Risk Signal: Device Risk
Device Risk provides an overall risk & reputation assessment of the device used to initiate a transaction. Data about the device are captured and passed as a credential to be evaluated by the transaction workflow. How the device data is captured and uploaded depends on the integration channel:
-
Integrations using the Jumio Web Client do not require any additional integration work. The Web Client is pre-configured to support Device Risk.
-
Mobile apps need to integrate an SDK to generate a blackbox string containing the required device data and then upload the blackbox as a Prepared Data credential using the REST API. See Device Risk with Mobile SDK.
-
Integrations that use the Jumio Web SDK must implement a reverse proxy to download required third-party scripts. See Device Risk with Web SDK.
-
Web application integrations that want to use Device Risk as a standalone service can acquire the device data as a blackbox string and upload it as Prepared Data. See Device Risk with REST API.
Response
Response data is available for transactions that include the risk signal. For information on transaction data see Viewing or Retrieving Workflow Transactions.
Response Structure
"deviceRiskVerification": [
{
"id": "96d466c7-b47a-48b8-a1c3-ca1c84365aa4",
"credentials": [
{
"id": "08c7bca9-2836-4c5b-8717-859a9d9b255e",
"category": "DATA",
"label": "DATA"
}
],
"decision": {
"type": "REJECTED",
"details": {
"label": "HIGH_RISK"
}
},
"data": {
"deviceModel": "WINDOWS",
"deviceOS": "WINDOWS NT 6.1",
"browser": "CHROME",
"trueIP": "50.165.158.124",
"ipLocationCity": "MARIETTA",
"ipLocationCountry": "USA",
"ipLocationLatitude": "33.9525",
"ipLocationLongitude": "-84.55",
"ipLocationRegion": "GEORGIA",
"metaDataAge": "292784828",
"deviceAlerts": [
"Transactions Per Device- 15 in 1 day",
"Owned Evidence Exists",
"Device Risk Global",
"IP Address Risk Global"
],
"browserCookiesEnabled": true,
"browserLanguage": "EN-US",
"browserVersion": "35.0.1916.114",
"deviceFirstSeen": "2017-08-24T19:40:59.163Z",
"deviceScreen": "900X1600",
"isp": "COMCAST",
"flashEnabled": true,
"browserTimezone": "+06:00",
"deviceIsNew": false
}
Decision Details Labels
|
Decision Type |
Label |
Description |
|---|---|---|
|
PASSED |
LOW_RISK |
|
|
REJECTED |
HIGH_RISK |
|
|
WARNING |
MEDIUM_RISK |
|
|
NOT_EXECUTED |
PERMISSION_DENIED |
|
|
NOT_EXECUTED |
DATA_NOT_FOUND |
|
|
NOT_EXECUTED |
BAD_REQUEST |
|
|
NOT_EXECUTED |
TECHNICAL_ERROR |
|
Data
|
Key |
Type |
Description |
|---|---|---|
|
deviceModel |
string |
Device model name and model version. For Apple devices, this refers to the hardware identifier (such as iPhone6.1), not the public product model (such as iPhone 6s). |
|
deviceOS |
string |
For Web, UserAgent header. eg "iOS", "Mac OS X", "Android", "Windows" or "Linux". For mobile SDKs it's constant "Android" or "iOS" |
|
browser |
string |
Detected browser. eg Chrome Mobile, Chrome, Mobile Safari, Firefox, Safari |
|
trueIp |
string |
IP properties for the Real IP address. |
| ipLocationCity | string | City associated with the IP address. |
| ipLocationCountry | string | Alpha-3 country code of the country associated with the IP address. |
| ipLocationLatitude | string | Lattitude associated with the IP address. |
| ipLocationLongitude | string | Longitude associated with the IP address. |
| ipLocationRegion | string | State/region name associated with the IP address. |
| metaDataAge | string | Age of the blackbox, in seconds. |
| deviceAlerts | array of strings | Messages indicating the reasons why a WARNING or REJECTED decision type was returned. See Device Alerts. |
| browserCookiesEnabled | boolean | Whether JavaScript cookies are enabled. |
| browserLanguage | string | Browser default language. |
| browserVersion | string | Browser version. |
| deviceFirstSeen | string | Date/time the device was first seen by Iovation. |
| deviceScreen | string | The screen resolution. |
| isp | string | Internet service provider of the stated IP address. |
| flashEnabled | boolean | Whether Flash is enabled. |
| browserTimezone | string | Browser timezone. |
| deviceIsNew | boolean | Whether the device has ever been seen by Iovation. |
Device Alerts
| Alert | Description |
|---|---|
| Owned Evidence Exists | There is direct or indirect evidence against the account or device. The evidence has been placed by the subscriber |
| Other Subscriber Financial Evidence | Direct or indirect Financial evidence has been placed by other Iovation subscribers against the account or device |
| Other Subscriber ATO Evidence | Direct Account TakeOver evidence has been placed by other Iovation subscribers against the device |
| Other Subscriber Policy Fraud Evidence | Direct or indirect Policy Fraud evidence has been placed by other Iovation subscribers against the account or device |
| Other Subscriber ID Theft Evidence | Direct or indirect ID Theft evidence has been placed by other Iovation subscribers against the account or device |
| Other Subscriber Miscellaneous Evidence | Direct or indirect Miscellaneous evidence has been placed by other Iovation subscribers against the account or device |
| Other Subscriber Cheating Evidence | Direct or indirect Cheating evidence has been placed by other Iovation subscribers against the account or device |
| High Risk Country | Transactions sent from countries on a defined list will cause the rule to fire |
| Proxy in Use | Transaction is sent via a proxy service to obfuscate the true location of the end user |
| Geolocation Mismatch | If the stated IP is different that the Real IP Iovation collects, this rule looks at the geographical location of each - define if difference is at Country, Region or City level |
| Transactions Per Device | Number of transactions associated to the same device |
| Countries Per Device | Number of countries the device has been seen from |
| Transactions per IP | Number of Transactions per IP |
| Timezone/Geolocation Mismatch | When the timezone the device is configured is different than the timezone the Real IP determines - define # of minutes |
| Device Not Provided | No blackbox is received, this could be due to direct action by the end user or an issue with the integration. The absence of a device ID can be correlated to increased risk in many cases |
| Invalid Blackbox | Blackbox cannot be decrypted or parsed. Usually this is an indication that there may be a problem with the integration with Iovation |
| Suspect Device Data | Corrupt or incomplete blackbox. This is due to direct action by the end user |
| TOR Exit Node IP | Detects when a user is accessing the TOR network to remain anonymous online |
| Device Risk Global | Looks at other devices in the Iovation network with similar characteristics to the device the transaction is coming from. Risk is determined when a minimum of 70% of those devices are associated with evidence of fraud at any of Iovation’s subscribers. |
| IP Address Risk |
Risk assessment based on all devices seen at any of Iovation’s subscribers’ sites that have been seen with the same IP address. Risk is determined when a minimum of 70% of those devices are associated with evidence of fraud at any of Iovation’s subscribers. |
| ISP Watch List | ISP is on a list of ISPs to watch for |
|
Jailbreak / Root Detected |
Device has been jailbroken (iOS devices) or rooted (Android devices). |