Skip to main content
Version: 1.5.0

Risks

Risk management

Risk management includes determination, assessment and control of the impacts of external factors, as well as detection of deliberate attacks that could negatively affect BAF operation on customer’s resources.

Attacks on the system are detected using velocity checks, which track the number of repetitions of transaction data elements over certain time intervals, as well as the number of anomalies or similarities to fraudster behavior.

By default, BAF tracks and records all occurred risks. To ensure that the risk affects the verification progress (for example, an applicant is to be blocked during a mass attack), enable the risk activity.

No.RiskTypeRiskLevelValuesConditions
0MassAttackSignificantClientIpExceeded number of verification requests sent from an IP address after a certain date (current date minus period duration).

Parameters: Period – time period, default value is TimeSpan("01:00:00"), Count is number of requests, default value is 3.

The risk is triggered if more than 3 requests came from one IP address within one hour, counting from the current request.

1PeriodicAttackModerateValidationRequestId BrowserInfo CanvasInfo FontsInfo Html5Info WebGlInfoApplicant verification requests with different ValidationRequestId and similar device fingerprint.

Fingerprint: for WebLib – a hash of the browser settings.

6DuplicateFaceSignificantFaceImageBase64Registered applicant with a face match confidence higher than the parameter value.

Parameters: FaceValidationPercent

7InconsistentMetadataSignificantPhone county TimeZoneInconsistencies were found in the client metadata during verification

Possible Inconsistencies:

  • Phone county - the country of the phone number does not match the country of the clientIp.
  • TimeZone - the timezone on the client device does not match the timezone of the clientIp.
8MissingMetadataModerateClientIp TimeZoneThe verification attempt metadata is missing data

Possible missing data:

  • ClientIp - external client ip address
  • TimeZone - the timezone on the client device
9UntrustedIpModerateClientIpIP at registration does not coincide with subsequent authorizations.

Get a list of risks

The request returns a list of occurred risks. The list of risks can be filtered by time. If you do not set filtering, all created risks will be displayed, starting with the last one.

Endpoint: GET /publicapi/api​/v2​/private​/RiskEvents

Parameters:

Field nameDescriptionValue
PagePage numberFrom 1 to 2147483647
PageSizeMaximum number of applicants listed on the pageОт 1 до 400

The following optional fields can be used to search and sort:

Field nameDescription
CreatedFromLower date limit: dd-mm-yyyy
CreatedToUpper date limit: dd-mm-yyyy
SortFieldSorting field. You can specify firstName, lastName, phone, etc.
OrderSorting order for the selected field. For descending order specify the value: descending. Ascending order is set by default.
TextFilterText search
LevelRisk level. From 0 to 1
TypeRisk type: 0, 1, 6, 7, 8, 9

Request example:

curl -X 'GET' \
'https://baf.3divi.ai/publicapi/api/v2/private/RiskEvents?Page=1&PageSize=10' \
-H 'accept: text/plain' \
-H 'Authorization: Bearer sk_3938ab7b-cdbf-4a1a-952b-e3782f061f4b'

Response example:

Status Code200
{
"page": 0,
"pageSize": 0,
"total": 0,
"totalPages": 0,
"items": [
{
"id": "3fa85***", // risk ID
"validationResponseId": 0,
"validationRequestId": "3fa85***",
"level": 0,
"type": 0,
"created": "2023-09-20T10:45:37.851Z"
}
]
}

Possible errors:

CodeMessageDescriptionCode
400No sorting by selected property.Wrong sorting field selected120026

Get a List of Risk Types Being Monitored

The request returns a list of available risk types and their statuses.

Endpoint: GET /publicapi/api​/v2​/private​/RiskManagement/ActiveRisks

Request example:

curl -X 'GET' \
'https://baf.3divi.ai/publicapi/api/v2/private/RiskManagement/ActiveRisks' \
-H 'accept: text/plain' \
-H 'Authorization: Bearer sk_3938ab7b-cdbf-4a1a-952b-e3782f061f4b'

Response example:

Status Code200
[
{
"riskType": 0,
"description": "Mass Attack",
"isActive": false
},
{
"riskType": 1,
"description": "Periodic Attack",
"isActive": false
},
{
"riskType": 6,
"description": "Duplicate Face",
"isActive": false
}
]

Enable/disable risk activity

The request allows you to specify active risks that will affect the verification progress. In the request body specify risk types to be included.

Endpoint: PUT /publicapi/api​/v2​/private​/RiskManagement/ActiveRisks

Request body:

[
0,1,6
]

Request example:

curl -X 'PUT' \
'https://baf.3divi.ai/publicapi/api/v2/private/RiskManagement/ActiveRisks' \
-H 'accept: */*' \
-H 'Authorization: Bearer sk_3938ab7b-cdbf-4a1a-952b-e3782f061f4b' \
-H 'Content-Type: application/json' \
-d '[
0,1,6
]'

Response example:

Status Code200