[{"data":1,"prerenderedAt":535},["ShallowReactive",2],{"docsv3-nav":3,"\u002Fdocs\u002Fv3\u002Fconcepts\u002Frisks":198},[4],{"title":5,"path":6,"stem":7,"children":8,"page":188},"V3","\u002Fdocs\u002Fv3","1.docs\u002Fv3",[9,13,17,21,38,87,189],{"title":10,"path":11,"stem":12},"Introduction","\u002Fdocs\u002Fv3\u002Fintroduction","1.docs\u002Fv3\u002F1.Introduction",{"title":14,"path":15,"stem":16},"Quick start","\u002Fdocs\u002Fv3\u002Fquick-start","1.docs\u002Fv3\u002F2.Quick start",{"title":18,"path":19,"stem":20},"Challenge flow","\u002Fdocs\u002Fv3\u002Fchallenge-flow","1.docs\u002Fv3\u002F3.Challenge flow",{"title":22,"path":23,"stem":24,"children":25},"Fundamentals","\u002Fdocs\u002Fv3\u002Ffundamentals","1.docs\u002Fv3\u002F4.fundamentals",[26,30,34],{"title":27,"path":28,"stem":29},"Signup protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Fsignup-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F00.Signup protection",{"title":31,"path":32,"stem":33},"Login protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Flogin-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F01.Login protection",{"title":35,"path":36,"stem":37},"Access protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Faccess-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F02.Access protection",{"title":39,"path":40,"stem":41,"children":42},"Guides","\u002Fdocs\u002Fv3\u002Fguides","1.docs\u002Fv3\u002F5.guides",[43,47,51,55,59,63,67,71,75,79,83],{"title":44,"path":45,"stem":46},"Account sharing prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Faccount-sharing-prevention","1.docs\u002Fv3\u002F5.guides\u002F1.Account sharing prevention",{"title":48,"path":49,"stem":50},"Web scraping prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fweb-scraping-prevention","1.docs\u002Fv3\u002F5.guides\u002F13.Web scraping prevention",{"title":52,"path":53,"stem":54},"Ban enforcement","\u002Fdocs\u002Fv3\u002Fguides\u002Fban-enforcement","1.docs\u002Fv3\u002F5.guides\u002F14.Ban enforcement",{"title":56,"path":57,"stem":58},"Chargeback dispute","\u002Fdocs\u002Fv3\u002Fguides\u002Fchargeback-dispute","1.docs\u002Fv3\u002F5.guides\u002F15.Chargeback dispute",{"title":60,"path":61,"stem":62},"Multi-accounting prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fmulti-accounting-prevention","1.docs\u002Fv3\u002F5.guides\u002F16.Multi-accounting prevention",{"title":64,"path":65,"stem":66},"Account takeover prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Faccount-takeover-prevention","1.docs\u002Fv3\u002F5.guides\u002F2.Account takeover prevention",{"title":68,"path":69,"stem":70},"Risky transaction prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Frisky-transaction-prevention","1.docs\u002Fv3\u002F5.guides\u002F20.Risky transaction prevention",{"title":72,"path":73,"stem":74},"Fake account detection","\u002Fdocs\u002Fv3\u002Fguides\u002Ffake-account-detection","1.docs\u002Fv3\u002F5.guides\u002F3.Fake account detection",{"title":76,"path":77,"stem":78},"Bot detection","\u002Fdocs\u002Fv3\u002Fguides\u002Fbot-detection","1.docs\u002Fv3\u002F5.guides\u002F4.Bot detection",{"title":80,"path":81,"stem":82},"Card testing prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fcard-testing-prevention","1.docs\u002Fv3\u002F5.guides\u002F5.Card testing prevention",{"title":84,"path":85,"stem":86},"Incentive abuse prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fincentive-abuse-prevention","1.docs\u002Fv3\u002F5.guides\u002F9.Incentive abuse prevention",{"title":88,"path":89,"stem":90,"children":91,"page":188},"Concepts","\u002Fdocs\u002Fv3\u002Fconcepts","1.docs\u002Fv3\u002F6.concepts",[92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184],{"title":93,"path":94,"stem":95},"Evaluations","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fevaluations","1.docs\u002Fv3\u002F6.concepts\u002F01.evaluations",{"title":97,"path":98,"stem":99},"Actions","\u002Fdocs\u002Fv3\u002Fconcepts\u002Factions","1.docs\u002Fv3\u002F6.concepts\u002F02.actions",{"title":101,"path":102,"stem":103},"Signals","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fsignals","1.docs\u002Fv3\u002F6.concepts\u002F03.signals",{"title":105,"path":106,"stem":107},"Checks","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchecks","1.docs\u002Fv3\u