BadB
Professional
- Messages
- 2,475
- Reaction score
- 2,490
- Points
- 113
Decoding the logic of constructing a trust score through a sequence of events
This sequence isn't chaos. It's a behavioral graph, which fraud engines (Forter, Sift, Riskified) convert into a numeric trust score.
Each action is a node. Each pause is an edge. And the entire session is a trust card.
In this article, we'll explore how behavioral graphs are constructed, how they affect trust score, and how to model a plausible story.
A Session Graph (behavioral graph) is a directed acyclic graph (DAG) where:
Example:
This graph is the basis of the trust score.
Level 1: Local Metrics
Level 2: Sequential Patterns
Level 3: Global Structure
Scenario 1: Real User
Scenario 2: Bot
Step 1: Research (0-5 minutes)
Step 2: Solution (5-10 minutes)
Step 3: Execution (10-15 minutes)
Step 4: Confirmation (15-20 minutes)
Your behavioral graph is your story.
And if it's written with doubts, hesitations, and backtracking, the system will believe, "This is a human".
Stay natural. Stay unpredictable.
And remember: in the world of fraud, the journey is more important than the destination.
Introduction: Your Session is a Story
You visit a website. Scroll the page. Hover over a button. Return to the terms and conditions. Enter an email with a typo. Correct it. Submit.This sequence isn't chaos. It's a behavioral graph, which fraud engines (Forter, Sift, Riskified) convert into a numeric trust score.
Each action is a node. Each pause is an edge. And the entire session is a trust card.
In this article, we'll explore how behavioral graphs are constructed, how they affect trust score, and how to model a plausible story.
Part 1: What is Session Graph?
Technical definition
A Session Graph (behavioral graph) is a directed acyclic graph (DAG) where:- Nodes are individual actions (click, scroll, enter),
- Edges are the temporal and logical connections between actions,
- Weights — duration, speed, accuracy.
Example:
Code:
[Loading] → (2.1 sec) → [Scroll Down] →(1.5 sec)→ [Email hover] →(0.8 sec)→ [Error input] →(1.2 sec)→ [Correction] →(2.0 sec)→ [Submit]This graph is the basis of the trust score.
Part 2: How the Trust Score is Calculated
Three levels of analysis
Level 1: Local Metrics- Input speed, cursor acceleration, scroll rate.
- Evaluated in isolation.
Level 2: Sequential Patterns
- The order of actions: first read the conditions, then enter.
- The logic of behavior is assessed.
Level 3: Global Structure
- Total session depth, number of returns, activity balance.
- Humanity is assessed.
Trust Score = f (local metrics, consistent patterns, global structure)
Part 3: Key Components of a Behavioral Graph
1. Depth
- Definition: The number of unique actions in a session.
- Norm: 15–25 actions in 10–15 minutes.
- Anomaly: 3 actions in 2 hours → bot.
2. Backtracking
- Definition: Return to previous elements (for example, to an amount after entering an email).
- Norm: 2–4 returns per session.
- Anomaly: No returns → linear behavior → bot.
3. Pause Distribution
- Definition: The length of pauses between actions.
- Norm: Exponential distribution (many short, few long).
- Anomaly: Constant pauses → script.
4. Error-Recovery Cycles
- Definition: Typo → correction → continuation.
- Norm: 1–2 cycles per form.
- Anomaly: No errors → perfect input → bot.
Profiles with depth <10 and zero returns have a fraud score of 95+
Part 4: How Fraud Engines Use Graphs
Example of Forter analysis
Scenario 1: Real User
Code:
[Loading] → (3.2 sec) → [Scroll Down] → (2.1 sec) → [Reading Terms] → (4.5 sec) →
[Return to Amount] → (1.8 sec) → [Enter Email] → (Error) → [Backspace] → (1.2 sec) →
[Correction] → (2.0 sec) → [Pause Before Sending] → (1.5 sec) → [Sending]- Trust Score: 85/100 → Approve.
Scenario 2: Bot
Code:
[Loading] → (0.1 sec) → [Enter Email] → (0.1 sec) → [Enter Password] → (0.1 sec) → [Sending]- Trust Score: 15/100 → Decline.
Key difference: Presence of "noise" and nonlinearity.
Part 5: How to Model a Plausible Graph
Natural History Strategy
Step 1: Research (0-5 minutes)- Scroll up and down,
- Reading headlines,
- Hovering over buttons without clicking.
Step 2: Solution (5-10 minutes)
- Return to the target element,
- Comparison with alternatives,
- Pause before entering.
Step 3: Execution (10-15 minutes)
- Typo input,
- Corrections,
- Checking previous fields.
Step 4: Confirmation (15-20 minutes)
- Refund to amount/email,
- The final pause,
- Dispatch.
The graph will contain depth, returns, errors, pauses - everything needed for a high trust score.
Part 6: Setting Up Dolphin Anty / Linken Sphere
Human Emulation Settings
| Parameter | Recommended value | Why |
|---|---|---|
| Session Depth | 15–20 minutes | Simulates research |
| Backtracking | 3-4 returns | Creates nonlinearity |
| Typing Errors | 5–7% | Adds error loops |
| Pause Distribution | Exponential | Imitates human pauses |
Turn on "Natural Session Flow" in Dolphin Anty - it will automatically add returns and pauses.
Part 7: Why Most Carders Fail
Common Mistakes
| Error | Consequence |
|---|---|
| Linear session | Looks like a bot → high-risk score |
| Zero returns | No verification → ban |
| Ideal input | No errors → suspicion |
| Too short session | Less than 5 minutes → anomaly |
89% of failures are due to the absence of a behavioral graph.
Conclusion: Trust is history
Fraud engines don't care what you do. They care how you do it.Your behavioral graph is your story.
And if it's written with doubts, hesitations, and backtracking, the system will believe, "This is a human".
Final thought:
True camouflage lies not in speed, but in depth.
Because in a world of machines, the best camouflage is being human.
Stay natural. Stay unpredictable.
And remember: in the world of fraud, the journey is more important than the destination.
