Importing Data
The first step in determining if fraud is present in your environment is to analyze the data you already have. Collect usage logs and submit them to Verosint using the command-line interface or directly using the API. This initial analysis will help you determine your users' basic traffic patterns and any outlier activity. The more data included for each system event, the more accurate Verosint's account fraud analysis will be. All data is analyzed and displayed in Explorer and SignalPrint, with details about each account and event.
Processing Identifiers
Verosint validates all provided identifiers to see if they are valid. If a given identifier is not valid, it is given a Risk labeling the on the event. Signal processing is skipped for invalid identifiers.
As long as there is one valid identifier, the event is saved and signals are processed for all valid parts of the event. If there is no valid identifier, the event is not saved.
Supported Identifier Fields
The following table lists the fields that you can submit to Verosint:
| Identifier Name | Description | Example |
|---|---|---|
| timestamp | RFC3339 or UNIX formatted timestamp (defaults to the time of submission when omitted) | 2023-03-25T16:04:43.865-05:00 |
| accountId | the unique user identifier (may be the same as email) | babsjensen |
| the email address of the user | [email protected] | |
| userAgent | the full user agent string associated with the event | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36 |
| ip | the origin IPv4 or IPv6 address | 97.105.216.107 |
| phone | the phone number of the user in the international phone number format | +15123944240 |
| type | the event type | LOGIN_SUCCESS |
| deviceId | the optional device ID associated with an event, with a maximum of 150 characters | device-abc-1234 |
Specifying Identifiers
- Event type, IP address, and user agent are required.
- If you add events without an account ID or an email address, they will not display in SignalPrint.
- If there is an email address but no account ID, it will display in SignalPrint if the email has history against other events with more data.
Each event may have at most one identifier for each type. For example, each event can only have a single IP address.
Event Types
Visit the API reference for a full list of supported event types.
Updated 4 days ago