Recent Transaction Amount | Most recent transaction amount for this Alert Hit |
ALERT_HIT_TYPE | Alert Hit Type | The type of the current Alert Hit |
ALERT_STATUS | Alert Status | The status of the current Alert |
ALERT_DISPOSITION | Alert Disposition | The disposition of the current Alert |
DISTINCT_ENTITY_CNT | Distinct Entity Count | Count of distinct Entity IDs across all entities associated with this Alert Hit |
DISTINCT_ENTITY_STATUS_CNT | Distinct Entity Status Count | Count of distinct Entity statuses across all entities associated with this Alert Hit |
DISTINCT_ENTITY_TYPE_CNT | Distinct Entity Type Count | Count of distinct Entity types across all entities associated with this Alert Hit |
MIN/MAX_ENTITY_REGISTERED_AT | Min, Max Entity Registered At | Earliest or Latest Entity registration time across all entities associated with this Alert Hit |
DISTINCT_ENTITY_ADDRESS/STREET/CITY/ STATE/ZIP/COUNTRY_CNT |
Distinct Entity Address, Street, City, State, Zip, Country Count | Count of distinct Address IDs, street, cities, states, zip codes, or countries across all entities associated with this Alert Hit |
DISTINCT_DEVICE_TYPE/STATUS/OS/ MANUFACTURER/NETWORK_CNT | Distinct Device Type, Status, OS Name, Manufacturer, Network Carrier Count | Count of distinct Device types, statuses, OS names, manufacturers, or network carriers across all events associated with this Alert Hit |
DISTINCT_DEVICES_CNT | Distinct Devices Count | Count of distinct Device IDs across all events associated with this Alert Hit |
DISTINCT_EVENT_IP_ADDRESS/EMAIL_CNT | Distinct Event IP Address, Email Count | Count of distinct IP addresses or email addresses (created prior to the last event and for the last entity) across all events associated with this Alert Hit |
DISTINCT_ENTITY_TRIMMED_EMAIL_CNT | Distinct Entity Trimmed Email Count | Count of distinct email addresses (created prior to the last event, for the last entity, and after removing whitespace characters) associated with this Alert Hit |
DISTINCT_ENTITY_DEDUPED_EMAIL_1/2_CNT | Distinct Entity Deduped Email 1,2 Count | Count of distinct email addresses (created prior to the last event, for the last entity, and after removing ., +, and whitespace characters or removing RFC 3696 special characters) associated with this Alert Hit |
MIN/MAX_ENTITY_SPECIAL_CHARS_COUNT_1/2 | Min, Max Entity Special Chars Count 1, 2 | Minimum or Maximum count of (., +, or whitespace or RFC 3696 special) characters across all email addresses (created prior to the last event and for the last entity) associated with this Alert Hit |
MIN/MAX_ENTITY_EMAIL_CREATED_AT _DIFF_IN_SECONDS |
Min, Max Entity Email Created At Diff In Seconds | Minimum difference in seconds between when an entity and its email address were created, across all email addresses (created prior to the last event and for the last entity) associated with this Alert Hit |
TOTAL_ENTITY_WITH_SIMILAR_EMAIL_1/2 | Total Entity With Similar Email 1, 2 | Count of email addresses matching and created prior to this email address (created prior to the last event, for the last entity, and after removing ., +, and whitespace characters or removing RFC 3696 special characters) associated with this Alert Hit |
DISTINCT_SENDER/RECEIVER_EMAIL_CNT | Distinct Sender, Receiver Email Count | Count of distinct sender or receiver email addresses (created prior to the last event and for the last sender entity) associated with this Alert Hit |
DISTINCT_SENDER/RECEIVER_TRIMMED _EMAIL_CNT |
Distinct Sender, Receiver Trimmed Email Count | Count of distinct sender or receiver email addresses (created prior to the last event, for the last sender entity, and after removing whitespace characters) associated with this Alert Hit |
DISTINCT_SENDER/RECEIVER_DEDUPED _EMAIL_1/2_CNT |
Distinct Sender, Receiver Deduped Email 1, 2 Count | Count of distinct sender or receiver email addresses (created prior to the last event, for the last sender entity, and after removing ., +, and whitespace characters or removing RFC 3696 special characters) associated with this Alert Hit |
MIN/MAX_SENDER/RECEIVER_SPECIAL _CHARS_COUNT_1/2 |
Min, Max Sender, Receiver Special Chars Count 1, 2 | Minimum or Maximum count of (., +, or whitespace) characters across all sender or receiver email addresses (created prior to the last event and for the last sender entity) associated with this Alert Hit |
MIN/MAX_SENDER/RECEIVER_EMAIL _CREATED_AT_DIFF_IN_SECONDS |
Min, Max Sender, Receiver Email Created At Diff In Seconds | Minimum or Maximum count of (RFC 3696 special) characters across all sender or receiver email addresses (created prior to the last event and for the last sender entity) associated with this Alert Hit |
TOTAL_SENDER/RECEIVER_WITH_SIMILAR _EMAIL_1/2 |
Total Sender, Receiver With Similar Email 1, 2 | Count of email addresses matching and created prior to this receiver email address (created prior to the last event, for the last receiver entity, and after removing ., +, and whitespace characters or removing RFC 3696 special characters) associated with this Alert Hit |
LAST_SENDER/RECEIVER_INSTRUMENT _NAME/SOURCE/GATEWAY/TYPE/ SUBTYPE/STATUS/CUSTOM |
Last Sender, Receiver Instrument Name, Source, Gateway, Type, Subtype, Status, Custom | Instrument custom data, status, subtype, type, gateway, source or name of the sender or receiver entity for the last transaction event of this Alert Hit |
ENTITY_REGISTERED_AT_DIFF_IN_DAYS | Entity Registered At Diff In Days | Difference in days between earliest and latest registration times across all entities associated with this Alert Hit |
TRANSACTION_SPAN_IN_HOURS/DAYS | Transaction Span In Hours, Days | Difference in hours or days between earliest and latest event times for transactions in this Alert Hit |
MAX/MIN_ACCOUNT_TENURE_IN_DAYS | Max, Min Account Tenure In Days | Difference in days between oldest or newest registered Entity and most recent event time in this Alert Hit |
AVG_EVENTS_PER_HOUR/DAY | Avg Events Per Hour, Day | Average number of distinct events per day or per hour for this Alert Hit |
AVG_DISTINCT_EVENT_IP_ADDRESS_PER _HOUR/DAY |
Avg Distinct Event IP Address Per Hour, Day | Average number of distinct IP addresses per day or per hour for this Alert Hit |