What is Device Risk Check?
Device Risk provides an overall risk & reputation assessment of the device used to initiate a transaction. Data about the device are captured and passed as a credential to be evaluated by the transaction workflow. How the device data is captured and uploaded depends on the integration channel:
- Integrations using the Jumio Web Client do not require additional setup, as it comes pre-configured to support Device Risk.
- Mobile apps need to integrate with an SDK to generate a blackbox string containing the required device data, which should then be uploaded as a Prepared Data credential using the REST API.
- For integrations using the Jumio Web SDK, a reverse proxy is necessary to download required third-party scripts.
- Web applications that want to use Device Risk as a standalone service can acquire the device data as a blackbox string and upload it as Prepared Data via the REST API.
Response
Response data is available for transactions that include the risk signal. For information on transaction data see this.
"deviceRiskVerification": [
{
"id": "UUID",
"credentials": [
{
"id": "UUID",
"category": "DATA",
"label": "DATA"
}
],
"decision": {
"type": "REJECTED",
"details": {
"label": "HIGH_RISK"
}
},
"data": {
"deviceModel": "WINDOWS",
"deviceOS": "WINDOWS NT 6.1",
"browser": "CHROME",
"trueIP": "50.165.158.124",
"ipLocationCity": "MARIETTA",
"ipLocationCountry": "USA",
"ipLocationLatitude": "33.9525",
"ipLocationLongitude": "-84.55",
"ipLocationRegion": "GEORGIA",
"metaDataAge": "315515197",
"deviceAlerts": [
"IP Address Risk Global",
"Owned Evidence Exists",
"Device Risk Global",
"Device Risk Local",
"IP Mismatch"
],
"browserCookiesEnabled": true,
"browserLanguage": "EN-US",
"browserVersion": "35.0.1916.114",
"deviceFirstSeen": "2017-08-24T19:40:59.163Z",
"deviceScreen": "900X1600",
"isp": "COMCAST",
"flashEnabled": true,
"browserTimezone": "+06:00",
"deviceIsNew": false,
"statedIp": "24.21.105.201"
}
}
]
Decision Details Labels
| Decision Type | Label | Description |
|---|---|---|
| PASSED | OK | Device does not exhibit any known risk or fraud indicators. |
| REJECTED | DENY | Device has been flagged as high-risk or associated with known fraudulent activity. |
| WARNING | ALERT | Device exhibits suspicious behavior or patterns but is not conclusively high-risk. |
| NOT_EXECUTED | TECHNICAL_ERROR | An error occurred during device risk evaluation. Verify input and retry, or contact Support. |
Data
Data
| Key | Type | Description |
|---|---|---|
| browser | string | Detected browser. eg Chrome Mobile, Chrome, Mobile Safari, Firefox, Safari. |
| browserCookiesEnabled | boolean | Whether JavaScript cookies are enabled. |
| browserLanguage | string | Browser default language. |
| browserTimezone | string | Browser timezone. |
| browserVersion | string | Browser version. |
| deviceAlerts | array of strings | Messages indicating the reasons why a WARNING or REJECTED decision type was returned. See Device Alerts. |
| deviceFirstSeen | string | Date/time the device was first seen by Iovation. |
| deviceIsNew | boolean | Whether the device has ever been seen by Iovation. |
| deviceModel | string | Device model name and model version. For Apple devices, this refers to the hardware identifier (such as iPhone6.1), not the public product model (such as iPhone 6s). |
| deviceOS | string | For Web, UserAgent header. eg "iOS", "Mac OS X", "Android", "Windows" or "Linux". For mobile SDKs it's constant "Android" or "iOS". |
| deviceScreen | string | The screen resolution. |
| flashEnabled | boolean | Whether Flash is enabled. |
| ipLocationCity | string | City associated with the IP address. |
| ipLocationCountry | string | Alpha-3 country code of the country associated with the IP address. |
| ipLocationLatitude | string | Latitude associated with the IP address. |
| ipLocationLongitude | string | Longitude associated with the IP address. |
| ipLocationRegion | string | State/region name associated with the IP address. |
| isp | string | Internet service provider of the stated IP address. |
| metaDataAge | string | Age of the blackbox, in seconds. |
| statedIp | string | The stated IP address from the end-user's device. This can be an IPv4 or IPv6 address. |
| trueIp | string | IP properties for the Real IP address. |
Device Alerts
Device Alters include
| Alert | Description |
|---|---|
| Accounts Per Device | Number of accounts associated to the same device. |
| Countries Per Device | Number of countries the device has been seen from. |
| Device Not Provided | No blackbox is received, this could be due to direct action by the end user or an issue with the integration. The absence of a device ID can be correlated to increased risk in many cases. |
| Device Risk Global | Looks at other devices in the Iovation network with similar characteristics to the device the transaction is coming from. Risk is determined when a minimum of 70% of those devices are associated with evidence of fraud at any of Iovation’s subscribers. |
| Geolocation Mismatch | If the stated IP is different than the Real IP Iovation collects, this rule looks at the geographical location of each - define if difference is at Country, Region or City level. |
| High Risk Country | Transactions sent from countries on a defined list will cause the rule to fire. |
| Invalid Blackbox | Blackbox cannot be decrypted or parsed. Usually this is an indication that there may be a problem with the integration with Iovation. |
| IP Address Risk | Risk assessment based on all devices seen at any of Iovation’s subscribers’ sites that have been seen with the same IP address. Risk is determined when a minimum of 70% of those devices are associated with evidence of fraud at any of Iovation’s subscribers. |
| IP Mismatch with ISP Exclusions | Triggered when the declared IP address does not align with the actual IP detected by Iovation. Common ISP have been excluded to not be effected by Apple Private Relay, or traffic routed through CDN providers (e.g., Cloudflare, Fastly). |
| ISP Watch List | ISP is on a list of ISPs to watch for. |
| Jailbreak / Root Detected | Device has been jailbroken (iOS devices) or rooted (Android devices). |
| Other Subscriber ATO Evidence | Direct Account TakeOver evidence has been placed by other Iovation subscribers against the device. |
| Other Subscriber Cheating Evidence | Direct or indirect Cheating evidence has been placed by other Iovation subscribers against the account or device. |
| Other Subscriber Financial Evidence | Direct or indirect Financial evidence has been placed by other Iovation subscribers against the account or device. |
| Other Subscriber ID Theft Evidence | Direct or indirect ID Theft evidence has been placed by other Iovation subscribers against the account or device. |
| Other Subscriber Miscellaneous Evidence | Direct or indirect Miscellaneous evidence has been placed by other Iovation subscribers against the account or device. |
| Other Subscriber Policy Fraud Evidence | Direct or indirect Policy Fraud evidence has been placed by other Iovation subscribers against the account or device. |
| Owned Evidence Exists | There is direct or indirect evidence against the account or device. The evidence has been placed by the subscriber. |
| Proxy in Use | Transaction is sent via a proxy service to obfuscate the true location of the end user. |
| Suspect Device Data | Corrupt or incomplete blackbox. This is due to direct action by the end user. |
| Timezone/Geolocation Mismatch | When the timezone the device is configured is different than the timezone the Real IP determines - define # of minutes. |
| TOR Exit Node IP | Detects when a user is accessing the TOR network to remain anonymous online. |
| Transactions per IP | Number of Transactions per IP. |