Alert Scores overview

mwiug-opej9.gif

Alert Scores determine the importance of a newly generated alert.

Scores are build on a machine learning model that learns from your previous alerts to determine how important your new alerts are.

Alert Scores work on a scale of 0-100 to provide a numerical value that fraud agents can easily interpret. This value can also be used to triage alerts into alert queues.

Alert Queues can be easily sorted by alert scores, so only the highest priority alerts get the attention they deserve. This makes the process of working through alerts easier and reduces false-positive rates to free up your team’s valuable time.

If you are interested in turning on Alert Scores for your organization, please contact your Unit21 rep. Our expert ML team will create a custom model for you.

Once your model is live, you can find alert scores in the Alerts page. Make sure that the column for Alert Scores is visible by customizing your view:

Alert-Scores-1.png

Alert Scores are based on a vetted machine learning model that is trained on your prior alert dispositions and behaviors.

The Alert score appears in the Summary section of the Alert detail page:

Alert-Scores-2.png

If you want to know how the score is computed, you can click on the Alert score tab:

Alert-Scores-3.png

The tab will show which information from the alert (such as instrument name, age of entity...) we used to compute the alert score:

Alert-Scores-4.png

In this example, the last receiver instrument holds the greatest negative weight in the score computation. Whereas max alert hit transaction holds the greatest positive weight in the alert score:

  • Red features contribute to increase Alert Score
  • Blue features contribute to decrease Alert Score

Alert-Scores-5.png

Every time you press the Show More button, you will see additional items used in the computation:

Alert-Scores-6.png

Below is a list of all the information Unit21 uses to compute an alert score:

