How It Works
The TrustPath Fraud Detection API works by analyzing user events and evaluating user behavior to identify and assess potential risks.
User Events
User events are specific actions that occur on your platform, such as:
- Account registration
- Account login
- Order purchase
- User-generated content (e.g., comments, ads, posts)
TrustPath treats user behavior as a series of events, meaning that risk analysis is performed both on individual events and across historical data.
Example Workflow
Consider the following scenario where a user wishes to make a purchase.
As the user completes their purchase, you can use the TrustPath Device Intelligence JS SDK to collect relevant device intelligence data.
Once the user has completed all the necessary actions and the data has been sent to your server, the risk analysis process begins. To initiate this process, you will create a request containing the following information:
- User IP address
- User email
- Purchase details
- Device intelligence data
Along with your API key, you will send this request to the TrustPath Risk Evaluation API.
TrustPath API Processing
Upon receiving the request, the TrustPath API follows a multi-step process:
-
Data Enrichment: The API first enriches the provided data to enhance its context and completeness.
-
Historical Data Analysis: The API then evaluates the user's historical behavior to better understand patterns and anomalies.
-
AI Inference: If necessary, the API will run inferences using an AI model to assess potential risks. (Note: AI inference is applied only to specific events, not all.)
-
Business Rules Evaluation: The API applies tailored rules specific to your business to assess the risk further.
-
Fraud Score and Decision: The API generates a fraud score and determines a state (e.g., Approve, Review, Decline).
-
Response: The API responds with:
- Enriched data
- Fraud score
- State (Approve, Review, Decline)
- Details of any triggered rules
Decision Making
Based on the response from the TrustPath API, your server can take action based on one of the following states:
- Approve: Accept the user's behavior as legitimate.
- Review: Place the behavior under review for further manual inspection.
- Decline: Reject the user's behavior as potentially fraudulent.
Below is a partial example of an API response, showing the request details, with the scoring and state of the response at the bottom:
{
"request": {
"content": null,
"device_intelligence": {
"browser_hash": "8d58a953db00c9f399168b1415384197a5522c79af774bc40ef7936cb82e6e57",
"browser_name": "Chrome",
"browser_version": "119.0.0.0",
"cookie_enabled": true,
"cookie_hash": "2b2357b0e234a77b2b480d8f3adab9ae9f39d2bbeae226c5a80727f68d38ae09",
"device_hash": "a868f7234aabe18f7128e262830ada29c1deb6c4fc0eb1b6ceca6402b36ee5ae",
"device_model": "Mozilla/5.0 (iPod; U; CPU iPhone OS 3_2 like Mac OS X; brx-IN) AppleWebKit/533.12.7 (KHTML, like Gecko) Version/4.0.5 Mobile/8B119 Safari/6533.12.7",
"device_os": "Mozilla/5.0 (compatible; MSIE 9.0; Windows 98; Trident/5.0)",
"device_type": null
},
"email": "scott04@xio7s7zsx8arq.ga",
"event_type": "account_register",
"ip": "89.84.133.255",
"phone": "791-628-7904",
"purchase": null,
"user": {
"address": {
"city": "Cortezbury",
"country": "PE",
"postal_code": "00539",
"region": "South Dakota",
"street": "2923 Zachary Corner"
},
"birth_date": null,
"birth_place": null,
"first_name": "Lisa",
"last_name": "Marshall",
"middle_name": null,
"user_id": "151221e8-77ff-4315-9716-af498a63d8ff",
"user_name": null
}
},
"response": {
"content": null,
"device_intelligence": null,
"email": {
"asn": null,
"company": null,
"domain": "xio7s7zsx8arq.ga",
"threat_signal": {
"asn_malicious_ip_ratio": null,
"is_abusive_ip": false,
"is_deliverable": false,
"is_disposable": true,
"is_proxy_server": false,
"is_reserved_ip": false,
"is_role_account": false,
"is_tor_exit_node": false,
"is_web_crawler": false
},
"valid": true,
"value": "scott04@xio7s7zsx8arq.ga"
},
"event_id": "c3c34db4-ae0f-45ca-92e4-611a28dbc0af",
"ip": {
"asn": {
"abuse": {
"address": "Bouygues Telecom, 13-15 avenue du Marechal Juin, 92366 Meudon-la-Foret cedex, France",
"email": "abuse@bouyguestelecom.fr",
"name": "Network Operation Centre Bouygues Telecom FAI",
"phone": ""
},
"active": true,
"asn": 5410,
"country": "fr",
"created": "2002-09-24",
"descr": "BOUYGTEL-ISP, FR",
"domain": "bouyguestelecom.fr",
"org": "Bouygues Telecom SA",
"route": "89.80.0.0/12",
"type": "isp",
"updated": "2020-02-11"
},
"company": {
"domain": "bouyguestelecom.fr",
"name": "BOUYGTEL ISP WIRELINE",
"type": "isp"
},
"geo_location": {
"city": "Paris",
"continent": "EU",
"country": "France",
"country_code": "FR",
"currencies": [
{
"currency_code": "EUR",
"currency_name": "Euro",
"currency_symbol": "€"
}
],
"is_in_eurozone": true,
"latitude": 48.85341,
"local_time": "2025-03-05T09:24:01+01:00",
"longitude": 2.3488,
"state": "Ile-de-France",
"timezone": "Europe/Paris",
"zip": "75998 CEDEX 14"
},
"threat_signal": {
"is_abusive_ip": false,
"is_data_center_ip": false,
"is_mobile_network": false,
"is_proxy_server": false,
"is_reserved_ip": false,
"is_tor_exit_node": false,
"is_vpn_connection": false,
"is_web_crawler": false
},
"valid": true,
"value": "89.84.133.255"
},
"score": {
"details": [
{
"result": false,
"rule_name": "Email address is disposable",
"rule_type": "static"
},
{
"result": false,
"rule_name": "Email is not deliverable",
"rule_type": "static"
},
{
"result": false,
"rule_name": "User country is different from IP country",
"rule_type": "relational"
}
],
"fraud_score": 100,
"state": "decline"
}
}
}