Data model definitions

Use the following tables for information on the various fields in the fraud related data models:

Fraud account data model

Name	Description	Example	Format	Source
`acc_age`	Age of the account (in days)	107	Number	Extracted
`acc_holder_dob`	Date of birth	05/25/1995	String	Extracted
`acc_holder_first_name`	FIrst name	John	String	Extracted
`acc_holder_last_name`	Last name	Smith	String	Extracted
`acc_holder_middle`	Middle initial	P	String	Extracted
`acc_status`	Account status	Approve	String	Extracted
`addr_home_city`	City of home address	Seattle	String	Extracted
`addr_home_state`	State of home address	Washington	String	Extracted
`addr_home_zip`	Zip Code of home address	92017	Number	Extracted
`addr_home_zip_lat`	Latitude of zip code		String	Lookup
`addr_home_zip_lon`	Longitude of zip code		String	Lookup
`deviceid`	Device identifier
`direct_deposit`	Destination account for funds	12345678	Number	Extracted
`email`	Email address	john.smith@gmail.com	String	Extracted
`email_domain_root`	Email address domain (root)	gmail	String	Eval Expression
`email_domain_tld`	Email address domain (top level)	gmail.com	String	Eval Expression
`email_normalized`	Email address (Includes the name)	johnsmith@gmail.com	String	Eval Expression
`host`	Host of the data source		String	Inherited
`http_accept`			String	Extracted
`http_accept_language`			String	Extracted
http_content_type			String	Extracted
`http_method`		API method (Post, Get, and so on)	String	Extracted
`http_referer`	Referring URL		String	Extracted
`http_user_agent`	Web browser identifier	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393	String	Extracted
`mmn`	Mother's maiden name	Smith	String	Extracted
`occupation`	Occupation	Janitor	String	Extracted
`password`	Password	Hash of pwd	String	Eval Expression
`phone_home`	Home phone number	209-121-2398	String	Extracted
`r_10`	Deprecated		Number	Eval Expression
`source`	Source of the data source		String	Inherited
`sourcetype`	Sourcetype of the data source		String	Inherited
`src_ip`	IP address logged for the event	123.10.10.234	IPv4	Extracted
`src_ip_City`	City corresponding to the IP address	Los Angeles	String	Geo IP
`src_ip_Country`	Country corresponding to the IP address	United States	String	Geo IP
`src_ip_lat`	Latitude corresponding to the IP address		String	Geo IP
`src_ip_lon`	Longitude corresponding to the IP address		String	Geo IP
`src_ip_Region`	State or province corresponding to the IP address	Florida	String	Geo IP
`ssn`	Social security number	172-90-9201	String	Extracted
`uniqueid`	Credit, benefits application ID, or permanent user ID that supersedes SSN or username		String	Extracted
`username`	Username	barneysmith	String	Extracted

Fraud web data model

Name	Description	Example	Format	Source
`accept_language`	Language accepted by the browser		String	Extracted
`action`			String	Extracted
`actions`			String	Extracted
`bill_payments_num`			Number	Extracted
`bytes_in`			Number	Extracted
`bytes_in_total`			Number	Extracted
`bytes_out`			Number	Extracted
`bytes_out_total`			Number	Extracted
`City`			String	Extracted
`Countries_num`			Number	Extracted
`Country`			String	Extracted
`date_hour`			Number	Extracted
`date_mday`			Number	Extracted
`date_month`			String	Extracted
`date_wday`			String	Extracted
`date_year`			Number	Extracted
`date_zone`			Number	Extracted
`deposit_checks_num`			Number	Extracted
`errors`			Number	Extracted
`host`			String	Inherited
`http_accept`			String	Extracted
`http_accept_language`			String	Extracted
`http_content_type`			String	Extracted
`http_method`		API method (Post, Get, and so on)	String	Extracted
`http_referer`	Referring URL		String	Extracted
http_user_agent	Browser identifier		String	Extracted
`http_user_agents_num`			Number	Extracted
`ip_16_subnet`			String	Extracted
`ip_16_subnets`			String	Extracted
`ip_16_subnets_num`			Number	Extracted
`ip_subnet_16`			String	Extracted
`ip_subnet_24`			String	Extracted
`is_aggregator`			Number	Extracted
`languages`			String	Extracted
`logged_in`			Number	Extracted
`logins_success_num`			Number	Extracted
`money_movements_num`			Number	Extracted
`r_10`	deprecated		Number	Eval expression
`r_100`	Deprecated		Number	Eval expression
`r_1000`	Deprecated		Number	Eval expression
`r_10000`	Deprecated		Number	Eval expression
`r_100000`	Deprecated		Number	Eval expression
`r_1000000`	Deprecated		Number	Eval expression
`Region`			String	Extracted
`risk_exposure`			Number	Extracted
`risk_exposure_r`			Number	Extracted
`risk_level`			Number	Extracted
`risk_level_r`			Number	Extracted
`screen`			String	Extracted
`screens`			String	Extracted
`security_code_requests_num`			Number	Extracted
`session_duration`			Number	Extracted
`session_events_num`			Number	Extracted
`session_id`	Web session ID		String	Extracted
`source`			String	Inherited
`sourcetype`			String	Inherited
`src_ip`	Client IP address	10.10.10.20	String	Extracted
`src_ips_num`			Number	Extracted
`status`	Web page status	400, 200, etc	Number	Extracted
`trade_securities_num`			Number	Extracted
`uri`			String	Extracted
`uri_path`			String	Extracted
`username`	Username	barneysmith	String	Extracted
`username_ex`			String	Extracted
`username_tried`			String	Extracted
`usernames`			String	Extracted
`usernames_num`			Number	Extracted

User Guide

Data model definitions

Fraud account data model

Fraud web data model

Comments

Data model definitions