A velocity check is a fraud detection technique that monitors both the frequency and the speed of activity on an account, device, or person's identity, looking for suspicious patterns (especially suspiciously high activity). For example, velocity checks will flag abnormal behaviors like multiple login attempts within sections, repeated password reset requests, multiple rapid-fire outbound money transfers, or numerous account applications from the same IP address or device. Any of these might indicate an automated ("bot") attack, credential stuffing, account takeover attempt, or multiple members of a fraud ring testing stolen data. Velocity rules and anomaly detection make it possible to block suspicious activity in real-time before losses occur.
Use case/ examples for velocity check
Account takeover prevention: Monitoring login attempts and flagging accounts that experience rapid-fire authentication failures or password reset requests, as these may indicate credential stuffing or brute force attacks, or that an account’s credentials have been leaked onto the dark web to be accessed by thousands.
Application fraud detection: Identifying fraud ring activity by detecting when multiple account applications have been submitted from the same device, IP address, and/or with overlapping identity elements.
Transaction monitoring: Flagging suspicious transaction velocity, which might include numerous small purchases testing stolen card data, rapid fund transfers, or other activity patterns inconsistent with legitimate user behavior.
