Incognia may provide three types of risk assessments, which depend on our confidence level in a given action performed by a device in one of our supported use cases:
high_risk: Incognia deems the action (e.g. sign up, login) performed by the device to be potentially fraudulent, and advises you to take preventive actions in these scenarios;
low_risk: Incognia considers this action performed by the device to be safe to accept;
unknown_risk: Incognia is unable to provide a precise assessment at the time of the request.
Incognia's APIs rely on evidence to provide risk assessments. This evidence is built on top of different analyses through distinct lenses. Some evidence values pertain to all assessments, regardless of use case, while others are only relevant to specific use cases.
The table below describes possible evidence values, their meaning, and which use cases they impact.
|Model of the device used to perform the given action.||string||All|
|Amount of recent location events associated with the device.||integer||All|
|Whether or not the device has enabled location gathering, with||object with boolean flags||All|
|Indicates if the device is probably rooted (||object with boolean flags||All|
|Indicates if a declared address was able to be successfully geocoded by Incognia.||enum (||Onboarding / Payment|
|Indicates if a declared address matches an existing address.||enum (good, medium, poor)||Onboarding / Payment|
|Indicates the level of match that the declared address has with the users previous locations.||enum(see Understanding address match)||Onboarding / Payment|
|Amount of location events near the declared address.||integer||Onboarding / Payment|
|Indicates the ratio between the total number of payment transactions and the total number of chargebacks up to 150 meters away from the declared address.||double||Payment|
|Indicates the ratio between the total number of payment transactions and the total number of chargebacks up to 1500 meters away from the declared address.||double||Payment|
|Indicates the ratio between the total number of payment transactions and the total number of chargebacks up to 5000 meters away from the declared address.||double||Payment|
|Indicates the total sum of values in payment transactions reported by the customer in that given device, grouped by currency code (ISO 4217).||double||Payment|
|Indicates if the device appears in any kind of watchlist or allowlist built with client reports.||enum (||All|
|Indicates if the device appears in a dynamic allowlist or watchlist built by Incognia's models.||enum (||All|
|Datetimes indicating the device's first and last locations known by Incognia near this address (||object with datetimes||Onboarding|
|Whether we have information about this Account ID provided via Feedback API||boolean||Login / Payment|
|Distance between the device's current location to it's past frequent locations.||double||Login / Payment|
|Date and time of the last location event associated with the device.||datetime||Login / Payment|
|Indicates which type of matching strategy was utilized to produce a result.||string (see Understanding sensor match types )||Login / Payment|
|Indicates the number of accounts accessed on the device in the last 30 days.||integer||Payment|
|Indicates the number of application reinstallations done on the device in the last 30 days.||integer||Payment|
|Indicates if the account received a ||object||Login|
|When Incognia is able to perform comparisons by GPS data.|
|When Incognia is able to perform comparisons by Wi-Fi sensors, but no matching connected networks are found.|
|When Incognia is able to perform comparisons by connected Wi-Fi networks.|
The match is done by comparing the address provided with Incognia's location database for the user in this order, from worst to best, the matching stops at the last successful match level.