Understanding risk assessments

Risk assessment types

Incognia may provide one of three types of risk assessment:

  • high_risk: Incognia identifies the action (e.g. sign up, login, etc.) performed by the device to be fraudulent.

  • low_risk: Incognia identified the action performed by the device to be legitimate.

  • unknown_risk: Incognia is unable to provide a precise assessment at the time of the request.

Subsequent requests for the same action and/or device may result in different assessments given that Incognia's algorithms improve over time.

Risk assessment evidence

The Incognia APIs rely on evidence to calculate risk assessments. Some evidence values pertain to all assessments, regardless of use case, while others are only relevant to specific use cases.

When parsing API responses, you should consider all evidence optional. Because new evidence can be added at any time, consider parsing the evidence field as a generic JSON object, unless you plan to use specific evidence to make a decision.

The table below describes possible evidence values, their meaning, and which use cases they impact.

Evidence

Description

Type

Use Cases

device_model

Model of the device used to perform the given action

string

All

location_events_quantity

Amount of recent location events associated with the device

integer

All

location_services

Whether or not the device has enabled location gathering, withlocation_permissions_enabled , and the location sensors, withlocation_sensors_enabled

object with boolean flags

All

device_integrity

Indicates if the device is rooted (probable_root ), if an emulator has been used (emulator), if GPS data is being faked (gps_spoofing ), and if your app was downloaded from an official store (from_official_store)

object with boolean flags

All

geocode_quality

Indicates if a declared address was successfully geocoded by Incognia

enum (good, poor)

Onboarding

location_events_near_address

Number of location events near the declared address

integer

Onboarding

device_fraud_reputation

Indicates if the device appears on any watchlist or allowlist built with client reports

enum (unknown, confirmed_fraud, allowed

All

device_behavior_reputation

Indicates if the device appears on an allowlist built by Incognia's models

enum (unknown ,allowed )

Login

activity_evidence

Timestamps indicating the device's first and last locations known by Incognia near this address (first_known_address_activityand last_known_address_activity) and the first assessment made by Incognia for this signup (first_addres_verification )

object with UNIX timestamps

Onboarding

distance_to_trusted_location

Distance between the device's current location and the closest location known to be frequented by the device

double

Login

last_location_ts

Timestamp of the last location event associated with the device

UNIX timestamp

Login

sensor_match_type

Indicates which type of matching strategy was utilized to produce a result

string (see Understanding sensor match types below)

Login

‚Äč

Understanding sensor match types

Match Type

Description

gps_only

When Incognia is able to perform comparisons by GPS data

wifi_scan

When Incognia is able to perform comparisons by WiFi sensors, but no matching connected networks are found

wifi_connection

When Incognia is able to perform comparisons by connected WiFi networks