Entities

An entity is a core data element that represents a real-world actor in RiskOS™. Entities bring related data points together so they can be tracked, analyzed, and used to detect fraud. Common examples of entities include personally identifiable information (PII) such as email addresses, phone numbers, and Social Security Numbers (SSNs), as well as system-generated identifiers like user or account UUIDs.

RiskOS™ provides a standard set of entities tailored for common use cases while also supporting custom entities so organizations can adapt the system to their specific needs.

Entities play a crucial role in functionality such as linking cases together (for more details, refer to the "case linking" section) and are integral to computing velocity counters—essential metrics for tracking and analyzing evaluations. By analyzing entities and their relationships, RiskOS™ can uncover suspicious patterns, flag anomalies, and help prevent fraudulent interactions.

Aggregation features

In RiskOS™, aggregation features are computations applied to entities based on the data you send to RiskOS™. They offer deep insights into the behavior and patterns associated with defined entities.

For example, for the email entity, RiskOS™ can calculate first seen and last seen timestamps, the count of applications tied to the email over different time windows, the distinct count of devices or accounts linked to the email, and many more.

RiskOS™ includes a standard library of aggregation features and also supports custom definitions to fit specific customer use cases. The aggregation window for velocity computations can be as short as 1 minute and can extend up to 180 days or even the entire lifespan of the entity. To add aggregation features to a workflow, go to the Aggregations tab and select the desired feature.

Standard aggregation functions

The standard aggregation types that RiskOS™ computes include:

• Average
• Maximum
• Minimum
• Count
• Distinct Count
• First Seen
• Last Seen
• Sum

Standard time windows