The Advanced IP check lets you extract the IP address of the device your applicant uses for verification, and run it through our databases to ensure it is genuine and secure.

With the Advanced IP check, you can:

Ensure that cybercriminals do not intercept your applicant traffic.
Reveal the applicant location.
Find out if your applicant uses a VPN to connect to the internet.

📘
Note
The Advanced IP check is available at an additional cost. Contact us to learn more.

How it works

An IP address—short for Internet Protocol address—is a unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. It serves as an identifier for the source and destination of internet traffic.

Your applicants consent for personal data processing allows Sumsub to use built-in analytical tools to collect their IP addresses.

According to the internal logic, the system checks the data and returns the results as red, yellow, or green labels, depending on how much risk the specified IP address poses.

Advanced IP check list

The following table explains the available advanced IP checks.

Check	Description
IP	The IP address of the device used by the applicant.
Location	The country and the city where the applicant is located.
Organization	The legal name of the applicant's internet provider.
Internet provider	The company name of the applicant's internet provider.
Connection type	Indicates whether the connection is residential or business.
Risk score	Indicates the risk score (from 0.01 to 99) calculated by the system where more than 10 is risky.
Risk level	Labels the detected IP address as safe (GREEN), suspicious (YELLOW), or risky (RED).
Proxy	Indicates whether a proxy server is used and labels it as safe (GREEN), suspicious (YELLOW) risky (RED).
VPN	Indicates whether the VPN is used and labels it as safe (GREEN), suspicious (YELLOW), or risky (RED).
TOR	Indicates whether the detected IP address is tunnelled through other devices and labels the connection as safe (GREEN), suspicious (YELLOW), or risky (RED).

Get started

To start using the Advanced IP check:

On the Configurations tab of the verification level settings, enable the IP insights checkbox.
Verify your applicants using the WebSDK or MobileSDK.
Review the results.

Review IP check results

To view the Advanced IP check results:

In the Dashboard, go to the Applicants page and open the profile that you need.
Scroll down to the IP check section and review the results.

Alternatively, you can use this API method to get the results, as the following example demonstrates.

Request

curl -X GET \
    'https://api.sumsub.com/resources/checks/latest?applicantId=6735ad170942f455a3711bf3&type=IP_CHECK'

Response

{
  "checks": [
    {
      "answer": "RED",
      "checkType": "IP_CHECK",
      "createdAt": "2024-05-16 05:55:31",
      "id": "551d88ba-896d-4f4a-970d-44457fe4be0f",
      "ipCheckInfo": {
        "ip": "3.124.154.191",
        "ipInfo": {
          "ip": "3.124.154.191",
          "countryCode2": "DE",
          "countryCode3": "DEU",
          "city": "Frankfurt am Main",
          "zipCode": "60313",
          "lat": 50.1187,
          "lon": 8.6842,
          "asn": 16509,
          "asnOrg": "AMAZON-02",
          "riskyAsn": false
        },
        "internetServiceProvider": "Amazon.com",
        "connectionType": "hosting",
        "organization": "AMAZON-02",
        "proxy": "GREEN",
        "vpn": "RED",
        "tor": "GREEN",
        "riskLevel": "RED",
        "riskScore": 12.5
      }
    }
  ]
}

Risk labels

The following risk labels are assigned to applicant profiles during the Advanced IP check and indicate certain characteristics of an applicant.

Label	API name	Description
VPN usage	`vpnUsage`	Detects whether VPN connection is used. Based on the `RED` VPN usage flag or blacklisted ASN used.
TOR usage	`torUsage`	Detects whether TOR connection is used. Based on the `RED` TOR usage flag.
High risk IP	`highRiskIp`	Indicates high risk IP addresses. Based on the `RED` Risk level flag.
Devices from distant IP locations were used	`distantIpLocations`	Login from different and distant IP addresses for a short period of time. Based on the 100KM geographical distances between consecutive IP locations for applicant actions with blacklisted ASN used.
Mismatch between ID document country and IP country	`idDocCountryVsIpCountryMismatch`	ID document country mismatches the country IP address. Checks if there is any mismatch between the countries associated with the applicant's IP address and ID documents.
Mismatch between applicant address and IP country	`addressCountryVsIpCountryMismatch`	The physical address does not meet the IP address. Checks if there is any mismatch between the address country and IP address country.
Country of photo creation is different from IP and ID document countries	`exifCountryVsIdDocCountryOrIpCountryMismatch`	Country of photo creation is different from IP and ID document countries. Checks if the country derived from the image metadata matches the applicant’s ID document and IP country.
Failure to continue on another device	`failedSessionContinuation`	The session was interrupted. Based on the failed attempt to open a WebSDK link.
Multiple devices were used	`multipleDevices`	Informs whether the applicant uses multiple devices (>1 device). Set if multiple unique desktop devices were used.
Multiple mobile devices were used	`multipleMobileDevices`	Informs whether the applicant uses multiple mobile devices (>1 mobile platform). Set if multiple unique mobile devices were used.
Lengthy onboarding session	`lengthySession`	The session lasts too long (>=10 minutes). Set if the applicant ID uploading activity consists of two or more session attempts. It calculates the time difference between the earliest and latest event timestamps. If the time difference exceeds 10 minutes, this risk labels will be added.

📘Note

How it works

Advanced IP check list

Get started

Review IP check results

Risk labels

📘
Note