At the sign-up stage, you may have very limited information about a user. Typically, this includes only basic details such as an email address, phone number, and some technical session data.

Even with this limited data, it is still possible to estimate fraud risk early. Sumsub Pre-KYC Risk Assessment solutions are specifically designed for the following cases:

• Non-regulated industries where user verification (KYC) is not required.
• Platforms that provide feature access before user verification.
• Services with specific events that should trigger user verification (for example, before withdrawal transactions).
• Businesses that need complex verification solutions to assign different checks based on a user’s risk profile.

Why early fraud detection matters

By adding risk scoring at the sign-up and onboarding stages, you can spot fraud at the very beginning while keeping a smooth user experience. This brings the following benefits to your work:

• Customizable verification steps based on risk.
• Detection and prevention of suspicious user activity at early stages.
• Simple onboarding for low-risk users.

Once you start estimating the risk level of users with Pre-KYC Risk Assessment, you can allow them access to features, request more checks, send profiles for manual review, or block offenders. All of these measures help you to be aware of and be protected from:

• Multi-accounting.
• Fake or synthetic accounts.
• Verified accounts created for passing to third parties (drop accounts, money mules, account farms, verification scams).
• Suspicious device and network environments.
• Links to previously blocked users who may try to access the platform again.

Use Risk assessment signals

This section outlines the types of user data that can be used to detect suspicious activity and violations and explains how exactly it can help.

Email and phone

Email and phone details are among the most valuable sources of information at early stages. Use the Email and phone verification product to detect suspicious or low-quality contact data:

• Disposable or temporary emails.
• Virtual phone numbers.
• Risky mobile networks.
• Mismatches with other data.

Digital footprint and Identity enrichment

Digital footprint checks monitor a user account behavior online to verify whether it is a real person. The various details are taken into account to spot weak or inconsistent data that indicates fakes or profile takeover:

• Account age.
• Data match across various sources.
• Similar data used across multiple accounts.
• Consistency between the document data and footprint information.

Device and IP intelligence

Device and IP data checks help to extend risk detection by recognizing odd patterns at another level — technical.

If you need to get started without any front-end integration, use the Advanced IP check to reveal risky network activity. To get more accurate and complex device associated insights, opt for the Device Intelligence JS SDK solution.

What patterns and behavior can be detected during the checks:

• Multiple account activity coming from the same device.
• Virtual devices and machines usage.
• Anonymized environments (privacy-preserving browsers, VPN, Proxies, TOR).
• Signs of tampering and spoofing (root access, jailbreaks, recent factory resets).
• Use of multiple, distant devices during the onboarding process.

Applicant data and custom rules

Applicant data collected during sign-up, such as platform—and business—specific metadata or data from questionnaires, can also be used to spot strange discrepancies and adjust verification measures by applying custom rules.

Applicant data and rules customization can help you to:

• Detect inconsistencies.
• Apply your own risk logic.
• Customize scoring for your business.

Fraud Networks

With Fraud Network Detection, you can spot coordinated fraud and multi-accounting. The following risky activities can be revealed:

• Connections to blocked users.
• Groups of related accounts.
• Shared devices or similar patterns.

Applicant risk scoring

Multiple signals can be considered and combined to work together as an evaluation system. The estimated applicant risk score is updated based on different factors such as verification session data, user actions, and transaction details. The risk scoring addresses the goals of:

• Combining multiple signals into rules.
• Setting thresholds and weights.
• Updating the risk score over time.

Make decisions based on risk level

When a risk score is estimated, you can determine what happens next. Our various solutions will help you take action suitable for different cases.

Risk-based tags

You can assign your users a tag representing their risk score or any custom tag helping you to sort applicants properly. These tags can be used to build a risk-oriented verification flow in Workflow Builder, or in monitoring rules logic.

Dynamic onboarding flows

You can tailor the onboarding flow to the detected risk level of your users. The flow for high-risk users may require additional checks to include, while low-risk users can be asked to go through more smooth and simple verification.

