Alert Scores

Alert Scores determine the importance of a newly generated alert.

Scores are build on a machine learning model that learns from your previous alerts to determine how important your new alerts are.

Alert Scores work on a scale of 0-100 to provide a numerical value that fraud agents can easily interpret. This value can also be used to triage alerts into alert queues.

Alert Queues can be easily sorted by alert scores, so only the highest priority alerts get the attention they deserve. This makes the process of working through alerts easier and reduces false-positive rates to free up your team’s valuable time.

📘

If you are interested in turning on Alert Scores for your organization, please contact your Unit21 rep. Our expert ML team will create a custom model for you.

Once your model is live, you can find alert scores in the Alerts page. Make sure that the column for Alert Scores is visible by customizing your view:

16001600

Alert Scores are based on a vetted machine learning model that is trained on your prior alert dispositions and behaviors.

The Alert score appears in the Summary section of the Alert detail page:

15411541

If you want to know how the score is computed, you can click on the Alert score tab:

15411541

The tab will show which information from the alert (such as instrument name, age of entity...) we used to compute the alert score:

15301530

In this example, the last receiver instrument holds the greatest negative weight in the score computation. Whereas max alert hit transaction holds the greatest positive weight in the alert score:

  • Red features contribute to increase Alert Score
  • Blue features contribute to decrease Alert Score
15301530

Every time you press the Show More button, you will see additional items used in the computation:

15301530

Below is a list of all the information Unit21 uses to compute an alert score:

Field used to comp score

Name displayed

Description

MAX_TXN_ROW_NUMBER

Max Transaction Row Number

Count of transaction events associated with this Alert Hit

AVG/MIN/MAX/SUM_ALERT_HIT_TXN
_AMOUNT

Avg, Min, Max, or Sum Alert Hit Transaction Amount

Average, Minimum, Maximum or Sum of transaction amount across all transactions for this Alert Hit

STDDEV/MEDIAN/KURTOSIS_ALERT_HIT_TXN
_AMOUNT

Standard Deviation, Median, or Kurtosis Alert Hit Transaction Amount

Standard deviation, Median, Kurtosis of transaction amounts across all transactions for this Alert Hit

ALERT_HIT_TXN_AMOUNT_TOTAL

Alert Hit Transaction Amount Total

Maximum sum of transaction amounts (between current and all prior transactions), across all transactions for this Alert Hit

AVG/MIN/MAX/SUM_ALERT_HIT_TXN_SENT
_AMOUNT

Avg, Min, Max, Sum Alert Hit Transaction Sent Amount

Average, Minimum, Maximum or Sum of sent amount across all transactions for this Alert Hit

AVG/MIN/MAX/SUM_ALERT_HIT_TXN_RECEIVED
_AMOUNT

Avg, Min, Max, Sum Alert Hit Transaction Received Amount

Average, Minimum, Maximum or Sum of received amount across all transactions for this Alert Hit

AVG/MIN/MAX/SUM_ALERT_HIT_TXN_INTERNAL
_FEE

Avg, Min, Max, Sum Alert Hit Transaction Internal Fee

Average, Minimum, Maximum or Sum of internal fee across all transactions for this Alert Hit

AVG/MIN/MAX/SUM_ALERT_HIT_TXN_EXTERNAL
_FEE

Avg, Min, Max, Sum Alert Hit Transaction External Fee

Average, Minimum, Maximum or Sum of external fee across all transactions for this Alert Hit

SUM_EVENT_TYPE_ACTION

Sum Event Type Action

Count of all actions associated with the alert hit

SUM_EVENT_TYPE_TXN

Sum Event Type Transaction

Count of all the transaction events associated with this alert hit

DISTINCT_EVENT

Distinct Event

Count of events associated with this Alert Hit

DISTINCT_EVENT_QA

Distinct Event Qa

Count of events associated with this Alert Hit

DISTINCT_DEVICE

Distinct Device

Count of distinct device IDs across all transaction events for this Alert Hit

DISTINCT_SENDER/RECEIVER_ENTITY_ID

Distinct Sender, Receiver Entity Id

Count of distinct sender or receiver entity IDs across all transactions for this Alert Hit

DISTINCT_ENTITY_ID

Distinct Entity Id

Count of distinct entity IDs across all events associated with this Alert Hit

TOTAL_ALERT_HITS

Total Alert Hits

Count of Alert Hits for this Alert that have occurred prior (in terms of most recent transaction event time) to the current Alert Hit

ALERT_HIT_MOST_RECENT_TXN_AMOUNT

Alert Hit Most Recent Transaction Amount

Most recent transaction amount for this Alert Hit

ALERT_HIT_TYPE

Alert Hit Type

The type of the current Alert Hit

ALERT_STATUS

Alert Status

The status of the current Alert

ALERT_DISPOSITION

Alert Disposition

The disposition of the current Alert

DISTINCT_ENTITY_CNT

Distinct Entity Count

Count of distinct Entity IDs across all entities associated with this Alert Hit

DISTINCT_ENTITY_STATUS_CNT

Distinct Entity Status Count

Count of distinct Entity statuses across all entities associated with this Alert Hit

DISTINCT_ENTITY_TYPE_CNT

Distinct Entity Type Count

Count of distinct Entity types across all entities associated with this Alert Hit

MIN/MAX_ENTITY_REGISTERED_AT

Min, Max Entity Registered At

Earliest or Latest Entity registration time across all entities associated with this Alert Hit

