Risk Signal: Device Risk

Device Risk provides an overall risk & reputation assessment of the device used to initiate a transaction. Data about the device are captured and passed as a credential to be evaluated by the transaction workflow. How the device data is captured and uploaded depends on the integration channel:

  • Integrations using the Jumio Web Client do not require any additional integration work. The Web Client is pre-configured to support Device Risk.

  • Mobile apps need to integrate an SDK to generate a blackbox string containing the required device data and then upload the blackbox as a Prepared Data credential using the REST API. See Device Risk with Mobile SDK.

  • Integrations that use the Jumio Web SDK must implement a reverse proxy to download required third-party scripts. See Device Risk with Web SDK.

  • Web application integrations that want to use Device Risk as a standalone service can acquire the device data as a blackbox string and upload it as Prepared Data. See Device Risk with REST API.

Response

Response data is available for transactions that include the risk signal. For information on transaction data see Viewing or Retrieving Workflow Transactions.

Response Structure

"deviceRiskVerification": [
            {
                "id": "96d466c7-b47a-48b8-a1c3-ca1c84365aa4",
                "credentials": [
                    {
                        "id": "08c7bca9-2836-4c5b-8717-859a9d9b255e",
                        "category": "DATA",
                        "label": "DATA"
                    }
                ],
                "decision": {
                    "type": "REJECTED",
                    "details": {
                        "label": "HIGH_RISK"
                    }
                },
                "data": {
                    "deviceModel": "WINDOWS",
                    "deviceOS": "WINDOWS NT 6.1",
                    "browser": "CHROME",
                    "trueIP": "50.165.158.124",
                    "ipLocationCity": "MARIETTA",
                    "ipLocationCountry": "USA",
                    "ipLocationLatitude": "33.9525",
                    "ipLocationLongitude": "-84.55",
                    "ipLocationRegion": "GEORGIA",
                    "metaDataAge": "292784828",
                    "deviceAlerts": [
                        "Transactions Per Device- 15 in 1 day",
                        "Owned Evidence Exists",
                        "Device Risk Global",
                        "IP Address Risk Global"
                    ],
                    "browserCookiesEnabled": true,
                    "browserLanguage": "EN-US",
                    "browserVersion": "35.0.1916.114",
                    "deviceFirstSeen": "2017-08-24T19:40:59.163Z",
                    "deviceScreen": "900X1600",
                    "isp": "COMCAST",
                    "flashEnabled": true,
                    "browserTimezone": "+06:00",
                    "deviceIsNew": false
                }

Decision Details Labels

Decision Type

Label

Description

PASSED

LOW_RISK

 

REJECTED

HIGH_RISK

 

WARNING

MEDIUM_RISK

 

NOT_EXECUTED

PERMISSION_DENIED

 

NOT_EXECUTED

DATA_NOT_FOUND

 

NOT_EXECUTED

BAD_REQUEST

 

NOT_EXECUTED

TECHNICAL_ERROR

 

Data

Key

Type 

Description

deviceModel

string

Device model name and model version. For Apple devices, this refers to the hardware identifier (such as iPhone6.1), not the public product model (such as iPhone 6s).

deviceOS

string

For Web, UserAgent header. eg "iOS", "Mac OS X", "Android", "Windows" or "Linux". 

For mobile SDKs it's constant "Android" or "iOS"

browser

string

Detected browser. eg Chrome Mobile, Chrome, Mobile Safari, Firefox, Safari

trueIp

string

IP properties for the Real IP address.

ipLocationCity string City associated with the IP address.
ipLocationCountry string Alpha-3 country code of the country associated with the IP address.
ipLocationLatitude string Lattitude associated with the IP address.
ipLocationLongitude string Longitude associated with the IP address.
ipLocationRegion string State/region name associated with the IP address.
metaDataAge string Age of the blackbox, in seconds.
deviceAlerts array of strings Messages indicating the reasons why a WARNING or REJECTED decision type was returned. See Device Alerts.
browserCookiesEnabled boolean Whether JavaScript cookies are enabled.
browserLanguage string Browser default language.
browserVersion string Browser version.
deviceFirstSeen string Date/time the device was first seen by Iovation.
deviceScreen string The screen resolution.
isp string Internet service provider of the stated IP address.
flashEnabled boolean Whether Flash is enabled.
browserTimezone string Browser timezone.
deviceIsNew boolean Whether the device has ever been seen by Iovation.

Device Alerts

Alert Description
Owned Evidence Exists There is direct or indirect evidence against the account or device. The evidence has been placed by the subscriber
Other Subscriber Financial Evidence Direct or indirect Financial evidence has been placed by other Iovation subscribers against the account or device
Other Subscriber ATO Evidence Direct Account TakeOver evidence has been placed by other Iovation subscribers against the device
Other Subscriber Policy Fraud Evidence Direct or indirect Policy Fraud evidence has been placed by other Iovation subscribers against the account or device
Other Subscriber ID Theft Evidence Direct or indirect ID Theft evidence has been placed by other Iovation subscribers against the account or device
Other Subscriber Miscellaneous Evidence Direct or indirect Miscellaneous evidence has been placed by other Iovation subscribers against the account or device
Other Subscriber Cheating Evidence Direct or indirect Cheating evidence has been placed by other Iovation subscribers against the account or device
High Risk Country Transactions sent from countries on a defined list will cause the rule to fire
Proxy in Use Transaction is sent via a proxy service to obfuscate the true location of the end user
Geolocation Mismatch If the stated IP is different that the Real IP Iovation collects, this rule looks at the geographical location of each - define if difference is at Country, Region or City level
Transactions Per Device Number of transactions associated to the same device
Countries Per Device Number of countries the device has been seen from
Transactions per IP Number of Transactions per IP
Timezone/Geolocation Mismatch When the timezone the device is configured is different than the timezone the Real IP determines - define # of minutes
Device Not Provided No blackbox is received, this could be due to direct action by the end user or an issue with the integration. The absence of a device ID can be correlated to increased risk in many cases
Invalid Blackbox Blackbox cannot be decrypted or parsed. Usually this is an indication that there may be a problem with the integration with Iovation
Suspect Device Data Corrupt or incomplete blackbox. This is due to direct action by the end user
TOR Exit Node IP Detects when a user is accessing the TOR network to remain anonymous online
Device Risk Global Looks at other devices in the Iovation network with similar characteristics to the device the transaction is coming from. Risk is determined when a minimum of 70% of those devices are associated with evidence of fraud at any of Iovation’s subscribers.
IP Address Risk

Risk assessment based on all devices seen at any of Iovation’s subscribers’ sites that have been seen with the same IP address. Risk is determined when a minimum of 70% of those devices are associated with evidence of fraud at any of Iovation’s subscribers.

ISP Watch List ISP is on a list of ISPs to watch for

Jailbreak / Root Detected

Device has been jailbroken (iOS devices) or rooted (Android devices).