002F6.concepts\u002F04.checks",{"title":109,"path":110,"stem":111},"Risks","\u002Fdocs\u002Fv3\u002Fconcepts\u002Frisks","1.docs\u002Fv3\u002F6.concepts\u002F05.risks",{"title":113,"path":114,"stem":115},"Verdicts","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fverdicts","1.docs\u002Fv3\u002F6.concepts\u002F06.verdicts",{"title":117,"path":118,"stem":119},"Policies","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpolicies","1.docs\u002Fv3\u002F6.concepts\u002F07.policies",{"title":121,"path":122,"stem":123},"Challenges","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchallenges","1.docs\u002Fv3\u002F6.concepts\u002F08.challenges",{"title":125,"path":126,"stem":127},"Concurrency","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fconcurrency","1.docs\u002Fv3\u002F6.concepts\u002F09.concurrency",{"title":129,"path":130,"stem":131},"Impossible travel","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fimpossible-travel","1.docs\u002Fv3\u002F6.concepts\u002F10.impossible-travel",{"title":133,"path":134,"stem":135},"Bots","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fbots","1.docs\u002Fv3\u002F6.concepts\u002F11.bots",{"title":137,"path":138,"stem":139},"Devices","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fdevices","1.docs\u002Fv3\u002F6.concepts\u002F12.devices",{"title":141,"path":142,"stem":143},"Fingerprints","\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffingerprints","1.docs\u002Fv3\u002F6.concepts\u002F13.fingerprints",{"title":145,"path":146,"stem":147},"People","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpeople","1.docs\u002Fv3\u002F6.concepts\u002F14.people",{"title":149,"path":150,"stem":151},"Lists","\u002Fdocs\u002Fv3\u002Fconcepts\u002Flists","1.docs\u002Fv3\u002F6.concepts\u002F15.lists",{"title":153,"path":154,"stem":155},"Account takeover","\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-takeover","1.docs\u002Fv3\u002F6.concepts\u002F16.account-takeover",{"title":157,"path":158,"stem":159},"Account sharing","\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-sharing","1.docs\u002Fv3\u002F6.concepts\u002F17.account-sharing",{"title":161,"path":162,"stem":163},"Fake account","\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffake-account","1.docs\u002Fv3\u002F6.concepts\u002F18.fake-account",{"title":165,"path":166,"stem":167},"Scraping","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fscraping","1.docs\u002Fv3\u002F6.concepts\u002F19.scraping",{"title":169,"path":170,"stem":171},"Linked accounts","\u002Fdocs\u002Fv3\u002Fconcepts\u002Flinked-accounts","1.docs\u002Fv3\u002F6.concepts\u002F20.linked-accounts",{"title":173,"path":174,"stem":175},"New IP","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fip","1.docs\u002Fv3\u002F6.concepts\u002F21.ip",{"title":177,"path":178,"stem":179},"Anonymizing network","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fanonymizing-network","1.docs\u002Fv3\u002F6.concepts\u002F22.anonymizing-network",{"title":181,"path":182,"stem":183},"Email quality","\u002Fdocs\u002Fv3\u002Fconcepts\u002Femail","1.docs\u002Fv3\u002F6.concepts\u002F23.email",{"title":185,"path":186,"stem":187},"Velocity","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fvelocity","1.docs\u002Fv3\u002F6.concepts\u002F24.velocity",false,{"title":190,"path":191,"stem":192,"children":193,"page":188},"Advanced","\u002Fdocs\u002Fv3\u002Fadvanced","1.docs\u002Fv3\u002F7.Advanced",[194],{"title":195,"path":196,"stem":197},"Proxy setup","\u002Fdocs\u002Fv3\u002Fadvanced\u002Fproxy-setup","1.docs\u002Fv3\u002F7.Advanced\u002F1.Proxy-setup",{"id":199,"title":109,"body":200,"description":528,"extension":529,"meta":530,"navigation":531,"path":110,"rawbody":532,"seo":533,"stem":111,"__hash__":534},"docsv3\u002F1.docs\u002Fv3\u002F6.concepts\u002F05.risks.md",{"type":201,"value":202,"toc":516},"minimark",[203,207,229,234,237,263,282,306,324,328,331,336,346,435,439,442,486,490,500,503,507],[204,205,109],"h1",{"id":206},"risks",[208,209,210,211,215,216,220,221,224,225,228],"p",{},"A risk is Rupt's read on what an ",[212,213,214],"a",{"href":94},"evaluation"," looks like (",[217,218,219],"em",{},"this smells like account takeover, this looks like a fake account","), scored per category and graded by severity. A risk never dictates