Risks
Risk management
Risk management includes determination, assessment and control of the impacts of external factors, as well as detection of deliberate attacks that could negatively affect BAF operation on customer’s resources.
Attacks on the system are detected using velocity checks, which track the number of repetitions of transaction data elements over certain time intervals, as well as the number of anomalies or similarities to fraudster behavior.
By default, BAF tracks and records all occurred risks. To ensure that the risk affects the verification progress (for example, an applicant is to be blocked during a mass attack), enable the risk activity.
| No. | RiskType | RiskLevel | Values | Conditions |
| 0 | MassAttack | Significant | ClientIp | Exceeded number of verification requests sent from an IP address after a certain date (current date minus period duration). Parameters: Period – time period, default value is TimeSpan("01:00:00"), Count is number of requests, default value is 3. The risk is triggered if more than 3 requests came from one IP address within one hour, counting from the current request. |
| 1 | PeriodicAttack | Moderate | ValidationRequestId BrowserInfo CanvasInfo FontsInfo Html5Info WebGlInfo | Applicant verification requests with different ValidationRequestId and similar device fingerprint. Fingerprint: for WebLib – a hash of the browser settings. |
| 6 | DuplicateFace | Significant | FaceImageBase64 | Registered applicant with a face match confidence higher than the parameter value. Parameters: FaceValidationPercent |
| 7 | InconsistentMetadata | Significant | Phone county TimeZone | Inconsistencies were found in the client metadata during verification Possible Inconsistencies:
|
| 8 | MissingMetadata | Moderate | ClientIp TimeZone | The verification attempt metadata is missing data Possible missing data:
|
| 9 | UntrustedIp | Moderate | ClientIp | IP at registration does not coincide with subsequent authorizations. |
Get a list of risks
The request returns a list of occurred risks. The list of risks can be filtered by time. If you do not set filtering, all created risks will be displayed, starting with the last one.
Endpoint: GET /publicapi/api/v2/private/RiskEvents
Parameters:
| Field name | Description | Value |
| Page | Page number | From 1 to 2147483647 |
| PageSize | Maximum number of applicants listed on the page | От 1 до 400 |
The following optional fields can be used to search and sort:
| Field name | Description |
| CreatedFrom | Lower date limit: dd-mm-yyyy |
| CreatedTo | Upper date limit: dd-mm-yyyy |
| SortField | Sorting field. You can specify firstName, lastName, phone, etc. |
| Order | Sorting order for the selected field. For descending order specify the value: descending. Ascending order is set by default. |
| TextFilter | Text search |
| Level | Risk level. From 0 to 1 |
| Type | Risk type: 0, 1, 6, 7, 8, 9 |
Request example:
curl -X 'GET' \
'https://baf.3divi.ai/publicapi/api/v2/private/RiskEvents?Page=1&PageSize=10' \
-H 'accept: text/plain' \
-H 'Authorization: Bearer sk_3938ab7b-cdbf-4a1a-952b-e3782f061f4b'
Response example:
| Status Code | 200 |
{
"page": 0,
"pageSize": 0,
"total": 0,
"totalPages": 0,
"items": [
{
"id": "3fa85***", // risk ID
"validationResponseId": 0,
"validationRequestId": "3fa85***",
"level": 0,
"type": 0,
"created": "2023-09-20T10:45:37.851Z"
}
]
}
Possible errors:
| Code | Message | Description | Code |
| 400 | No sorting by selected property. | Wrong sorting field selected | 120026 |
Get a List of Risk Types Being Monitored
The request returns a list of available risk types and their statuses.
Endpoint: GET /publicapi/api/v2/private/RiskManagement/ActiveRisks
Request example:
curl -X 'GET' \
'https://baf.3divi.ai/publicapi/api/v2/private/RiskManagement/ActiveRisks' \
-H 'accept: text/plain' \
-H 'Authorization: Bearer sk_3938ab7b-cdbf-4a1a-952b-e3782f061f4b'
Response example:
| Status Code | 200 |
[
{
"riskType": 0,
"description": "Mass Attack",
"isActive": false
},
{
"riskType": 1,
"description": "Periodic Attack",
"isActive": false
},
{
"riskType": 6,
"description": "Duplicate Face",
"isActive": false
}
]
Enable/disable risk activity
The request allows you to specify active risks that will affect the verification progress. In the request body specify risk types to be included.
Endpoint: PUT /publicapi/api/v2/private/RiskManagement/ActiveRisks
Request body:
[
0,1,6
]
Request example:
curl -X 'PUT' \
'https://baf.3divi.ai/publicapi/api/v2/private/RiskManagement/ActiveRisks' \
-H 'accept: */*' \
-H 'Authorization: Bearer sk_3938ab7b-cdbf-4a1a-952b-e3782f061f4b' \
-H 'Content-Type: application/json' \
-d '[
0,1,6
]'
Response example:
| Status Code | 200 |