Fraud type codes
|Fraud type code||Fraud type||Description|
|1000||None||No fraud detected.|
|2101||Code Injection||Code injection is the exploitation of a bug that is caused by processing invalid data. Injection is used by an attacker to introduce (or “inject”) code into a vulnerable landing page to go through the billing flow.|
|2201||Malicious app – gen. 1||This application fakes any classic application but in the background it will subscribe the user to DCB services without his consent.
False positive on this specific pattern could be generated by network latency or integration problem (please check your te parameter)
|2202||Malicious app – gen. 2||Malicious app with a second generation of transactions engine.
Started to appear in August 2018.
|2203||Malicious app – gen. 3||Malicious app with a second generation of transactions engine.
Started to appear in March 2019.
|2301||ClickJacking||ClickJacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on. In order to avoid any false positive, you should provide us URL of any iframe used in your flow.|
|2401||Spoofing – gen. 1||Hijacking of the network connection of the user to perform transactions.
It can be done :
|2402||Spoofing – gen. 2||Spoofing with a second generation of browser emulation engine.
Started to appear in October 2017.
|2403||Spoofing – gen. 3||Spoofing with a third generation of browser emulation engine.
Started to appear in February 2018.
|2404||Spoofing – gen. 4||Spoofing with a fourth generation of browser emulation engine.
Started to appear in September 2018.
|2405||Spoofing – gen. 5||Spoofing with a fifth generation of browser emulation engine.
Started to appear in April 2019.
|2406||Spoofing – gen. 6||Spoofing with a sixth generation of browser emulation engine.
Started to appear in June 2019.
|2407||Spoofing – gen. 7||Spoofing with a seventh generation of browser emulation engine.
Started to appear in December 2019.
|2501||Remotely controlled fraud – gen. 1||The device is controlled by a program that emulates human behavior.
It can be done :
False positive can be generated by an integration error. Most of the time, it’s due to complex event handler on the landing page.
|2502||Remotely controlled fraud – gen. 2||Remotely controlled fraud with a second generation of user emulation engine. Started to appear in August 2018.|
|2601||Blacklisted App||The application sending the traffic belongs to a list of blacklisted apps known for fraudulent activity.|
|2701||Replay Attacks||A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed|
|2702||Replay Attacks – gen. 2||A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Started to appear in December 2019.|
|3101||Accidental click||Click to be considered has unintentional click. It can be caused by browser bugs, fat fingers or too much clicks on the page before the protected page.|
Error type codes
|Error type code||Description|
|missing-mandatory-parameter||A mandatory parameter is missing|
|missing-transaction-id||The ti parameter is missing|
|invalid-action||The action request API is invalid|
|invalid-signature||The signature is invalid or malformed|
|unknown-token||The token does not exist|
Fraud type codes – DEPRECATED
|Fraud type code||Fraud type||Description||Example|
|1000||none||No fraud detectedfraud detected.||–|
|2001||Bad bot||Bad bot trying to mimic real user behavior||Malware downloading URL|
|2002||Spoofing||Someone or something trying to disguise themselves as a real user but pieces just don’t add up. Analysis of dozens of different pieces of information about the user, browser, OS, etc and look for incoherences.||A Safari browser on an Android phone.|
|2003||Replay Attacks||URLs such as transaction confirmation pages are extracted from their context and hidden in fake pages with clickbait call to actions to make them called by a real user.||The subscription page is downloaded by a man-in-the-middle and victims are automatically redirected to the subscription links gathered by the attacker.|
|2005||Browser Exploits||Malicious code is executed by the user by exploiting cross-site scripting techniques||XSS vulnerabilities are exploited to produce a link going to the billing page that will automatically click on the confirmation link.|
|2006||Click Jacking||Web browser hack, the user clicks on a hidden page instead of the page he is shown, to accomplish actions unknowingly.||The billing page is loaded with full transparency and the user clicks on an item, not realising he is clicking on a billing link.|
|2008||Touch Jacking||In-app hack, the user clicks on a hidden page instead of the page he is shown, to accomplish actions unknowingly.||Malware opening a webview and clicking automatically on items in the Webview.|