Annex

Fraud type codes

Fraud type code Fraud type Description
1000 None No fraud detected.
2101 Code Injection Code injection is the exploitation of a bug that is caused by processing invalid data. Injection is used by an attacker to introduce (or “inject”) code into a vulnerable landing page to go through the billing flow.
2201 Malicious app – gen. 1 This application fakes any classic application but in the background it will subscribe the user to DCB services without his consent.
False positive on this specific pattern could be generated by network latency or integration problem (please check your te parameter)
2202 Malicious app – gen. 2 Malicious app with a second generation of transactions engine.
Started to appear in August 2018.
2203 Malicious app – gen. 3 Malicious app with a third generation of transactions engine.
Started to appear in March 2019.
2301 ClickJacking ClickJacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on.
2401 Spoofing – gen. 1 Hijacking of the network connection of the user to perform transactions. It can be done :
  1. by a malicious app
  2. by a PC malware connected to a mobile phone
False positive can be generated by testers using their computer or third party tool to emulate a device.
2402 Spoofing – gen. 2 Spoofing with a second generation of browser emulation engine.
Started to appear in October 2017.
2403 Spoofing – gen. 3 Spoofing with a second generation of browser emulation engine.
Started to appear in February 2018.
2404 Spoofing – gen. 4 Spoofing with a second generation of browser emulation engine.
Started to appear in September 2018.
2501 Remotely controlled fraud – gen. 1 The device is controlled by a program that emulates human behavior. It can be done :
  1. by a malicious app
  2. by a PC malware connected to a mobile phone
  3. it can also be a monitoring tool.
False positive can be generated by an integration error. Most of the time, it’s due to complex event handler on the landing page.
2502 Remotely controlled fraud – gen. 2 Remotely controlled fraud with a second generation of user emulation engine. Started to appear in August 2018.
2601 Blacklisted App The application sending the traffic belongs to a list of blacklisted apps known for fraudulent activity.
3101 Accidental click Click to be considered has unintentional click. It can be caused by browser bugs, fat fingers or too much clicks on the page before the protected page.

Fraud type codes – DEPRECATED

Fraud type code Fraud type Description Example
1000 None No fraud detected
2001 Bad bot Bad bot trying to mimic real user behavior Malware downloading URL
2002 Spoofing Someone or something trying to disguise themselves as a real user but pieces just don’t add up. Analysis of dozens of different pieces of information about the user, browser, OS, etc and look for incoherences. A Safari browser on an Android phone.
2003 Replay Attacks URLs such as transaction confirmation pages are extracted from their context and hidden in fake pages with clickbait call to actions to make them called by a real user. The subscription page is downloaded by a man-in-the-middle and victims are automatically redirected to the subscription links gathered by the attacker.
2005 Browser Exploits Malicious code is executed by the user by exploiting cross-site scripting techniques XSS vulnerabilities are exploited to produce a link going to the billing page that will automatically click on the confirmation link.
2006 Click Jacking Web browser hack, the user clicks on a hidden page instead of the page he is shown, to accomplish actions unknowingly. The billing page is loaded with full transparency and the user clicks on an item, not realising he is clicking on a billing link.
2008 Touch Jacking In-app hack, the user clicks on a hidden page instead of the page he is shown, to accomplish actions unknowingly. Malware opening a webview and clicking automatically on items in the Webview.