There is a list of solutions that can be included in verification depending on the case:

• Liveness check. Prevent automated activity, multi-accounting, and recurring abuse.
• Payment Method Check Advanced. Detect and stop fraud and chargebacks that occur during financial operations.
• Questionnaire. Collect more information about users whenever it is required, especially in edge cases.

Access restriction

Block applicants who are high-risk users to limit their access to the features and services of your platform. This stops fraud, saves verification costs, and prevents offending users from appearing in your online community.

Manual review via Case Management

To resolve complex cases that require more thorough consideration, conduct a manual review using the Case Management product. The main functionalities of the solution allow you to:

• Review flagged applicants.
• Investigate risk signals.
• Make decisions manually.

Continuous monitoring

Even if your user has passed onboarding successfully, you can keep track of their risk scoring to be aware of possible threats. Enable the following Sumsub products to protect your platform:

• Behavior Monitoring. Oversee user actions within the platform and respond before risk escalates.
• Transaction Monitoring. Monitor financial activity and take all related risk factors into account.

Integrate Pre-KYC Fraud Risk Assessment

This section explains step-by-step how to set up the Sumsub pre-KYC risk scoring, from collecting data at sign-up to making decisions based on a received risk level.

Step 1. Define onboarding flow

Establish your sign-up process before the pre-KYC risk scoring configuration. The following questions may help you to see a complete picture:

• Do you use your own registration form?
• Do you want Sumsub to handle email/phone verification or collect any other data using Sumsub’s SDKs?
• At what stage do you want to evaluate risk (for example, right after sign-up)?

Step 2. Create sign-up verification level

Add a verification level that will be used to collect and verify some of the user details at sign-up. Include one of the following checks:

• Email and phone verification for contact data validation.
• Device and Advanced IP checks to estimate the risks associated with networks and device behavior.

Create and configure the sign-up verification level:

1. In the Dashboard, go to Integrations→Individuals.
2. Click Create level.
3. Select the Standard level type and provide the name.
4. Delete all default verification steps such as Identity document and Selfie.
5. Add the Applicant data step and configure the fields:
   1. Include the fields with information you want to collect at sign-up(for example, First name, Last name, Email, and others).
   2. Select the Required checkbox next to the fields if necessary.
6. If you are going to use the Sumsub Email and phone verification, you can add the Phone verification and/or Email verification steps.
   1. Select the Lock email field and Lock phone number field checkboxes to verify the contact information provided within your own sign-up form.
7. Go to the Configurations tab of your level and navigate to Fraud prevention.
8. Select the checks you would like to perform.
9. Click Create level.

📘

Note

• You can find more detailed instructions on level configuration here.
• If you want to use Applicant risk scoring to calculate the overall risk of an applicant profile, make sure to set it up as per the documentation.

Step 3. Collect device data (recommended)

To improve risk detection, collect device data using Device Intelligence. To enable the device data collection:

1. If you use the Sumsub WebSDK or MobileSDK to collect data:
   1. Go to the previously created verification level.
   2. Navigate to the Configurations tab→Fraud prevention.
   3. Under the Device intelligence section, select the Capture device data checkbox.
2. If you collect data on your own:
   1. Integrate the Device Intelligence JS SDK into your sign-up page, following this guide. As a result, you will be able to link device data to a specific applicant profile using the access token.

Step 4. Create applicant via API

When a user signs up, create an applicant in Sumsub using the Create applicant API method.

Send the user data from your sign-up form:

• Email
• Phone number
• Device data via the accessToken field used in the previous step.
  • If you use only Advanced IP Check, provide the collected IP address via creationTrackingData.
  • In case of Device Intelligence, the IP address will be captured automatically together with the device data.
• Any additional fields you collect and wish to use for risk assessment, using standard fields in fixedInfo or custom fields using the metadata parameter.

📘

Note

At this stage, we also recommend to set up Source keys to be able to group together applicants coming from different sources (for example, from testing and production environments) and apply custom logic or access rights based on that.

