Digital footprint checks

Use digital footprint signals to assess applicant risk before verification.

Digital footprint checks help you assess applicant risk before identity verification starts. The checks analyze contact data, such as email addresses and phone numbers, and return early risk signals during sign-up and other pre-KYC flows.

This early signal layer helps you identify potentially risky users before document verification. You can use it to block clearly high-risk applicants, route applicants to a different verification flow, trigger step-up checks, or send cases to manual review.

Digital footprint checks help detect early signs of:

Fake and synthetic identities
Identity takeover attempts
Anonymity-seeking behavior
Accounts created for resale or transfer
Drop accounts and money mule activity
Verification scams and social engineering

The solution includes three components:

Email risk assessment — evaluates risk signals related to an email address.
Phone risk assessment — evaluates risk signals related to a phone number.
Identity enrichment — provides additional context and connections related to these identifiers.

Together, they help you evaluate how trustworthy a digital identity looks before actual verification begins.

Email addresses and phone numbers do not only provide contact details. They also reflect how a user created, used, and connected those identifiers over time. That history gives you a useful risk context early in the user journey.

For example, an email address can show whether it looks disposable or was created for one-time use. A phone number can show whether it belongs to an actual mobile user or to a virtual number that someone can generate at scale.

These identifiers also carry usage signals:

Long-term, consistent activity usually points to a more established digital identity.
A new, sparse, or fragmented footprint often increases risk, especially when it appears together with other suspicious signals.

Consistency makes these checks much more useful. A phone country that does not match the user’s IP location, or contact data that does not align with identity data from documents, can point to identity theft, synthetic identities, or other fraud patterns.

📘
Note
A weak digital footprint does not prove fraud on its own. A legitimate user may have limited online history, may use a recently issued number, or may deliberately keep a low digital profile. For that reason, digital footprint checks work best when you combine them with other risk signals rather than treat them as a standalone decision source.

How digital footprint checks work

Digital Footprint Checks combine signals from global data sources into a unified risk assessment.

Basic (structural) signals

At the most basic level, the checks look at the core properties of an email address or phone number:

For email, this includes domain type, validity, and deliverability.
For phone numbers, this includes number type, carrier, and country.

These signals help detect straightforward fraud patterns, such as disposable emails or virtual phone numbers created in bulk.

Digital presence signals

The checks also evaluate digital presence. This helps you understand whether:

Identifier has an established footprint across platforms.
It shows signs of continued use over time.

A stronger footprint usually suggests long-term use, while a weak or missing footprint can point to a newly created or synthetic identity.

Identity enrichment signals

Identity enrichment signals add more context by linking an email address or phone number to other publicly available or historically observed data. This can include:

Possible names
Related identity signals
Historical usage patterns.

That context helps you judge whether the identifier behaves like part of a real identity.

👍
Tip
The checks become even more useful when you compare these results with other applicant data.
For example, if the phone country does not match the user IP-based location, or if the contact data does not align with the identity information collected later in the flow, the mismatch may indicate fraud. In practice, these consistency checks often provide stronger signals than any single attribute on its own.

What data checks return

Digital Footprint Checks return both raw data and an aggregated risk score.

The raw output includes detailed signals and attributes from email, phone, and enrichment checks. You can use this data to create custom rules, decision logic, or internal scoring models.

The aggregated output combines multiple signals into a single risk indicator. This makes decisioning easier when you need a faster and more standardized way to assess risk. You can use this score directly or combine it with other risk inputs in your own model.

How we calculate email and phone risk level

The risk calculation for a phone number and email address is based on several checks that help to assess whether they are trustworthy or potentially suspicious. Each factor contributes to an overall risk level that indicates whether the phone number or email address is safe, medium-risk, or high-risk.