the ",[212,222,223],{"href":114},"verdict"," on its own. It's a summary, and your ",[212,226,227],{"href":118},"policies"," decide what to do with it.",[230,231,233],"h2",{"id":232},"how-a-risk-is-scored","How a risk is scored",[208,235,236],{},"Risks are built from the ground up:",[238,239,240,249,256],"ul",{},[241,242,243,248],"li",{},[244,245,246],"strong",{},[212,247,101],{"href":102}," are the raw measurements Rupt collects from the user's environment.",[241,250,251,255],{},[244,252,253],{},[212,254,105],{"href":106}," turn those signals into specific facts: is this IP a VPN, has this user moved impossibly far since last seen.",[241,257,258,259,262],{},"A ",[244,260,261],{},"risk"," takes the checks that predict it, weights each by how much it counts, and adds them up.",[208,264,265,266,270,271,270,274,277,278,281],{},"That weighted total is the score, and each risk maps its score to one of four severities: ",[267,268,269],"code",{},"low",", ",[267,272,273],{},"medium",[267,275,276],{},"high",", or ",[267,279,280],{},"maximum",".",[208,283,284,285,287,288,290,291,270,294,297,298,301,302,305],{},"The cutoffs aren't shared across risks. Each risk sets its own, because the same check can carry very different weight depending on what you're detecting: a score one risk treats as ",[267,286,276],{}," might still be ",[267,289,273],{}," for another. Severity also depends on how the checks combine, not just how many fire: for ",[212,292,293],{"href":158},"account sharing",[212,295,296],{"href":126},"concurrent sessions"," and ",[212,299,300],{"href":130},"impossible travel"," together rank far higher than either alone, while a modest ",[212,303,304],{"href":138},"device"," count on its own stays low.",[208,307,308,309,312,313,315,316,319,320,323],{},"The severities roll up into a ",[267,310,311],{},"risk_summary"," on the ",[212,314,214],{"href":94},". Read it in your own logic, or write a ",[212,317,318],{"href":118},"policy"," over the ",[212,321,322],{"href":106},"checks"," behind a risk. Matching a policy directly on a risk severity is coming soon.",[230,325,327],{"id":326},"standard-risks","Standard risks",[208,329,330],{},"Rupt ships with a standard set of risks out of the box, and the list grows as the fraud landscape shifts. You don't configure anything to get them. Most are scored for your policies to act on directly; a few Rupt only records for visibility.",[332,333,335],"h3",{"id":334},"acted-on-by-policies","Acted on by policies",[208,337,338,339,341,342,345],{},"Each of these is scored so your ",[212,340,227],{"href":118}," can match it directly, weighting every ",[212,343,344],{"href":106},"check"," by how strongly it predicts the risk.",[238,347,348,373,387,406,422],{},[241,349,350,359,360,363,364,270,367,369,370,281],{},[244,351,352,354,355,358],{},[212,353,153],{"href":154}," (",[267,356,357],{},"ato",")",": someone other than the owner is signing in. Leans on a new ",[212,361,362],{"href":142},"fingerprint",", a ",[212,365,366],{"href":174},"new IP",[212,368,300],{"href":130},", and ",[212,371,372],{"href":178},"anonymizing networks",[241,374,375,382,383,386],{},[244,376,377,354,379,358],{},[212,378,161],{"href":162},[267,380,381],{},"fake_account",": the signup probably isn't a real person. Driven by ",[212,384,385],{"href":182},"email quality",": disposable, invalid, unverified, or webmail.",[241,388,389,396,397,270,399,401,402,405],{},[244,390,391,354,393,358],{},[212,392,157],{"href":158},[267,394,395],{},"account_sharing",": one account, several people. Shows up as ",[212,398,296],{"href":126},[212,400,300],{"href":130},", and a pile of ",[212,403,404],{"href":138},"devices"," on one account.",[241,407,408,415,416,418,419,281],{},[244,409,410,354,412,358],{},[212,411,165],{"href":166},[267,413,414],{},"scraping",": automated extraction rather than a human. Flagged by ",[212,417,372],{"href":178}," and high ",[212,420,421],{"href":186},"velocity",[241,423,424,431,432,434],{},[244,425,426,354,428,358],{},[212,427,169],{"href":170},[267,429,430],{},"linked_accounts",": separate accounts sharing the same ",[212,433,362],{"href":142},". Catches multi-accounting and ban evasion.",[332,436,438],{"id":437},"recorded-for-visibility","Recorded for visibility",[208,440,441],{},"Rupt scores these on every evaluation but