Field used to comp score Name displayed Description
MAX_TXN_ROW_NUMBER Max Transaction Row Number Count of transaction events associated with this Alert Hit
AVG/MIN/MAX/SUM_ALERT_HIT_TXN
_AMOUNT
Avg, Min, Max, or Sum Alert Hit Transaction Amount Average, Minimum, Maximum or Sum of transaction amount across all transactions for this Alert Hit
STDDEV/MEDIAN/KURTOSIS_ALERT_HIT_TXN
_AMOUNT
Standard Deviation, Median, or Kurtosis Alert Hit Transaction Amount Standard deviation, Median, Kurtosis of transaction amounts across all transactions for this Alert Hit
ALERT_HIT_TXN_AMOUNT_TOTAL Alert Hit Transaction Amount Total Maximum sum of transaction amounts (between current and all prior transactions), across all transactions for this Alert Hit
AVG/MIN/MAX/SUM_ALERT_HIT_TXN_SENT
_AMOUNT
Avg, Min, Max, Sum Alert Hit Transaction Sent Amount Average, Minimum, Maximum or Sum of sent amount across all transactions for this Alert Hit
AVG/MIN/MAX/SUM_ALERT_HIT_TXN_RECEIVED
_AMOUNT
Avg, Min, Max, Sum Alert Hit Transaction Received Amount Average, Minimum, Maximum or Sum of received amount across all transactions for this Alert Hit
AVG/MIN/MAX/SUM_ALERT_HIT_TXN_INTERNAL
_FEE
Avg, Min, Max, Sum Alert Hit Transaction Internal Fee Average, Minimum, Maximum or Sum of internal fee across all transactions for this Alert Hit
AVG/MIN/MAX/SUM_ALERT_HIT_TXN_EXTERNAL
_FEE
Avg, Min, Max, Sum Alert Hit Transaction External Fee Average, Minimum, Maximum or Sum of external fee across all transactions for this Alert Hit
SUM_EVENT_TYPE_ACTION Sum Event Type Action Count of all actions associated with the alert hit
SUM_EVENT_TYPE_TXN Sum Event Type Transaction Count of all the transaction events associated with this alert hit
DISTINCT_EVENT Distinct Event Count of events associated with this Alert Hit
DISTINCT_EVENT_QA Distinct Event Qa Count of events associated with this Alert Hit
DISTINCT_DEVICE Distinct Device Count of distinct device IDs across all transaction events for this Alert Hit
DISTINCT_SENDER/RECEIVER_ENTITY_ID Distinct Sender, Receiver Entity Id Count of distinct sender or receiver entity IDs across all transactions for this Alert Hit
DISTINCT_ENTITY_ID Distinct Entity Id Count of distinct entity IDs across all events associated with this Alert Hit
TOTAL_ALERT_HITS Total Alert Hits Count of Alert Hits for this Alert that have occurred prior (in terms of most recent transaction event time) to the current Alert Hit
ALERT_HIT_MOST_RECENT_TXN_AMOUNT Alert Hit Most Recent Transaction Amount Most recent transaction amount for this Alert Hit
ALERT_HIT_TYPE Alert Hit Type The type of the current Alert Hit
ALERT_STATUS Alert Status The status of the current Alert
ALERT_DISPOSITION Alert Disposition The disposition of the current Alert
DISTINCT_ENTITY_CNT Distinct Entity Count Count of distinct Entity IDs across all entities associated with this Alert Hit
DISTINCT_ENTITY_STATUS_CNT Distinct Entity Status Count Count of distinct Entity statuses across all entities associated with this Alert Hit
DISTINCT_ENTITY_TYPE_CNT Distinct Entity Type Count Count of distinct Entity types across all entities associated with this Alert Hit
MIN/MAX_ENTITY_REGISTERED_AT Min, Max Entity Registered At Earliest or Latest Entity registration time across all entities associated with this Alert Hit
DISTINCT_ENTITY_ADDRESS/STREET/CITY/
STATE/ZIP/COUNTRY_CNT
Distinct Entity Address, Street, City, State, Zip, Country Count Count of distinct Address IDs, street, cities, states, zip codes, or countries across all entities associated with this Alert Hit
DISTINCT_DEVICE_TYPE/STATUS/OS/ MANUFACTURER/NETWORK_CNT Distinct Device Type, Status, OS Name, Manufacturer, Network Carrier Count Count of distinct Device types, statuses, OS names, manufacturers, or network carriers across all events associated with this Alert Hit
DISTINCT_DEVICES_CNT Distinct Devices Count Count of distinct Device IDs across all events associated with this Alert Hit
DISTINCT_EVENT_IP_ADDRESS/EMAIL_CNT Distinct Event IP Address, Email Count Count of distinct IP addresses or email addresses (created prior to the last event and for the last entity) across all events associated with this Alert Hit
DISTINCT_ENTITY_TRIMMED_EMAIL_CNT Distinct Entity Trimmed Email Count Count of distinct email addresses (created prior to the last event, for the last entity, and after removing whitespace characters) associated with this Alert Hit
DISTINCT_ENTITY_DEDUPED_EMAIL_1/2_CNT Distinct Entity Deduped Email 1,2 Count Count of distinct email addresses (created prior to the last event, for the last entity, and after removing ., +, and whitespace characters or removing RFC 3696 special characters) associated with this Alert Hit
MIN/MAX_ENTITY_SPECIAL_CHARS_COUNT_1/2 Min, Max Entity Special Chars Count 1, 2 Minimum or Maximum count of (., +, or whitespace or RFC 3696 special) characters across all email addresses (created prior to the last event and for the last entity) associated with this Alert Hit
MIN/MAX_ENTITY_EMAIL_CREATED_AT
_DIFF_IN_SECONDS
Min, Max Entity Email Created At Diff In Seconds Minimum difference in seconds between when an entity and its email address were created, across all email addresses (created prior to the last event and for the last entity) associated with this Alert Hit
TOTAL_ENTITY_WITH_SIMILAR_EMAIL_1/2 Total Entity With Similar Email 1, 2 Count of email addresses matching and created prior to this email address (created prior to the last event, for the last entity, and after removing ., +, and whitespace characters or removing RFC 3696 special characters) associated with this Alert Hit
DISTINCT_SENDER/RECEIVER_EMAIL_CNT Distinct Sender, Receiver Email Count Count of distinct sender or receiver email addresses (created prior to the last event and for the last sender entity) associated with this Alert Hit
DISTINCT_SENDER/RECEIVER_TRIMMED
_EMAIL_CNT
Distinct Sender, Receiver Trimmed Email Count Count of distinct sender or receiver email addresses (created prior to the last event, for the last sender entity, and after removing whitespace characters) associated with this Alert Hit
DISTINCT_SENDER/RECEIVER_DEDUPED
_EMAIL_1/2_CNT
Distinct Sender, Receiver Deduped Email 1, 2 Count Count of distinct sender or receiver email addresses (created prior to the last event, for the last sender entity, and after removing ., +, and whitespace characters or removing RFC 3696 special characters) associated with this Alert Hit
MIN/MAX_SENDER/RECEIVER_SPECIAL
_CHARS_COUNT_1/2
Min, Max Sender, Receiver Special Chars Count 1, 2 Minimum or Maximum count of (., +, or whitespace) characters across all sender or receiver email addresses (created prior to the last event and for the last sender entity) associated with this Alert Hit
MIN/MAX_SENDER/RECEIVER_EMAIL
_CREATED_AT_DIFF_IN_SECONDS
Min, Max Sender, Receiver Email Created At Diff In Seconds Minimum or Maximum count of (RFC 3696 special) characters across all sender or receiver email addresses (created prior to the last event and for the last sender entity) associated with this Alert Hit
TOTAL_SENDER/RECEIVER_WITH_SIMILAR
_EMAIL_1/2
Total Sender, Receiver With Similar Email 1, 2 Count of email addresses matching and created prior to this receiver email address (created prior to the last event, for the last receiver entity, and after removing ., +, and whitespace characters or removing RFC 3696 special characters) associated with this Alert Hit
LAST_SENDER/RECEIVER_INSTRUMENT
_NAME/SOURCE/GATEWAY/TYPE/
SUBTYPE/STATUS/CUSTOM
Last Sender, Receiver Instrument Name, Source, Gateway, Type, Subtype, Status, Custom Instrument custom data, status, subtype, type, gateway, source or name of the sender or receiver entity for the last transaction event of this Alert Hit
ENTITY_REGISTERED_AT_DIFF_IN_DAYS Entity Registered At Diff In Days Difference in days between earliest and latest registration times across all entities associated with this Alert Hit
TRANSACTION_SPAN_IN_HOURS/DAYS Transaction Span In Hours, Days Difference in hours or days between earliest and latest event times for transactions in this Alert Hit
MAX/MIN_ACCOUNT_TENURE_IN_DAYS Max, Min Account Tenure In Days Difference in days between oldest or newest registered Entity and most recent event time in this Alert Hit
AVG_EVENTS_PER_HOUR/DAY Avg Events Per Hour, Day Average number of distinct events per day or per hour for this Alert Hit
AVG_DISTINCT_EVENT_IP_ADDRESS_PER
_HOUR/DAY
Avg Distinct Event IP Address Per Hour, Day Average number of distinct IP addresses per day or per hour for this Alert Hit
Was this article helpful?
0 out of 0 found this helpful