DISTINCT_ENTITY_ADDRESS/STREET/CITY/
STATE/ZIP/COUNTRY_CNT

Distinct Entity Address, Street, City, State, Zip, Country Count

Count of distinct Address IDs, street, cities, states, zip codes, or countries across all entities associated with this Alert Hit

DISTINCT_DEVICE_TYPE/STATUS/OS/ MANUFACTURER/NETWORK_CNT

Distinct Device Type, Status, OS Name, Manufacturer, Network Carrier Count

Count of distinct Device types, statuses, OS names, manufacturers, or network carriers across all events associated with this Alert Hit

DISTINCT_DEVICES_CNT

Distinct Devices Count

Count of distinct Device IDs across all events associated with this Alert Hit

DISTINCT_EVENT_IP_ADDRESS/EMAIL_CNT

Distinct Event IP Address, Email Count

Count of distinct IP addresses or email addresses (created prior to the last event and for the last entity) across all events associated with this Alert Hit

DISTINCT_ENTITY_TRIMMED_EMAIL_CNT

Distinct Entity Trimmed Email Count

Count of distinct email addresses (created prior to the last event, for the last entity, and after removing whitespace characters) associated with this Alert Hit

DISTINCT_ENTITY_DEDUPED_EMAIL_1/2_CNT

Distinct Entity Deduped Email 1,2 Count

Count of distinct email addresses (created prior to the last event, for the last entity, and after removing ., +, and whitespace characters or removing RFC 3696 special characters) associated with this Alert Hit

MIN/MAX_ENTITY_SPECIAL_CHARS_COUNT_1/2

Min, Max Entity Special Chars Count 1, 2

Minimum or Maximum count of (., +, or whitespace or RFC 3696 special) characters across all email addresses (created prior to the last event and for the last entity) associated with this Alert Hit

MIN/MAX_ENTITY_EMAIL_CREATED_AT
_DIFF_IN_SECONDS

Min, Max Entity Email Created At Diff In Seconds

Minimum difference in seconds between when an entity and its email address were created, across all email addresses (created prior to the last event and for the last entity) associated with this Alert Hit

TOTAL_ENTITY_WITH_SIMILAR_EMAIL_1/2

Total Entity With Similar Email 1, 2

Count of email addresses matching and created prior to this email address (created prior to the last event, for the last entity, and after removing ., +, and whitespace characters or removing RFC 3696 special characters) associated with this Alert Hit

DISTINCT_SENDER/RECEIVER_EMAIL_CNT

Distinct Sender, Receiver Email Count

Count of distinct sender or receiver email addresses (created prior to the last event and for the last sender entity) associated with this Alert Hit

DISTINCT_SENDER/RECEIVER_TRIMMED
_EMAIL_CNT

Distinct Sender, Receiver Trimmed Email Count

Count of distinct sender or receiver email addresses (created prior to the last event, for the last sender entity, and after removing whitespace characters) associated with this Alert Hit

DISTINCT_SENDER/RECEIVER_DEDUPED
_EMAIL_1/2_CNT

Distinct Sender, Receiver Deduped Email 1, 2 Count

Count of distinct sender or receiver email addresses (created prior to the last event, for the last sender entity, and after removing ., +, and whitespace characters or removing RFC 3696 special characters) associated with this Alert Hit

MIN/MAX_SENDER/RECEIVER_SPECIAL
_CHARS_COUNT_1/2

Min, Max Sender, Receiver Special Chars Count 1, 2

Minimum or Maximum count of (., +, or whitespace) characters across all sender or receiver email addresses (created prior to the last event and for the last sender entity) associated with this Alert Hit

MIN/MAX_SENDER/RECEIVER_EMAIL
_CREATED_AT_DIFF_IN_SECONDS

Min, Max Sender, Receiver Email Created At Diff In Seconds

Minimum or Maximum count of (RFC 3696 special) characters across all sender or receiver email addresses (created prior to the last event and for the last sender entity) associated with this Alert Hit

TOTAL_SENDER/RECEIVER_WITH_SIMILAR
_EMAIL_1/2

Total Sender, Receiver With Similar Email 1, 2

Count of email addresses matching and created prior to this receiver email address (created prior to the last event, for the last receiver entity, and after removing ., +, and whitespace characters or removing RFC 3696 special characters) associated with this Alert Hit

LAST_SENDER/RECEIVER_INSTRUMENT
_NAME/SOURCE/GATEWAY/TYPE/
SUBTYPE/STATUS/CUSTOM

Last Sender, Receiver Instrument Name, Source, Gateway, Type, Subtype, Status, Custom

Instrument custom data, status, subtype, type, gateway, source or name of the sender or receiver entity for the last transaction event of this Alert Hit

ENTITY_REGISTERED_AT_DIFF_IN_DAYS

Entity Registered At Diff In Days

Difference in days between earliest and latest registration times across all entities associated with this Alert Hit

TRANSACTION_SPAN_IN_HOURS/DAYS

Transaction Span In Hours, Days

Difference in hours or days between earliest and latest event times for transactions in this Alert Hit

MAX/MIN_ACCOUNT_TENURE_IN_DAYS

Max, Min Account Tenure In Days

Difference in days between oldest or newest registered Entity and most recent event time in this Alert Hit

AVG_EVENTS_PER_HOUR/DAY

Avg Events Per Hour, Day

Average number of distinct events per day or per hour for this Alert Hit

AVG_DISTINCT_EVENT_IP_ADDRESS_PER
_HOUR/DAY

Avg Distinct Event IP Address Per Hour, Day

Average number of distinct IP addresses per day or per hour for this Alert Hit


Did this page help you?