Sign Up Protection

overview not every user who tries to create an account on your site has good intentions some are malicious actors attempting to create multiple accounts—whether for account aging and laying the groundwork for future fraud attacks or for abusing new account related discounts stopping abuse and fraud at the entry point protects your account ecosystem in multiple ways it helps prevent losses from users exploiting promotions, ensures compliance with your terms and conditions, and allows you to measure meaningful customer metrics accurately—giving you greater control over your ecosystem the signup https //docs forter com/reference/signup api helps prevent fraudulent account creation by providing approve/decline decisions in real time when a user attempts to register implementing the signup api is seamless, as outlined in the process below primary use cases there are a number of ways you can utilize the account sign up protection offered by this api the account sign up api can be used to enforce the following scenarios multiple account abuse to prevent the user from creating an account if they’ve already created \[x number] of accounts using alternate identifiers (email, phone) promotional/incentive/bonus abuse to prevent the user from creating an account if they’ve already used a referral code \[x number] times with any other credentials referral abuse to prevent the user from creating an account using a referral code if they’ve already used a referral code \[x number] times with any other credentials fake accounts to prevent the user from creating an account if any of their known aliases have been previously blocked due to fraud in the forter ecosystem seller side abuse to prevent sellers from creating an account if any of their known aliases have been previously blocked due to fraud, abuse, or another policy violation t\&c abuse to prevent the user from creating an account if any of their known aliases have been previously blocked due to policy violation an example may be to prevent the user from creating an account if they are flagged by merchant as a known abuser bot protection to prevent bots from generating accounts on your platform integration steps front end integration https //docs forter com/front end integration in your dedicated forter portal, you will receive a javascript snippet for both sandbox and production for native mobile apps, you will receive links to download forter's native sdks you'll paste the js script on the appropriate pages of your website or call mobile sdk methods on relevant mobile app screens so that it can load and asynchronously collect important behavioral data from your customer the script or mobileuid generated by the mobile sdk will also generate a unique token for each user on your site that should be included in the account sign up api request body send signup request for decision the signup api https //docs forter com/reference/signup is used for approving / declining account creation attempts by customers or end users signup api request data points collected are common signup properties account id and additional characteristics (e g type of account) eventtime the time that the trigger event occurred in milliseconds connectioninformation cyber intelligence data to analyze browsing behavior, device and connection quality such as ip address, user agent and data collected via js / mobile sdk user personal details user personal details such as email or additional info collected (phone, names, etc nice to have signup flow indicators (social sso used, "remember this device") { "accountid" "e520 ba9a 367 60b", "eventtime" 1415287568000, "connectioninformation" { "customerip" "10 0 0 127", "useragent" "mozilla/5 0 (windows nt 6 1; wow64) applewebkit/537 36 (khtml, like gecko) chrome/47 0 2526 73 safari/537 36", "fortertokencookie" "2315688945984" }, "channeltype" "web", "accountdata" { "personaldetails" { "firstname" "john", "lastname" "smith", "email" "john s\@test com" }, "created" 1415273168, "type" "business", "merchantaccountstatus" "open", "status" "active", } } signup api response the response body will include the accountid , correlationid , a decision, as well as parameters for the verification method and a recommendation for further identification if needed (i e mfa or supplementary identification documents) upon receipt of the response, you can leverage the forterdecision and recommendation parameters in the response body to curate the customer journey or block bad actors from creating bogus accounts on your site key fields forterdecision the latest forter decision regarding the attempted action said fields may hold one of various options "approve" for approved signup requests, where user should be allowed to register for a new accounts; "decline" for declined signup requests, where user should be declined from registering for new accounts; "verification required" for signup requests, where user should be triggered an additional verification (via email, sms, etc ,; "not reviewed" recommendation a specific recommendation for an action that might help the customer to complete their transaction/action (e g verify phone via sms, verify via push notification, verify email, perform a 3ds check, etc ) correlationid a forter unique identifier that should be sent to forter as part of the advancedauthenticationmethod object to correlate the mfa recommendation given in this response with the relevant additional authentication attempt result { "forterdecision" "verification required", "recommendation" "email verification", "accountid" "e520 ba9a 367 60b", "correlationid" "hgj7512345h3de", "verificationmethod" { "correlationid" "hgj7512345h3de", } }{ "forterdecision" "approve", "recommendation" "", "accountid" "e520 ba9a 367 60b", "correlationid" "hgj7512345h3de", "verificationmethod" { } } send authentication attempts the authentication result api https //docs forter com/reference/authentication result is used to inform forter of authentication results after an mfa was required by a previous signup api request, using the provided correlation id while no decision is provided on this request, it is required in order to ensure optimal customer experience as well as continuously improving the decision model authentication result api request key fields accountid customer's account uid in merchant's site eventtime the time that the trigger event occurred in milliseconds additionalauthenticationmethod correlationid a forter unique identifier that was provided as part of a forter api response recommending additional authentication measures used to correlate between the user action which triggered the recommendation and the authentication attempt result required when the additional authentication was triggered by forter's recommendation additionalauthenticationmethod verificationoutcome may take various forms depending on verification outcome for example additionalauthenticationmethod verificationoutcome is a general authentication result enumerated field with 3 possible values \["success"; "failure"; none attempted] please see the authentication result https //docs forter com/reference/authentication result api reference section for more details { "accountid" "e520 ba9a 367 60b", "eventtime" 1415287568000, "connectioninformation" { "customerip" "10 0 0 127", "useragent" "mozilla/5 0 (windows nt 6 1; wow64) applewebkit/537 36 (khtml, like gecko) chrome/47 0 2526 73 safari/537 36", "fortertokencookie" "2315688945984" }, "channeltype" "web", "additionalauthenticationmethod" { "verificationoutcome" "success", "correlationid" "87363864834", }, } authentication result api response as this api is only used to provide forter's model's additional information, the decision returned will always be "not reviewed" supplementary parameters like correlationid and accountid are also returned in the api response send account status updates the account status api https //docs forter com/reference/account status is used to provide forter model's additional information indication of accounts closed by the merchant or accounts that changed in status that reflect agreement or disagreement with forter's sign up decision (use / ignore the decision) the account status api is only intended to provide forter with additional details and does not return a new decision rather, the response will always be "not reviewed" account status api request main data points are status updated status (forter enum format) enumerated values include ("active"; "suspended"; "closed"; "guest"; "pending") statuschangereason merchant descriptive reason for closing the account { "accountid" "e520 ba9a 367 60b", "eventtime" 1415287568000, "status" "suspended", "statuschangereason" "user violation of coupon abuse policy", "connectioninformation" { "customerip" "10 0 0 127", "useragent" "mozilla/5 0 (windows nt 6 1; wow64) applewebkit/537 36 (khtml, like gecko) chrome/47 0 2526 73 safari/537 36", "fortertokencookie" "2315688945984" }, "type" "business", "merchantaccountstatus" "open", "statuschangeby" "merchant admin" } prepare and upload historical data / / /fraud management/historical data md to ensure the highest level of accuracy for our decisioning model, forter customizes our model to fit the specific risk profile of each of our customers we achieve this by training the model with your past signup and login data in order to provide you with better accuracy from day 1