Step 5. Request applicant check

After creating the applicant and attaching data, complete the checks via the Request applicant check API method.

At this point, Sumsub runs all checks, recognizes device data, calculates the risk score (if Applicant risk scoring is enabled), and detects hidden connections (if Fraud Network Detection is enabled).

Step 6. Receive verification results

You can get the verification results in two ways: via webhooks or API.

The webhooks send you results automatically and react to changes in real time updating your verification process instantly. With API, you can request specific results manually and tailor the verification process to your backend-based flows. To learn how to use both of these options for receiving results, refer to this article.

Use the various API endpoints to get results on specific checks:

• Applicant risk scoring: Get applicant data
• Email confirmation: Get email confirmation check results (includes risk assessment)
• Phone confirmation: Get phone confirmation check results (includes risk assessment)
• IP check: Get IP check results

There are also several helpful webhook types specific to risk assessment, in addition to getting the general verification results:

• applicantTagsChanged allows you to act considering custom tag changes you set up to track risk levels related to applicant via Applicant risk scoring or Workflow Builder.
• Fraud Network Detection webhooks allow you to get alerts in real time on newly found links and patterns between applicants.

Step 7. Apply decision logic

Define the next steps based on the received verification results. For example, you can stick to the logic suggested below or use your own decision-making flow.

• Low risk applicants→ allow access to the services and features of your platform
• Medium risk applicants→ assign additional checks
• High risk applicants→ restrict access to the platform or escalate a profile for manual review

Implement the decision-making system using one of the following options:

• Use your backend: get and utilize applicant tags via API and webhooks.
• Use Workflow Builder (recommended): configure conditions based on specific risk assessment results and navigate applicants to additional verification levels.

Step 8. Implement additional verification via SDK (optional)

Add an additional layer of protection by including additional checks (based on applicant actions) for risky applicants. What checks can be added to the verification flow:

• Liveness check. It allows you to make sure a real human is present, protects you from automated activity, and captures biometric data for deduplication, blocklist, and fraud network detection logic.
• Payment Method Check. It prevents payment-related fraud such as moving funds from stolen cards, resulting in chargebacks.
• Questionnaires. Collects more data about applicants using customizable forms.

📘

Note

• Integrate the Sumsub WebSDK or MobileSDK to run additional checks.
• You can perform these checks at the initial onboarding stage instead of later stages to be guarded against anonymous fraudulent activity and multi-accounting.

Step 9. Extend to monitoring (optional)

Conduct continuous risk monitoring to update the risk score of profiles over time, combine it with behavioral data, and take action based on new events and transactions.

Use the following solutions to monitor risk without interruption:

• Behavior Monitoring. Track actions like new logins, account changes, and various suspicious activities.
• Transaction Monitoring. Monitor deposits, withdrawals, and overall financial behavior.

Step 10. Enable manual review (optional)

Add the manual review option for edge cases and the escalation of high-risk profiles. Use the Case Management solution to:

• Investigate suspicious users.
• Review signals and history.
• Make final decisions.

Best practices for Pre-KYC Fraud Risk Assessment

This set of tips will help you to build a comprehensive verification flow to protect your platform at early stages:

• Use one applicant profile for the whole lifecycle. This ensures all signals, device data, and links are stored together and work correctly.
• Keep your data in a single place. It helps to make confident decisions, see risky activity in the context, and quickly iterate on fraud protection logic.
• Adjust verification based on risk level. For high-risk users, you can add more checks earlier, such as document verification or liveness.
• Prefer additional verification when possible (for example, use Liveness or Payment Method Check) instead of blocking applicants right away. You will deter fraudsters while still keeping a way for your legitimate users to have access to the service.
• Avoid final rejection logic based only on one specific risk signal. Take multiple risk factors into account to make confident decisions without making your onboarding experience too restrictive.
• Use Source keys to separate different flows. For example, you can split production users, test users, or different products.