Trust score risk levels

The Trust Score mechanism describes the level of trust of a single session. It is based on the correlation between the values and behavior that is seen in the current session and the user’s history. It also defines whether the session is risky in comparison to the general population.

The scores range 0 - 1000, where 1000 is the maximum risk. Those scores are divided into bins in order to apply the risk levels and set the policies.

  • Low: 0-199
  • Medium: 200-399
  • High: 400-699
  • Very High: 700-1000
Based on the Trusteer knowledge base, the following score distributions are typical:
  • Low: 70-90% of sessions
  • Medium: 5-15% of sessions
  • High: 2-8% of sessions
  • Very High: 0-5% of sessions

Scenario examples

Table 1. Score level examples
Score level Examples
Low
  • Old and trusted device in an account.
Medium
  • First session in an account.
  • Old device from a new location.
  • Old device that accesses the account after dormancy.
  • Old device from a risky internet provider.
High
  • New device in an account.
  • Significant device attributes change - new screen, use of a new language.
  • New device with rare attributes.
Very High
  • New device from a risky internet provider.
  • New device from a new country.
  • New downgraded device.
  • New device with spoofing indications.
  • Old device with risk indications - active VM, active remote access tool.