Identity Protection at Sign Up

Enforce account policies at customer sign up

Identity Protection at Account Sign Up

Not every user who tries to create an account on your site is a good user. Some are cheaters, and others are fraudsters - and it’s best to prevent them entering your ecosystem. Stopping abuse or fraud at the door protects your company in diverse ways, including making sure you’re avoiding loss to people trying to take advantage of promotions unfairly, or abusing terms and conditions, and also ensures you’re measuring meaningful customer metrics that reflect a good reality.

Forter protects companies accounts by analyzing a new user attempting to set up an account, and then responding with an approve or decline decision, depending on whether the user is legitimate or not.

The Account Sign Up API is used to return approve/decline decisions when a customer attempts to create a new account. Protecting your account creation process with the Account Sign Up API is easy, as you’ll see from the process outlined here.

  • To prevent the user from creating an account if they’ve already created [X number] of accounts using alternate aliases (email, phone)
  • To prevent the user from creating an account if any of their known aliases have been previously blocked due to fraud, abuse, or another policy violation
  • Seller-side Abuse: To prevent sellers from creating an account if any of their known aliases have been previously blocked due to fraud, abuse, or another policy violation
  • To prevent the user from using a referral code if they’ve already used that code [X number] times with any of their known aliases
  • To prevent the user from creating an account if they are below [X Age] requirement

Account Sign Up API Use Cases

There are a number of ways you can utilize the account sign up protection offered by this API. The Account Sign Up API can be used to enforce the following identity policies:
  • To prevent the user from creating an account if they’ve already created [X number] of accounts using alternate aliases (email, phone)
    • To prevent the user from creating an account if any of their known aliases have been previously blocked due to fraud, abuse, or another policy violation.
      • Seller-side Abuse: To prevent sellers from creating an account if any of their known aliases have been previously blocked due to fraud, abuse, or another policy violation.
        • To prevent the user from using a referral code if they’ve already used that code [X number] times with any of their known aliases.
          • To prevent the user from creating an account if they are below [X Age] requirement.

Identity Protection for Account Sign Up Integration

Step 1: Front End Integration

In your dedicated Forter portal, you will receive a JavaScript snippet for both sandbox and production. For native mobile apps, you will receive links to download Forter's Native SDKs. You'll paste the JS script on the appropriate pages of your website or call mobile SDK methods on relevant mobile app screens so that it can load and asynchronously collect important behavioral data from your customer. The script or mobileUID generated by the mobile SDK will also generate a unique token for each user on your site that should be included in the Account Sign Up API Request Body.

Step 2: Account SignUp API

**Account Sign Up API Request** The Sign Up API is used for Approving / Declining account creation attempts by customers or end users. Data points collected are common signup properties:
  • Account ID and additional characteristics (e.g. type of account)
  • ConnectionInformation - Cyber intelligence data to analyze browsing behavior, device and connection quality such as IP address, user agent and data collected via JS / mobile SDK
  • User Personal Details - (email typically required, additional info collected (phone, names, etc..)
  • Nice-to-have signup flow indicators (Social SSO used, "remember this device")

Please see the Customer Account Sign Up API Reference section for more details.

{
  "accountId": "e520-ba9a-367-60b",
  "eventTime": 1415287568000,
  "connectionInformation": {
    "customerIP": "10.0.0.127",
    "userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36",
    "forterTokenCookie": "2315688945984"
  },
  "channelType": "WEB",
  "accountData": {
    "personalDetails": {
      "firstName": "John",
      "lastName": "Smith",
      "email": "[email protected]"
    },
    "created": 1415273168,
    "type": "BUSINESS",
    "merchantAccountStatus": "open",
    "status": "ACTIVE",
  }
}

Account Sign Up API Response
The Account Sign up response body will include the accountId, correlationId, a decision, as well as parameters for the verification method and a recommendation for further identification if needed (i.e. MFA or supplementary identification documents). Upon receipt of the response, you can leverage the "forterDecision" and "recommendation" parameters in the response body to curate the customer journey or block bad actors from creating bogus accounts on your site.

{
  "forterDecision": "APPROVE",
  "recommendation": "",
  "accountId": "e520-ba9a-367-60b",
  "correlationId": "HGJ7512345H3DE"
}

Step 3: Account Status API

The Account Status API is used to provide Forter with indications of abusive accounts closed by the merchant or accounts that changed in status that reflect agreement or disagreement with Forter's sign up decision (use / ignore the decision). The Account Status API is only intended to provide Forter with additional details and does NOT return a new decision. Rather, the response will always be `"NOT_REVIEWED"`. Please see the **Account Status Update API Reference** for full details.

Account Status API Request
Main Data Points are:

  • updated status (both in Forter enum format and the merchant descriptive format)
  • reason for closing the account
{
  "accountId": "e520-ba9a-367-60b",
  "eventTime": 1415287568000,
  "status": "ACTIVE",
  "connectionInformation": {
    "customerIP": "10.0.0.127",
    "userAgent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36",
    "forterTokenCookie": "2315688945984"
  },
  "type": "BUSINESS",
  "merchantAccountStatus": "open",
  "statusChangeBy": "MERCHANT_ADMIN"
}

Account Status API Response
As this API is only used to provide Forter's model's additional information, the decision returned will always be "NOT_REVIEWED". Supplementary parameters like correlationId and accountId are also returned in the API response.