What Is a Risk Score? How Fraud Risk Scoring Works
Matt King
January 8, 2026
A fraud risk score is a numerical value — typically between 0 and 1 — that represents the probability a user or transaction is fraudulent. A score of 0.0 means no risk detected. A score of 1.0 means the highest possible risk. Every signal available (email validity, IP reputation, geolocation, behavioural patterns) feeds into this single number.
Risk scoring replaces the impossible task of manually evaluating dozens of fraud signals with a single, actionable metric.
How Risk Scores Are Calculated
Risk scoring uses a weighted algorithm. Each fraud signal has a weight based on how predictive it is, and a value based on the specific request being evaluated.
The Signals
Here are the most common inputs to a fraud risk score:
| Signal | Weight | Reasoning |
|---|---|---|
| Disposable email | High (0.3-0.4) | One of the strongest individual fraud predictors |
| Invalid DNS | High (0.3-0.4) | Email domain cannot receive mail — almost certainly fake |
| Tor exit node | High (0.25-0.35) | Strong anonymization, frequently used in fraud |
| VPN detected | Medium (0.1-0.2) | Many legitimate uses, but correlates with fraud |
| Proxy detected | Medium (0.15-0.25) | Less common than VPN, slightly higher fraud correlation |
| Country mismatch | Medium (0.15-0.25) | IP country differs from billing country |
| Data center IP | Medium (0.15-0.2) | Often indicates automated/bot traffic |
| Domain age < 30 days | Low-Medium (0.1-0.15) | New domains have less reputation data |
| Free email provider | Low (0.05) | Normal for consumers, mild signal for B2B |
The Calculation
The basic approach is weighted addition with normalization:
raw_score = (signal_1 × weight_1) + (signal_2 × weight_2) + ... + (signal_n × weight_n)
risk_score = min(raw_score, 1.0)
For example, a user with a disposable email (0.4) and a VPN (0.15) scores 0.55 — moderate risk. Add a geographic mismatch (0.2) and the score jumps to 0.75 — high risk.
Fidro's API calculates this automatically and returns the composite score alongside individual signal data:
{
"email": "user@mailinator.com",
"disposable": true,
"dns_valid": true,
"risk_score": 0.72,
"ip": {
"vpn": true,
"country": "RO"
}
}
Using Risk Scores: The Threshold Framework
Risk scores become actionable through thresholds that map scores to responses:
Conservative Thresholds (Recommended Starting Point)
| Score Range | Action | Rationale |
|---|---|---|
| 0.0 - 0.3 | Allow | Low risk. Process normally. |
| 0.3 - 0.6 | Monitor | Elevated risk. Allow but flag for review if a dispute is filed. |
| 0.6 - 0.8 | Add Friction | High risk. Require additional verification (phone, CAPTCHA, card on file). |
| 0.8 - 1.0 | Block | Very high risk. Reject the action and redirect to support. |
Implementation Example
const validation = await fidro.validate(email, ip);
const score = validation.risk_score;
if (score >= 0.8) {
return res.status(422).json({ error: 'Please contact support to complete signup.' });
}
if (score >= 0.6) {
return res.json({ action: 'verify_phone', reason: 'additional_verification_required' });
}
if (score >= 0.3) {
// Allow but flag
await flagAccount(user.id, 'elevated_risk', score);
}
// Score < 0.3: proceed normally
Tuning Your Thresholds
Start with the conservative thresholds above and adjust based on two metrics:
False Positive Rate
Legitimate users blocked or unnecessarily challenged. If this exceeds 1-2%, your thresholds are too aggressive.
Fix: Raise your blocking threshold (e.g., 0.8 → 0.85) or move some blocks to friction instead.
False Negative Rate
Fraudulent users that slip through. Measured by chargebacks, abuse reports, and manual fraud reviews.
Fix: Lower your monitoring threshold (e.g., 0.3 → 0.25) or add new signals to your scoring model.
The Two-Week Rule
Run any threshold change in monitoring mode for two weeks before enforcing it. Log what would be blocked, review the flagged accounts, and adjust before going live.
Risk Scores vs Binary Rules
Some fraud detection systems use binary rules: "if VPN, block" or "if disposable email, reject." Risk scores are superior because:
- Nuance — A VPN alone is not fraud. A VPN + disposable email + new domain is. Scores capture this nuance.
- Fewer false positives — Binary rules block entire categories of users. Scores allow graduated responses.
- Adaptability — Adjusting a threshold is one number change. Adjusting binary rules means rewriting logic.
- Transparency — A score of 0.72 tells you how risky something is. "Blocked by Rule #14" tells you nothing.
Getting Started
- Sign up for free — Fidro returns risk scores on every validation call
- Start in monitoring mode: log scores but don't block anyone
- After two weeks of data, set your initial thresholds
- Review the API documentation for the full score breakdown