Email checks

Check	Description
OTP verified	Indicates an email’s credibility and authenticity that are checked via sending an OTP code.
Disposable email	Shows whether an email address is temporary and might disappear after a short period.
Registered account found	Shows whether an email address has been used to register an account on social media.
Not suspicious email	Reveals a potential fraudulent use of a provided email address.
Active email	Verifies deliverability of a provided email address that identifies whether the email is valid and actively used.
Real domain	Confirms if an email's domain exists.
Risk level	Shows an email's risk level that is calculated based on the results of the risk assessment checks. Green (Low Risk): The email address is considered trustworthy and likely belongs to the applicant. It is verified, active, from a real domain, and not disposable. Yellow (Medium Risk): The email has some caution flags, such as lacking web registrations or having a suspicious name mismatch. The email might still be legitimate but has some warning signs. Red (High Risk): The email shows several red flags, such as being blocked in your Client lists, disposable, undeliverable, or from a non-existent domain. This indicates a high probability of the email being fraudulent or unreliable.

Phone checks

Check	Description
OTP verified	Indicates a phone number’s credibility and authenticity that are checked via sending an OTP code.
Disposable number	Shows whether a phone number is temporary and potentially used to avoid traceability.
Registered account found	Shows whether a phone number has been used to register an account on social media.
Valid number	Reveals a phone number’s validity indicating whether it is a fake or incomplete number.
Active number	Verifies deliverability of a provided phone number that identifies whether the phone number is valid and actively used.
Not a virtual number	Checks if a provided number is virtual and used to hide a caller’s location.
Blocklisted	Indicates if a phone number has been blocklisted (the internal Sumsub blocklist) due to misuse or suspicious activity.
Risk level	Shows a phone number’s risk level calculated based on the results of the risk assessment checks. Green (Low Risk): The phone number is trustworthy, likely active, not disposable or virtual, and may be linked to social media or web registrations. You can confidently consider the number credible. Yellow (Medium Risk): The phone number has some minor concerns, such as lacking web registrations or being associated with unknown activity. The phone number could still be legitimate but has minor risk factors. Red (High Risk): The phone number shows several red flags, such as being disposable, invalid, blocklisted, or virtual. This indicates a high likelihood of the number being fraudulent or used for suspicious purposes. Avoid relying on this number.

📘
Note
All check results can be displayed in 3 different states depending on the found information:

Red indicator—an email/phone number has failed checks and might be considered risky.

Green indicator—an email/phone number has passed verification and it has been confirmed that they are trustworthy/genuine, and so on.

Yellow indicator—the system could not conduct verification and find information to verify a provided email/phone number.

How to use digital footprint signals

You can integrate digital footprint checks into onboarding and pre-verification decisioning flows to identify risk before you ask the applicant to complete identity verification.

Digital footprint сhecks work well together with email and phone verification. This allows you to:

Confirm that the user owns the contact data.
Assess the potential risk.

You can also use digital footprint checks without verification by providing email addresses or phone numbers when creating an applicant via this API method.

Request example:

curl -X POST \
  'https://api.sumsub.com/resources/applicants?levelName=basic-kyc-level' \
  -H 'Content-Type: application/json' \
  -d '{
          "externalUserId": "someUniqueUserId",
          "email": "[email protected]",
          "phone": "+449112081223",
          "fixedInfo": {
              "country": "GBR",
              "placeOfBirth": "London"
          }
      }'

📘
Note
For broader implementation guidance and decision flow examples, refer to this article.

Interpret results

Digital Footprint Checks provide risk signals, not final conclusions. A weak signal may reflect fraud, but it may also reflect a legitimate user with limited digital history, a new phone number, a VoIP number, or a privacy-focused online presence.

👍
Tip
Treat the results as part of a broader risk model. Compare them with device, behavior, identity, and transaction data. Pay close attention to mismatches between identifiers and other user attributes.

You can use the results in several ways:

As a standalone, you can send an email address or phone number through API and act on the results directly.
In Applicant Risk Scoring, you can combine digital footprint outputs with device, behavioral, identity, or transaction signals and evaluate them in one scoring system.
In onboarding flows, you can use the results to define next steps, such as allowing the applicant to continue verification, adding new verification steps, routing the case to manual review, or blocking the flow.

In many cases, the most effective response is not an immediate block but a stronger verification path. For example, when the footprint looks weak or inconsistent, you may want to request additional verification or collect more data before making a final decision. This approach helps reduce false positives while still catching meaningful risk early.