Skip to main content
Version: 1.8.0 (latest)

Risks

Risk management

Risk management includes determination, assessment and control of the impacts of external factors, as well as detection of deliberate attacks that could negatively affect BAF operation on customer’s resources.

Attacks on the system are detected using velocity checks, which track the number of repetitions of transaction data elements over certain time intervals, as well as the number of anomalies or similarities to fraudster behavior.

By default, BAF tracks and records all occurred risks. To ensure that the risk affects the verification progress (for example, an applicant is to be blocked during a mass attack), enable the risk activity.

Risk Level

There are two levels of risk:

  • Significant. risk that should be addressed first.
  • Moderate. risk that should be considered second.

The risk level is used only as an additional filter in the publicapi.

Risk table

No.Risk typeRisk levelData required for risk operationConditions
0MassAttackSignificantThe deviceMetadata.Ip field in the validation request data.Exceeded number of verification requests sent from an IP address after a certain date (current date minus period duration).

Parameters: Period – time period, default value is TimeSpan("01:00:00"), Count is number of requests, default value is 3.

The risk is triggered if more than 3 requests came from one IP address within one hour, counting from the current request.

1PeriodicAttackModerate

Fields in validation request data:

  • browserMetadata.browserInfo
  • browserMetadata.canvasInfo
  • browserMetadata.fontsInfo
  • browserMetadata.html5Info
  • browserMetadata.webGlInfo
Applicant verification requests with different ValidationRequestId and similar user's environment fingerprint.

The user environment fingerprint is the set of fields listed in the data required for the risk to work.

6DuplicateFaceSignificantThe faceImageBase64 field in the validation request data.Registered applicant with a face match confidence higher than the parameter value.

Parameters: FaceValidationPercent

7InconsistentMetadataSignificantThe phone number specified in the applicant data. The deviceMetadata.Ip and deviceMetadata.timeZone fields in the validation request data.Inconsistencies were found in the client metadata during verification

Possible Inconsistencies:

  • Phone county - the country of the phone number does not match the country of the clientIp.
  • TimeZone - the timezone on the client device does not match the timezone of the clientIp.
8MissingMetadataModerateThe deviceMetadata.Ip and deviceMetadata.timeZone fields in the validation request data.The validation request data is missing required fields.
9UntrustedIpModerateThe deviceMetadata.Ip field in the validation request data.Ip at registration does not match the ip of authorization.
10MotionControlFailedModerateMotion control info from web componentThe user's movements do not match the web component's instructions when recording motion control video
11UntrustedDeviceModerateThe userAgent field in the validation request data.The device fingerprint at registration does not match the device fingerprint at authorization.

Get a list of risks

The request returns a list of occurred risks. The list of risks can be filtered by time. If you do not set filtering, all created risks will be displayed, starting with the last one.

Endpoint: GET /publicapi/api/v2/private/RiskEvents

Parameters:

Field nameDescriptionValue
PagePage numberFrom 1 to 2147483647
PageSizeMaximum number of applicants listed on the pageОт 1 до 400

The following optional fields can be used to search and sort:

Field nameDescription
CreatedFromLower date limit: dd-mm-yyyy
CreatedToUpper date limit: dd-mm-yyyy
SortFieldSorting field. You can specify firstName, lastName, phone, etc.
OrderSorting order for the selected field. For descending order specify the value: descending. Ascending order is set by default.
TextFilterText search
LevelRisk level. From 0 (Moderate) to 1 (Significant)
TypeRisk type number

Request example:

curl -X 'GET' \
'https://baf.ai/publicapi/api/v2/private/RiskEvents?Page=1&PageSize=10' \
-H 'accept: text/plain' \
-H 'Authorization: Bearer sk_3938ab7b-cdbf-4a1a-952b-e3782f061f4b'

Response example:

Status Code200
{
"page": 0,
"pageSize": 0,
"total": 0,
"totalPages": 0,
"items": [
{
"id": "3fa85***", // risk ID
"validationResponseId": 0,
"validationRequestId": "3fa85***",
"level": 0,
"type": 0,
"created": "2023-09-20T10:45:37.851Z"
}
]
}

Possible errors:

CodeMessageDescriptionCode
400No sorting by selected property.Wrong sorting field selected120026

Get a List of Risk Types Being Monitored

The request returns a list of available risk types and their statuses.

Endpoint: GET /publicapi/api/v2/private/RiskManagement/ActiveRisks

Request example:

curl -X 'GET' \
'https://baf.ai/publicapi/api/v2/private/RiskManagement/ActiveRisks' \
-H 'accept: text/plain' \
-H 'Authorization: Bearer sk_3938ab7b-cdbf-4a1a-952b-e3782f061f4b'

Response example:

Status Code200
[
{
"riskType": 0,
"description": "Mass Attack",
"isActive": false
},
{
"riskType": 1,
"description": "Periodic Attack",
"isActive": false
},
{
"riskType": 6,
"description": "Duplicate Face",
"isActive": true
},
{
"riskType": 7,
"description": "Inconsistent Metadata",
"isActive": false
},
{
"riskType": 8,
"description": "Missing Metadata",
"isActive": false
},
{
"riskType": 9,
"description": "Untrusted Ip",
"isActive": false
},
{
"riskType": 10,
"description": "Motion Control Failed",
"isActive": false
},
{
"riskType": 11,
"description": "Untrusted device",
"isActive": false
}
]

Enable/disable risk activity

The request allows you to specify active risks that will affect the verification progress. If the risk affects the validation progress and is triggered, the attempt will be considered failed. As the body of the request it is necessary to pass an array of the types of risks that will be enabled. To disable all risks, you must pass an empty list.

Endpoint: PUT /publicapi/api/v2/private/RiskManagement/ActiveRisks

Request body:

[
0,1,6
]

Request example:

curl -X 'PUT' \
'https://baf.ai/publicapi/api/v2/private/RiskManagement/ActiveRisks' \
-H 'accept: */*' \
-H 'Authorization: Bearer sk_3938ab7b-cdbf-4a1a-952b-e3782f061f4b' \
-H 'Content-Type: application/json' \
-d '[
0,1,6
]'

Response example:

Status Code200