Understanding risk assessments

Risk assessment types
Incognia may provide one of three types of risk assessment:
high_risk: Incognia identifies the action (e.g. sign up, login, etc.) performed by the device to be fraudulent.
low_risk: Incognia identified the action performed by the device to be legitimate.
unknown_risk: Incognia is unable to provide a precise assessment at the time of the request.
Subsequent requests for the same action and/or device may result in different assessments given that Incognia's algorithms improve over time.
Risk assessment evidence
The Incognia APIs rely on evidence to calculate risk assessments. Some evidence values pertain to all assessments, regardless of use case, while others are only relevant to specific use cases.
When parsing API responses, you should consider all evidence optional. Because new evidence can be added at any time, consider parsing the evidence field as a generic JSON object, unless you plan to use specific evidence to make a decision.
The table below describes possible evidence values, their meaning, and which use cases they impact.
Evidence
Description
Type
Use Cases
device_model
Model of the device used to perform the given action
string
All
location_events_quantity
Amount of recent location events associated with the device
integer
All
location_services
Whether or not the device has enabled location gathering, withlocation_permissions_enabled , and the location sensors, withlocation_sensors_enabled
object with boolean flags
All
device_integrity
Indicates if the device is rooted (probable_root ), if an emulator has been used (emulator), if GPS data is being faked (gps_spoofing ), and if your app was downloaded from an official store (from_official_store)
object with boolean flags
All
geocode_quality
Indicates if a declared address was successfully geocoded by Incognia
enum (good, poor)
Onboarding 
location_events_near_address
Number of location events near the declared address
integer
Onboarding 
device_fraud_reputation
Indicates if the device appears on any watchlist or allowlist built with client reports
enum (unknown, confirmed_fraud, allowed
All
device_behavior_reputation
Indicates if the device appears on an allowlist built by Incognia's models
enum (unknown ,allowed )
Login
activity_evidence
Timestamps indicating the device's first and last locations known by Incognia near this address (first_known_address_activityand last_known_address_activity) and the first assessment made by Incognia for this signup (first_addres_verification )
object with UNIX timestamps
Onboarding
distance_to_trusted_location
Distance between the device's current location and the closest location known to be frequented by the device
double
Login
last_location_ts
Timestamp of the last location event associated with the device
UNIX timestamp
Login
sensor_match_type
Indicates which type of matching strategy was utilized to produce a result
string (see Understanding sensor match types below)
Login
​
Understanding sensor match types
Match Type
Description
gps_only
When Incognia is able to perform comparisons by GPS data
wifi_scan
When Incognia is able to perform comparisons by WiFi sensors, but no matching connected networks are found
wifi_connection
When Incognia is able to perform comparisons by connected WiFi networks

APIs - Previous

Feedback

Next - Additional Information

Finding identifiers

Last updated 3 weeks ago

Evidence	Description	Type	Use Cases
`device_model`	Model of the device used to perform the given action	string	All
`location_events_quantity`	Amount of recent location events associated with the device	integer	All
`location_services`	Whether or not the device has enabled location gathering, with`location_permissions_enabled` , and the location sensors, with`location_sensors_enabled`	object with boolean flags	All
`device_integrity`	Indicates if the device is rooted (`probable_root` ), if an emulator has been used (`emulator`), if GPS data is being faked (`gps_spoofing` ), and if your app was downloaded from an official store (`from_official_store`)	object with boolean flags	All
`geocode_quality`	Indicates if a declared address was successfully geocoded by Incognia	enum (`good`, `poor`)	Onboarding
`location_events_near_address`	Number of location events near the declared address	integer	Onboarding
`device_fraud_reputation`	Indicates if the device appears on any watchlist or allowlist built with client reports	enum (`unknown`, `confirmed_fraud`, `allowed`	All
`device_behavior_reputation`	Indicates if the device appears on an allowlist built by Incognia's models	enum (`unknown` ,`allowed` )	Login
`activity_evidence`	Timestamps indicating the device's first and last locations known by Incognia near this address (`first_known_address_activity`and `last_known_address_activity`) and the first assessment made by Incognia for this signup (`first_addres_verification` )	object with UNIX timestamps	Onboarding
`distance_to_trusted_location`	Distance between the device's current location and the closest location known to be frequented by the device	double	Login
`last_location_ts`	Timestamp of the last location event associated with the device	UNIX timestamp	Login
`sensor_match_type`	Indicates which type of matching strategy was utilized to produce a result	string (see Understanding sensor match types below)	Login

Match Type	Description
`gps_only`	When Incognia is able to perform comparisons by GPS data
`wifi_scan`	When Incognia is able to perform comparisons by WiFi sensors, but no matching connected networks are found
`wifi_connection`	When Incognia is able to perform comparisons by connected WiFi networks