doesn't act on them by default. They surface in the dashboard so you can keep an eye on them.",[238,443,444,454,462,470,478],{},[241,445,446,451,452,281],{},[244,447,448],{},[267,449,450],{},"bot",": automated, non-human traffic. See ",[212,453,133],{"href":134},[241,455,456,461],{},[244,457,458],{},[267,459,460],{},"tampering",": the client environment has been modified to lie about itself.",[241,463,464,469],{},[244,465,466],{},[267,467,468],{},"anti_fingerprinting",": the user is running tooling built to defeat fingerprinting, like Tor Browser, Brave farbling, or Firefox RFP.",[241,471,472,477],{},[244,473,474],{},[267,475,476],{},"incognito",": the session is in private browsing mode.",[241,479,480,485],{},[244,481,482],{},[267,483,484],{},"replay_attack",": a captured evaluation is being replayed instead of run fresh.",[230,487,489],{"id":488},"custom-risks-coming-soon","Custom risks (coming soon)",[208,491,492,493,495,496,499],{},"Soon you'll be able to define your own risks in the dashboard. Since a risk is just a weighted set of ",[212,494,322],{"href":106},", and checks are derived from ",[212,497,498],{"href":102},"signals",", you'll pick the checks that matter, set how much each one counts, and choose the score thresholds that map to severity, the same machinery Rupt's built-in risks run on. That lets you target whatever's specific to your business: fraudulent listings, low-intent leads, payout abuse, and the like.",[208,501,502],{},"This is coming very soon.",[230,504,506],{"id":505},"where-risks-fit","Where risks fit",[208,508,509,510,512,513,515],{},"Risks summarize. ",[212,511,117],{"href":118}," decide. The ",[212,514,223],{"href":114}," acts.",{"title":517,"searchDepth":518,"depth":518,"links":519},"",2,[520,521,526,527],{"id":232,"depth":518,"text":233},{"id":326,"depth":518,"text":327,"children":522},[523,525],{"id":334,"depth":524,"text":335},3,{"id":437,"depth":524,"text":438},{"id":488,"depth":518,"text":489},{"id":505,"depth":518,"text":506},"A risk is Rupt's read on what an evaluation looks like, scored per category and graded by severity. Risks summarize; they don't dictate the verdict. Your policies decide what to do.","md",{},true,"---\ntitle: Risks\ndescription: A risk is Rupt's read on what an evaluation looks like, scored per category and graded by severity. Risks summarize; they don't dictate the verdict. Your policies decide what to do.\n---\n\n# Risks\n\nA risk is Rupt's read on what an [evaluation](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fevaluations) looks like (_this smells like account takeover, this looks like a fake account_), scored per category and graded by severity. A risk never dictates the [verdict](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fverdicts) on its own. It's a summary, and your [policies](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpolicies) decide what to do with it.\n\n## How a risk is scored\n\nRisks are built from the ground up:\n\n- **[Signals](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fsignals)** are the raw measurements Rupt collects from the user's environment.\n- **[Checks](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchecks)** turn those signals into specific facts: is this IP a VPN, has this user moved impossibly far since last seen.\n- A **risk** takes the checks that predict it, weights each by how much it counts, and adds them up.\n\nThat weighted total is the score, and each risk maps its score to one of four severities: `low`, `medium`, `high`, or `maximum`.\n\nThe cutoffs aren't shared across risks. Each risk sets its own, because the same check can carry very different weight depending on what you're detecting: a score one risk treats as `high` might still be `medium` for another. Severity also depends on how the checks combine, not just how many fire: for [account sharing](\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-sharing), [concurrent sessions](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fconcurrency) and [impossible travel](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fimpossible-travel) together rank far higher than either alone, while a modest [device](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fdevices) count on its own stays low.