Risk labels are assigned during verification and indicate certain characteristics of an applicant.

View risk labels

To see the risk labels:

In the Dashboard, go to the Applicants page.
Open an applicant profile and scroll down to the Risk labels section.

Email risk labels

Email risk labels are associated with email and phone verification.

Label	API name	Description
Disposable email	`disposable`	Temporary email address that usually expires after a short period of time.
High risk email	`highRisk`	A verdict made by the system according to the check results and internal logic.
Medium risk email	`mediumRisk`	A verdict made by the system according to the check results and internal logic.
No registrations on Web services found	`noWebRegistrations`	Email address registration is not detected.
No website exists	`noWebsiteExists`	Email domain does not exist.
Non-deliverable	`nonDeliverable`	An email address to which the messages cannot be delivered.

Phone risk labels

Phone risk labels are associated with email and phone verification.

Label	API name	Description
Disposable phone number	`disposable`	A temporary phone number that usually expires after a short period of time.
High risk phone	`highRisk`	A verdict made by the system according to the check results and internal logic.
Medium risk phone	`mediumRisk`	A verdict made by the system according to the check results and internal logic.
No registrations on Web services found	`noWebRegistrations`	Phone number registration is not detected.
Virtual phone	`virtual`	A virtual phone number is a number not associated with any physical location, allowing to make calls via internet.

Device risk labels

Device risk labels are associated with devices used by applicants to pass verification.

Label	API name	Description
Ad blocker	`adblock`	Detects whether the advertisement blocking software is used.
App tampering	`tampering`	Indicates the usage of anti-detect browser or tampering with the browser default behaviour.
Cloned application	`clonedApp`	Indicates whether the request is coming from a cloned application.
Developer tools detected	`developerTools`	Informs whether developer tools were manually opened in Chrome or Firefox browsers.
Devices from distant IP locations were used	`distantIpLocations`	Login from different and distant IP addresses over a short period of time.
Emulator detected	`emulator`	Informs whether the request was made with an emulator software.
Failure to continue on another device	`failedSessionContinuation`	The session was interrupted due to inability to seamlessly transfer sessions from one device to another.
Frida tool detected	`fridaTool`	Informs whether the Frida tool was used to intercept the app at runtime and change its behaviour.
High risk IP	`highRiskIp`	Indicates high risk IP addresses.
Incognito mode	`incognito`	Detects whether incognito or private modes are being used.
Jailbroken device	`jailbroken`	Detects unauthorized modifications made to the device.
Known bot	`goodBot`	Indicates that the bot is a well-known web crawler or other search engine bot.
Lengthy onboarding session	`lengthySession`	The session lasts too long.
Link access via external source	`thirdPartyLinkAccess`	The verification link has been opened in messaging apps or link shortening services.
Location spoofing	`locationSpoofing`	Indicates whether the location of the mobile device has been spoofed or not.
Malicious bot	`badBot`	Indicates that the bot is an automated tool that does not have legitimate uses and assumes fraudulent activity.
Man-in-the-Middle attack	`mitmAttack`	Detects whether the communication between two parties was intercepted and potentially modified.
Multiple devices were used	`multipleDevices`	Informs whether the applicant uses multiple devices.
Multiple mobile devices were used	`multipleMobileDevices`	Informs whether the applicant uses multiple mobile devices.
Privacy settings enabled	`privacySettingsMode`	Privacy settings that have the ability to randomize and obfuscate signal output are enabled.
Remote control detected	`remoteControl`	Indicates whether the request originated from a device being remotely controlled or remotely controlling another device.
Rooted device	`rooted`	User device has been modified to give them access to the root file system and administrative rights.
TOR usage	`torUsage`	Detects whether TOR connection is used.
Unusual activity	`highActivity`	The number of visits for the past 24 hours surpasses a threshold. The threshold is calculated for each user separately and is determined through a normal traffic distribution.
Virtual machine	`virtualMachine`	Detects whether the browser is running inside a virtualization software by examining the browser configuration.
VPN usage	`vpnUsage`	Detects whether VPN connection is used.

Cross-check risk labels

Cross-check risk labels are associated with the cross-checks based on matching different applicant data.

Label	API name	Description
Accounts in many other services	`accountsInManyServices`	The same account is registered in different services (>=5 accounts in different sources).
Country of photo creation is different from IP and ID document countries	`exifCountryVsIdDocCountryOrIpCountryMismatch`	Country of photo creation is different from IP and ID document countries.
Diverse countries in ID documents	`diverseIdDocCountries`	Identity documents were issued in different countries.
Many duplicates exists	`manyAccountDuplicates`	Lots of account duplicates are detected (>=3 accounts from one source; one client and one source key).
Mismatch between applicant address and IP country	`addressCountryVsIpCountryMismatch`	The physical address does not meet the IP address.
Mismatch between ID document country and IP country	`idDocCountryVsIpCountryMismatch`	ID document country mismatches the country IP address.

Selfie risk labels

Selfie risk labels are associated with selfies.

Label	API name	Description
Estimated age is different from the age on the ID document	`estimatedAgeMismatch`	The estimated age does not match the age indicated in documents.
Many attempts to submit a selfie	`manyAttempts`	There were too many attempts of passing a selfie check (>5 selfie attempts).
Multiple faces on selfies	`multipleFaces`	There are multiple faces present in the photo.
Persons seems to be asleep	`asleep`	The person in the picture is asleep.
Similar applicants with different data	`sameFaceWithDifferentData`	Supposedly different data in documents with the similar face detected. Such applicants might also be registered in other services.
Usage of virtual cameras	`virtualCameraPresent`	A visual software simulating real camera is detected.

AML risk labels

AML risk labels are associated with AML screening and monitoring.

Label	API name	Description
Adverse media	`adverseMedia`	Compromising information related to the applicant was found in the media.
Crime	`crime`	Applicant is suspected of criminal activities.
PEP	`PEP`	Applicant belongs to the PEP (Politically Exposed Person) category.
Sanctions	`sanctions`	Applicant was found in sanctions lists.
Terrorism	`terrorism`	Applicant is suspected of terrorism.

Person risk labels

Person risk labels are assigned when the applicant has certain characteristics as per the following table.

Label	API name	Description
Famous person	`famousPerson`	Indicates an assumption that the applicant is a famous person.
Name mismatch with the names associated with the email	`emailNameMismatchFromWebServices`	The provided applicant name does not match the names found by the specified email address.
Name mismatch with the names associated with the phone	`phoneNameMismatchFromWebServices`	The provided applicant name does not match the names found by the specified phone number.
No email names found in web services	`noEmailNamesFromWebServices`	No email names found in web services.
No phone names found in web services	`noPhoneNamesFromWebServices`	No phone names found in web services.
Strange name	`strangeName`	Applicant name seems to be not a real one.