Merchant Behavior & Risk Scoring

Risk Scoring is the mathematical output of the Detection Pipeline. It aggregates hundreds of signals into a single Risk Score (usually 0-100 or 0-1000) that determines the fate of a transaction or merchant account.

📊 The Scoring Model

Rule-Based vs. Machine Learning

Rule-Based (Deterministic)
- Logic: IF MCC = 5967 AND Volume > $10k/day THEN Flag for Review.
- Pros: Transparent, easy to explain to regulators.
- Cons: Rigid, easy for cloakers to reverse-engineer (e.g., they will just process $9,999).
Machine Learning (Probabilistic)
- Logic: "This merchant's behavior resembles 85% of known fraud cases from the last year."
- Pros: Detects complex, non-linear patterns; adapts to new evasion tactics.
- Cons: "Black Box" logic; harder to explain specific reasons for rejection.

📈 Behavioral Risk Factors

Models look for deviations from the "Norm".

1. The "Newborn Giant"

Pattern: A merchant account created 24 hours ago immediately starts processing the maximum allowed volume (e.g., $50k/day).
Risk: High. Legitimate businesses usually "ramp up" slowly as they build a customer base.
Likelihood: Transaction Laundering or Card Testing.

2. The "Midnight Florist"

Pattern: A business with standard hours (e.g., Florist, Bakery) processes 80% of its transactions between 2 AM and 4 AM.
Risk: High. Suggests the customers are in a different time zone (offshore) or the business nature is different (e.g., adult content consumed at night).

3. The "Perfectly Round" Ticket

Pattern: 90% of transactions are exactly $50.00, $100.00, or $200.00.
Risk: Medium/High.
Reality: E-commerce usually has tax, shipping, and random pricing ($49.95, $102.50). Round numbers suggest "Wallet Loading", "Crypto Purchases", or "Donations" disguised as retail.

🤖 Anomaly Detection Algorithms

Clustering (K-Means)

The engine groups merchants by behavior.

Cluster A: "Normal Clothing Stores" (Avg Ticket $40, 2% Returns, Day-time traffic).
Cluster B: "Suspected Cloakers" (Avg Ticket $150, 0% Returns, Night-time traffic).
Action: If a new merchant falls into Cluster B, they are auto-flagged.

Isolation Forests

Used to find outliers.

The algorithm isolates observations by randomly selecting a feature and splitting.
Merchants that are "easy to isolate" (few splits needed) are anomalies compared to the rest of the dataset.

Merchant Behavior & Risk Scoring ​

📊 The Scoring Model ​

Rule-Based vs. Machine Learning ​

📈 Behavioral Risk Factors ​

1. The "Newborn Giant" ​

2. The "Midnight Florist" ​

3. The "Perfectly Round" Ticket ​

🤖 Anomaly Detection Algorithms ​

Clustering (K-Means) ​

Isolation Forests ​