\n\nThe severities roll up into a `risk_summary` on the [evaluation](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fevaluations). Read it in your own logic, or write a [policy](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpolicies) over the [checks](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchecks) behind a risk. Matching a policy directly on a risk severity is coming soon.\n\n## Standard risks\n\nRupt ships with a standard set of risks out of the box, and the list grows as the fraud landscape shifts. You don't configure anything to get them. Most are scored for your policies to act on directly; a few Rupt only records for visibility.\n\n### Acted on by policies\n\nEach of these is scored so your [policies](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpolicies) can match it directly, weighting every [check](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchecks) by how strongly it predicts the risk.\n\n- **[Account takeover](\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-takeover) (`ato`)**: someone other than the owner is signing in. Leans on a new [fingerprint](\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffingerprints), a [new IP](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fip), [impossible travel](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fimpossible-travel), and [anonymizing networks](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fanonymizing-network).\n- **[Fake account](\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffake-account) (`fake_account`)**: the signup probably isn't a real person. Driven by [email quality](\u002Fdocs\u002Fv3\u002Fconcepts\u002Femail): disposable, invalid, unverified, or webmail.\n- **[Account sharing](\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-sharing) (`account_sharing`)**: one account, several people. Shows up as [concurrent sessions](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fconcurrency), [impossible travel](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fimpossible-travel), and a pile of [devices](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fdevices) on one account.\n- **[Scraping](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fscraping) (`scraping`)**: automated extraction rather than a human. Flagged by [anonymizing networks](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fanonymizing-network) and high [velocity](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fvelocity).\n- **[Linked accounts](\u002Fdocs\u002Fv3\u002Fconcepts\u002Flinked-accounts) (`linked_accounts`)**: separate accounts sharing the same [fingerprint](\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffingerprints). Catches multi-accounting and ban evasion.\n\n### Recorded for visibility\n\nRupt scores these on every evaluation but doesn't act on them by default. They surface in the dashboard so you can keep an eye on them.\n\n- **`bot`**: automated, non-human traffic. See [Bots](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fbots).\n- **`tampering`**: the client environment has been modified to lie about itself.\n- **`anti_fingerprinting`**: the user is running tooling built to defeat fingerprinting, like Tor Browser, Brave farbling, or Firefox RFP.\n- **`incognito`**: the session is in private browsing mode.\n- **`replay_attack`**: a captured evaluation is being replayed instead of run fresh.\n\n## Custom risks (coming soon)\n\nSoon you'll be able to define your own risks in the dashboard. Since a risk is just a weighted set of [checks](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchecks), and checks are derived from [signals](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fsignals), you'll pick the checks that matter, set how much each one counts, and choose the score thresholds that map to severity, the same machinery Rupt's built-in risks run on. That lets you target whatever's specific to your business: fraudulent listings, low-intent leads, payout abuse, and the like.\n\nThis is coming very soon.\n\n## Where risks fit\n\nRisks summarize. [Policies](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpolicies) decide. The [verdict](\u002Fdocs\u002Fv3\u002Fconcepts\u002Fverdicts) acts.\n",{"title":109,"description":528},"AVf9QQvrQc3X1PwyAhIZmT0FGFnCndTcwx_ZTvWH_Bs",1780344893238]