Risks
Risk management
Risk management includes determination, assessment and control of the impacts of external factors, as well as detection of deliberate attacks that could negatively affect BAF operation on customer’s resources.
Attacks on the system are detected using velocity checks, which track the number of repetitions of transaction data elements over certain time intervals, as well as the number of anomalies or similarities to fraudster behavior.
By default, BAF tracks and records all occurred risks. To ensure that the risk affects the verification progress (for example, an applicant is to be blocked during a mass attack), enable the risk activity.
Risk Level
There are two levels of risk:
- Significant. risk that should be addressed first.
- Moderate. risk that should be considered second.
The risk level is used only as an additional filter in the publicapi.
Risk table
No. | Risk type | Risk level | Data required for risk operation | Conditions |
0 | MassAttack | Significant | The deviceMetadata.Ip field in the validation request data. | Exceeded number of verification requests sent from an IP address after a certain date (current date minus period duration). Parameters: Period – time period, default value is TimeSpan("01:00:00"), Count is number of requests, default value is 3. The risk is triggered if more than 3 requests came from one IP address within one hour, counting from the current request. |
1 | PeriodicAttack | Moderate | Fields in validation request data:
| Applicant verification requests with different ValidationRequestId and similar user's environment fingerprint. The user environment fingerprint is the set of fields listed in the data required for the risk to work. |
6 | DuplicateFace | Significant | The faceImageBase64 field in the validation request data. | Registered applicant with a face match confidence higher than the parameter value. Parameters: FaceValidationPercent |
7 | InconsistentMetadata | Significant | The phone number specified in the applicant data. The deviceMetadata.Ip and deviceMetadata.timeZone fields in the validation request data. | Inconsistencies were found in the client metadata during verification Possible Inconsistencies:
|
8 | MissingMetadata | Moderate | The deviceMetadata.Ip and deviceMetadata.timeZone fields in the validation request data. | The validation request data is missing required fields. |
9 | UntrustedIp | Moderate | The deviceMetadata.Ip field in the validation request data. | Ip at registration does not match the ip of authorization. |
10 | MotionControlFailed | Moderate | Motion control info from web component | The user's movements do not match the web component's instructions when recording motion control video |
11 | UntrustedDevice | Moderate | The userAgent field in the validation request data. | The device fingerprint at registration does not match the device fingerprint at authorization. |
Get a list of risks
The request returns a list of occurred risks. The list of risks can be filtered by time. If you do not set filtering, all created risks will be displayed, starting with the last one.
Endpoint: GET /publicapi/api/v2/private/RiskEvents
Parameters:
Field name | Description | Value |
Page | Page number | From 1 to 2147483647 |
PageSize | Maximum number of applicants listed on the page | От 1 до 400 |
The following optional fields can be used to search and sort:
Field name | Description |
CreatedFrom | Lower date limit: dd-mm-yyyy |
CreatedTo | Upper date limit: dd-mm-yyyy |
SortField | Sorting field. You can specify firstName, lastName, phone, etc. |
Order | Sorting order for the selected field. For descending order specify the value: descending. Ascending order is set by default. |
TextFilter | Text search |
Level | Risk level. From 0 (Moderate) to 1 (Significant) |
Type | Risk type number |
Request example:
curl -X 'GET' \
'https://baf.ai/publicapi/api/v2/private/RiskEvents?Page=1&PageSize=10' \
-H 'accept: text/plain' \
-H 'Authorization: Bearer sk_3938ab7b-cdbf-4a1a-952b-e3782f061f4b'
Response example:
Status Code | 200 |
{
"page": 0,
"pageSize": 0,
"total": 0,
"totalPages": 0,
"items": [
{
"id": "3fa85***", // risk ID
"validationResponseId": 0,
"validationRequestId": "3fa85***",
"level": 0,
"type": 0,
"created": "2023-09-20T10:45:37.851Z"
}
]
}
Possible errors:
Code | Message | Description | Code |
400 | No sorting by selected property. | Wrong sorting field selected | 120026 |
Get a List of Risk Types Being Monitored
The request returns a list of available risk types and their statuses.
Endpoint: GET /publicapi/api/v2/private/RiskManagement/ActiveRisks
Request example:
curl -X 'GET' \
'https://baf.ai/publicapi/api/v2/private/RiskManagement/ActiveRisks' \
-H 'accept: text/plain' \
-H 'Authorization: Bearer sk_3938ab7b-cdbf-4a1a-952b-e3782f061f4b'
Response example:
Status Code | 200 |
[
{
"riskType": 0,
"description": "Mass Attack",
"isActive": false
},
{
"riskType": 1,
"description": "Periodic Attack",
"isActive": false
},
{
"riskType": 6,
"description": "Duplicate Face",
"isActive": true
},
{
"riskType": 7,
"description": "Inconsistent Metadata",
"isActive": false
},
{
"riskType": 8,
"description": "Missing Metadata",
"isActive": false
},
{
"riskType": 9,
"description": "Untrusted Ip",
"isActive": false
},
{
"riskType": 10,
"description": "Motion Control Failed",
"isActive": false
},
{
"riskType": 11,
"description": "Untrusted device",
"isActive": false
}
]
Enable/disable risk activity
The request allows you to specify active risks that will affect the verification progress. If the risk affects the validation progress and is triggered, the attempt will be considered failed. As the body of the request it is necessary to pass an array of the types of risks that will be enabled. To disable all risks, you must pass an empty list.
Endpoint: PUT /publicapi/api/v2/private/RiskManagement/ActiveRisks
Request body:
[
0,1,6
]
Request example:
curl -X 'PUT' \
'https://baf.ai/publicapi/api/v2/private/RiskManagement/ActiveRisks' \
-H 'accept: */*' \
-H 'Authorization: Bearer sk_3938ab7b-cdbf-4a1a-952b-e3782f061f4b' \
-H 'Content-Type: application/json' \
-d '[
0,1,6
]'
Response example:
Status Code | 200 |