Skip to content
Pricing
Log InStart Free TrialBook a Demo
Risk & Detection

Velocity Checks

Velocity checks are fraud rules that measure how frequently an action is performed by the same entity within a time window. They catch abuse that reveals itself through speed and volume, such as one device creating many accounts or one card attempting many transactions in minutes.

How it works

How Velocity Checks works

A velocity check counts events keyed to some identity, a device, IP address, account, card, or email, over a rolling time window and compares that count against a limit. Ten signups from one device in an hour, or fifty checkout attempts from one IP in a minute, are patterns that legitimate use rarely produces but automated abuse routinely does.

The reliability of a velocity check depends heavily on the quality of the key it counts against. Counting by IP is easily evaded with proxies, and counting by cookie is defeated by clearing cookies, so attackers spread activity to stay under limits. A stable device identifier that survives those evasions makes velocity checks far harder to slip past, because the counter follows the device rather than a disposable value.

Windows and thresholds are tuned per action and per risk. Short windows catch bursty automated attacks, while longer windows surface slow, distributed abuse. Velocity signals are rarely used alone; they feed into broader risk scoring, where a high rate combined with other red flags produces a strong verdict.

Why it matters

Why Velocity Checks matters for fraud prevention

Many fraud types are fundamentally about volume: credential stuffing, card testing, promo and trial abuse, and mass account creation all depend on repeating an action far faster than a real person would. Velocity checks are among the simplest and most effective countermeasures because they target that shared behavior directly. Anchoring them to a durable device identifier is what stops attackers from resetting the counter at will.

With TRACIO

How TRACIO handles it

TRACIO makes velocity checks meaningful by supplying a visitor ID that persists across cookie clearing, incognito mode, and IP rotation, so counts follow the actual device rather than an easily reset key. Teams combine that stable identifier and the platform's Smart Signals in their own decisioning to enforce rate-based rules that attackers cannot trivially evade.

FAQ

Frequently asked questions

Identify every device with confidence

Start with a free plan of 2,500 API calls per month. No credit card required.