Understanding risk assessments

Risk assessment types

Incognia may provide three types of risk assessments, which depend on our confidence level in a given action performed by a device in one of our supported use cases:

  • high_risk: Incognia deems the action (e.g. sign up, login) performed by the device to be potentially fraudulent, and advises you to take preventive actions in these scenarios;

  • low_risk: Incognia considers this action performed by the device to be safe to accept;

  • unknown_risk: Incognia is unable to provide a precise assessment at the time of the request.

Subsequent requests for the same action and/or device may result in different assessments depending on the time passed, since Incognia's algorithms improve over time.

Risk assessment evidence

Incognia's APIs rely on evidence to provide risk assessments. This evidence is built on top of different analyses through distinct lenses. Some evidence values pertain to all assessments, regardless of use case, while others are only relevant to specific use cases.

When parsing API responses, you should consider all evidence as optional. Also, new evidence can be added at any time. Because of this, consider parsing the evidence field as a generic JSON object unless you'll use some specific evidence for making a decision.

The table below describes possible evidence values, their meaning, and which use cases they impact.

Evidence

Description

Type

Use Cases

device_model

Model of the device used to perform the given action.

string

All

location_events_quantity

Amount of recent location events associated with the device.

integer

All

location_services

Whether or not the device has enabled location gathering, withlocation_permissions_enabled , and the location sensors, withlocation_sensors_enabled.

object with boolean flags

All

device_integrity

Indicates if the device is probably rooted (probable_root ), if an emulator has been used (emulator), if GPS data is being faked (gps_spoofing ), and if your app was downloaded from official stores (from_official_store).

object with boolean flags

All

geocode_quality

Indicates if a declared address was able to be successfully geocoded by Incognia.

enum (good, poor)

Onboarding

address_quality

Indicates if a declared address matches an existing address.

enum (good, medium, poor)

Onboarding

location_events_near_address

Amount of location events near the declared address.

integer

Onboarding

device_fraud_reputation

Indicates if the device appears in any kind of watchlist or allowlist built with client reports.

enum (unknown, confirmed_fraud, allowed

All

device_behavior_reputation

Indicates if the device appears in a dynamic allowlist or watchlist built by Incognia's models.

enum (unknown ,allowed, suspect )

Login / Payment

activity_evidence

Datetimes indicating the device's first and last locations known by Incognia near this address (first_known_address_activityand last_known_address_activity) and the first assessment made by Incognia for this sign up (first_addres_verification )

object with datetimes

Onboarding

known_account

Whether we have information about this Account ID provided via Feedback API

boolean

Login / Payment

distance_to_trusted_location

Distance between the device's current location to it's past frequent locations.

double

Login / Payment

last_location_ts

Date and time of the last location event associated with the device.

datetime

Login / Payment

sensor_match_type

Indicates which type of matching strategy was utilized to produce a result.

string (see Understanding sensor match types below)

Login / Payment

account_integrity

Indicates if the account received a high_risk assessment in the last 30 minutes (recent_high_risk_assessment) and how much milliseconds remain before this assessment is considered stale (risk_window_remaining).

object

Login / Payment

Understanding sensor match types

Match Type

Description

gps

When Incognia is able to perform comparisons by GPS data.

wifi_scan

When Incognia is able to perform comparisons by Wi-Fi sensors, but no matching connected networks are found.

wifi_connection

When Incognia is able to perform comparisons by connected Wi-Fi networks.