Amazon Fraud Detector concepts - Amazon Fraud Detector

Amazon Fraud Detector concepts

Key concepts for understanding Amazon Fraud Detector include:

Events and Event Types

An event is a business activity that is evaluated for fraud risk. With Amazon Fraud Detector, you generate fraud predictions for events.

An event type defines the structure for an event sent to Amazon Fraud Detector. This includes the variables sent as part of the event, the entity performing the event (such as a customer), and the labels that classify the event. Example event types include online payment transactions, account registrations, and authentication.

Entity and Entity Type

An entity represents who is performing the event. As part of a fraud prediction, you can pass the entity ID to indicate the specific entity who performed the event.

An entity type classifies the entity. Example classifications include customer, merchant, or account.


A label classifies an event as fraudulent or legitimate. Labels are used to train supervised machine learning models in Amazon Fraud Detector.

Model type

The model type defines the algorithms, enrichments, and feature transformations used during model training as well as the data requirements to train the model.

Model training and Model Versions

Model training is the process of using a provided dataset to create a model that can predict fraudulent events. All steps in the model training process are fully automated including data validation, data transformation, feature engineering, algorithm selection, training, and model optimization. In Amazon Fraud Detector, the output from training is called a model version.

Model deployment

When you deploy a model, you make a trained model version available for real-time fraud predictions. Only deployed model versions can be imported to detectors.

Amazon SageMaker model endpoint

In addition to building models using Amazon Fraud Detector, you can optionally use SageMaker-hosted model endpoints in Amazon Fraud Detector evaluations.

For more information about building a model in SageMaker, see Train a Model with Amazon SageMaker.


A detector contains the detection logic (such as the models and rules) for a particular event that you want to evaluate for fraud. A detector can have multiple versions, with each version having a status of Draft, Active, or Inactive. Only one detector version can be in Active status at a time.


A variable represents a data element associated with an event that you want to use in a fraud prediction. Variables can either be sent with an event as part of a fraud prediction or derived, such as the output of an Amazon Fraud Detector model or Amazon SageMaker model.


A rule is a condition that tells Amazon Fraud Detector how to interpret variable values during a fraud prediction. A rule consists of one or more variables, a logic expression, and one or more outcomes. The variables used in the rule must be part of the event evaluated by the detector. A detector must have at least one associated rule.


This is the result, or output, from a fraud prediction. Each rule used in a fraud prediction must specify one or more outcomes.


After you create a detector, you can generate fraud predictions by calling the GetEventPrediction API with your event variables and specifying which detector you want to use. The API always returns an outcome. If a model is used in the detector, Amazon Fraud Detector also returns the corresponding fraud prediction score.