Skip to main content
Version: v5

Understanding risk assessments

Risk assessment types#

Incognia may provide three types of risk assessments, which depend on our confidence level in a given action performed by a device in one of our supported use cases:

  • high_risk: Incognia deems the action (e.g. sign up, login) performed by the device to be potentially fraudulent, and advises you to take preventive actions in these scenarios;
  • low_risk: Incognia considers this action performed by the device to be safe to accept;
  • unknown_risk: Incognia is unable to provide a precise assessment at the time of the request.
Subsequent requests for the same action and/or device may result in different assessments depending on the time passed, since Incognia's algorithms improve over time.

Risk assessment evidence#

Incognia's APIs rely on evidence to provide risk assessments. This evidence is built on top of different analyses through distinct lenses. Some evidence values pertain to all assessments, regardless of use case, while others are only relevant to specific use cases.

When parsing API responses, you should consider all evidence as optional. Also, new evidence can be added at any time. Because of this, consider parsing the evidence field as a generic JSON object unless you'll use some specific evidence for making a decision.

The table below describes possible evidence values, their meaning, and which use cases they impact.

EvidenceDescriptionTypeUse Cases
device_modelModel of the device used to perform the given action.stringAll
location_events_quantityAmount of recent location events associated with the device.integerAll
location_servicesWhether or not the device has enabled location gathering, withlocation_permissions_enabled , and the location sensors, withlocation_sensors_enabled.object with boolean flagsAll
device_integrityIndicates if the device is probably rooted (probable_root ), if an emulator has been used (emulator), if GPS data is being faked (gps_spoofing ), and if your app was downloaded from official stores (from_official_store).object with boolean flagsAll
geocode_qualityIndicates if a declared address was able to be successfully geocoded by Incognia.enum (good, poor)Onboarding / Payment
address_qualityIndicates if a declared address matches an existing address.enum (good, medium, poor)Onboarding / Payment
address_matchIndicates the level of match that the declared address has with the users previous locations.enum(see Understanding address match)Onboarding / Payment
location_events_near_addressAmount of location events near the declared address.integerOnboarding / Payment
chargeback_rate_near_150_metersIndicates the ratio between the total number of payment transactions and the total number of chargebacks up to 150 meters away from the declared address.doublePayment
chargeback_rate_near_1500_metersIndicates the ratio between the total number of payment transactions and the total number of chargebacks up to 1500 meters away from the declared address.doublePayment
chargeback_rate_near_5000_metersIndicates the ratio between the total number of payment transactions and the total number of chargebacks up to 5000 meters away from the declared address.doublePayment
device_transaction_sumIndicates the total sum of values in payment transactions reported by the customer in that given device, grouped by currency code (ISO 4217).doublePayment
device_fraud_reputationIndicates if the device appears in any kind of watchlist or allowlist built with client reports.enum (unknown, confirmed_fraud, allowedAll
device_behavior_reputationIndicates if the device appears in a dynamic allowlist or watchlist built by Incognia's models.enum (unknown ,allowed, suspect )All
activity_evidenceDatetimes indicating the device's first and last locations known by Incognia near this address (first_known_address_activityand last_known_address_activity) and the first assessment made by Incognia for this sign up (first_addres_verification )object with datetimesOnboarding
known_accountWhether we have information about this Account ID provided via Feedback APIbooleanLogin / Payment
distance_to_trusted_locationDistance between the device's current location to it's past frequent locations.doubleLogin / Payment
last_location_tsDate and time of the last location event associated with the device.datetimeLogin / Payment
sensor_match_typeIndicates which type of matching strategy was utilized to produce a result.string (see Understanding sensor match types )Login / Payment
accessed_accountsIndicates the number of accounts accessed on the device in the last 30 days.integerPayment
app_reinstallationsIndicates the number of application reinstallations done on the device in the last 30 days.integerPayment
account_integrityIndicates if the account received a high_risk assessment in the last 30 minutes (recent_high_risk_assessment) and how much milliseconds remain before this assessment is considered stale (risk_window_remaining).objectLogin

Understanding sensor match types#

Match TypeDescription
gpsWhen Incognia is able to perform comparisons by GPS data.
wifi_scanWhen Incognia is able to perform comparisons by Wi-Fi sensors, but no matching connected networks are found.
wifi_connectionWhen Incognia is able to perform comparisons by connected Wi-Fi networks.

Understanding address match#

The match is done by comparing the address provided with Incognia's location database for the user in this order, from worst to best, the matching stops at the last successful match level.

  1. postal_code
  2. country
  3. state
  4. city
  5. neighborhood
  6. street
  7. number