The Fraud Data service supports scopes and claims as shown in the below tables.
Scopes
The following scopes with corresponding API access are suppored. See the section on Access Tokens (Fraud Data) for further information on the use of these scopes.
| Scope | API access |
|---|---|
| fraud-data-rs/GetSecurityData | securityData |
Claims
The following table shows a selection of the supported claims in response from the fraud-data service. A complete list of supported claims are not included in this documentation for security reasons. Documentation on all supported claims can be provided upon request. Note that a distinction is made between raw data and derived data about the transaction in question.
| Claim | Example | Supported IDP | Description | Comment |
|---|---|---|---|---|
tid | 754a1771-8f6a-4fa5-b6d7-47d81dda493d | Any | Transaction ID | |
transaction_data | | Any | List of key-value pairs with raw data about the transaction | |
transaction_data:BankID_browserName | Chrome | BankID netcentric | User-Agent name from the end-user device | |
transaction_data:BankID_timeZone | Europe/Oslo | BankID netcentric | Default time-zone from the end-user device | |
transaction_data:BankID_osName | Linux | BankID netcentric | Operating system on the end-user device | |
transaction_data:BankID_osVersion | Unknown | BankID netcentric | Operating system version on the end-user device | |
transaction_data:BankID_userAgent | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36 | BankID netcentric | User-Agent string from the end-user device | |
transaction_data:BankID_language | \"en-US\" | BankID netcentric | Default langue setting from the end-user device | |
derived_data | {...} | Any | List of key-value pairs with derived data about the transaction | |
derived_data:BankID_User_IP | 195.18.161.2 | BankID netcentric | IP address from which the traffic from the end-user device come. | |
derived_data:BankID_Alarm_IDx | No alarms | BankID netcentric | List of defined IDx alarms that are triggered for the transaction in question (ID2, ID3, ID4m ID5m ID6, ID8). | |
derived_data:BankID_fpf | 0 | BankID netcentric | Foul Play Factor risk score (0-1). Is an aggregate/composite risk score indicating how suspicious a transaction is considered to be. The threshold may vary as the raw data and relative weighting are subject to continuous analysis and adjustment. | |
derived_data:BankID_fpf_classification | Unknown | BankID netcentric | Traffic light classification of Foul Play Factor risk score (Green, Yellow, Red, Unknown). | |
derived_data:BankID_env | 0 | BankID netcentric | Environment risk score (0-1). Indicates to which extent the transaction is from an environment that the user has used before. The environment is a composite of information relating to the device used, geographic location etc. The closer the score is to 1, the more unknown the environment is for the user. | |
derived_data:BankID_env_classification | Unknown | BankID netcentric | Traffic light classification of Environment risk score (Green, Yellow, Red, Unknown). | |
derived_data:BankID_irs | 0 | BankID netcentric | Infection risk score (0-1). Indicates that data from the end-user device is not as expected. This could be because the device has been infected by a banking trojan or crapware, in the form of html injects or overloaded built-in functions. | |
derived_data:BankID_irs_classification | Unknown | BankID netcentric | Traffic light classification of Infection risk score (Green, Yellow, Red, Unknown). | |
derived_data:BankID_dms | 0 | BankID netcentric | Data manipulation risk score (0-1). Indicates that data from the end-user device is not as expected. This could be because a deliberate attempt has been made to manipulate parameter values. | |
derived_data:BankID_dms_classification | Unknown | BankID netcentric | Traffic light classification of Data manipulation risk score (Green, Yellow, Red, Unknown). | |
derived_data:BankID_ips | 0 | BankID netcentric | IP address risk score (0-1). Based on previous traffic observed from this IP address. It is strongly recommended that if the corresponding classification is Red, all transactions from this IP address the last 3 hours (or more) should be investigated. | |
derived_data:BankID_ips_classification | Unknown | BankID netcentric | Traffic light classification of IP address risk score (Green, Yellow, Red, Unknown). |