Rules enable you to detect account fraud and prevent risky access to your systems. Each rule can contain one or more signals (or expressions) to determine whether the data associated with an account is valid or risky. Verosint provides several templates that you can implement, or you can create your own.
For example, you may want customers to sign up for your company’s new service. Registration may require a username, email address, and phone number. To be safe, you want to make sure each email address is valid, not found in any known breaches, and not from countries your company has restricted. You could create two types of rules to perform these safety checks.
Valid Email Rule - Create a rule and add the following signals to check the validity of each incoming email address:
Is this email a known malicious account?
Is this email disposable?
Is this email present in any current breaches?
If any of these are true for an incoming email, you can set the outcome of the rule to deny access, or you could have the outcome trigger additional security checks in your registration flow.
Country Access Rule - Create a rule and add the following signals to determine if the IP address is associated with an account coming from a country with which your company does not do business:
signals.ip.location.country == 'RU'
Is the IP address coming from Russia?
signals.ip.location.country == 'CN'
Is the IP address coming from China?
If an account is coming from a restricted country, you can set the outcome of the rule to deny access and prompt for a customer-friendly message about service area restrictions.
Rules can be created, imported, and exported in the Verosint interface or through the Rules API. Rules defined in the Verosint interface can be exported and evaluated with the
verosint tool. Imported and exported rules are in JSON format.
Using Lists with Rules
You can create rules that are applied to a specific set of accounts by creating a list and adding the list to a rule.
Updated 2 months ago