Registration Fraud Detection identifies account quality risks -- such as fake registrations and batch sign-ups -- during user growth. The service analyzes each registration event through behavioral profiling, risk network analysis, and sample comparison, then returns a risk score for real-time decision-making.
Editions
Registration Fraud Detection is available in two editions. Choose an edition based on the depth of risk assessment your business requires.
| Feature | Basic Edition | Enhanced Edition |
|---|---|---|
| Real-time analysis | Supported | Supported |
| Service return value | Quantitative score | Quantitative score, risk tags |
| Device risk monitoring | Not supported | Supported (detection for emulators, multi-instance apps, modem pools, device farms, cloud phones, and hooking) |
| Device fingerprint | Not supported | Supported |
| Fraud ring analysis | Not supported | Supported |
| Simple Log Service (SLS) delivery | Not supported | Supported (authorize log delivery to receive one year of free storage) |
Request parameters
Pass the request parameters inside the ServiceParameters field as a JSON object when calling the Registration Fraud Detection API.
Alibaba Cloud Fraud Detection does not validate the business format of input strings. You are responsible for validating inputs before sending them. For example, for the mobile field, verify that the value matches the mobile number format for the target country or region, such as an 11-digit number starting with 1 for the Chinese mainland.
Example request body
The following JSON shows a sample ServiceParameters value with commonly used fields:
{
"accountId": "10123****",
"operateTime": 1522555200,
"mobile": "001-718123****",
"ip": "42.120.XX.XX",
"email": "admin****@aliyun.com",
"nickName": "admin****",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36",
"refer": "https://www.aliyun.com/",
"mac": "C0:77:36:2E:XX:XX",
"operateSource": "PC",
"deviceType": "PC",
"appVersion": "1.0",
"deviceToken": "MzQvo1d7scyZ3tl_RcJZo_QOytAjy1LWRRLoRKo5oZSoo_JGj1ZoR5JGoRo5jcdn57gV5kxVRcLER5RQoZSvRZZQRcROjcMW5csZR_RGy_55RKJ_oooqZ7dSV5gRnKxOV7eWVQQjRtlRQoAjRcM0"
}Parameter reference
Identity parameters
| Field name | Editions | Data format | Required | Description |
|---|---|---|---|---|
| accountId | Basic, Enhanced | String | No (Recommended) | The account ID that uniquely identifies a user account. Example: 10123**** |
| Basic, Enhanced | String | Yes | The email address of the registering user. Example: admin****@aliyun.com | |
| mobile | Basic, Enhanced | String | No (Recommended) | The mobile number in the format country/region code-mobile number. Example: 001-718123**** |
| nickName | Basic, Enhanced | String | No | The account nickname. Example: admin**** |
Context parameters
| Field name | Editions | Data format | Required | Description |
|---|---|---|---|---|
| ip | Basic, Enhanced | String | No | The public IPv4 address of the client where the registration event occurred. Example: 42.120.XX.XX |
| userAgent | Basic, Enhanced | String | No (Recommended) | The User-Agent field from the HTTP request header. Example: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 |
| refer | Basic, Enhanced | String | No (Recommended) | The referer field from the HTTP request header. Example: https://www.aliyun.com/ |
Device parameters
| Field name | Editions | Data format | Required | Description |
|---|---|---|---|---|
| deviceToken | Enhanced only | String | No (Recommended for better results) | The device token obtained from the Device Risk SDK. Example: MzQvo1d7scyZ3tl_RcJZo_QOytAjy1LW... |
| mac | Basic, Enhanced | String | No (Recommended) | The MAC address of the device. Example: C0:77:36:2E:XX:XX |
| deviceType | Basic, Enhanced | String | No (Recommended) | The device type. Valid values: PC, MOBILE. |
Behavioral parameters
| Field name | Editions | Data format | Required | Description |
|---|---|---|---|---|
| operateTime | Basic, Enhanced | Long | No | The Unix timestamp of the operation in seconds (GMT). For example, the GMT time 2018-04-01 12:00:00 corresponds to the timestamp 1522555200. Note When scanning historical data for risks, pass the historical operation time in this field. This prevents misidentification from incorrect time calculations. |
| operateSource | Basic, Enhanced | String | No (Recommended) | The source of the operation. Valid values: PC, H5, App. |
| appVersion | Basic, Enhanced | String | No (Recommended) | The app version number. Example: 1.0 |
Response parameters
The Registration Fraud Detection API returns a Data object that contains a score field and, for the Enhanced Edition, a tags field.
Risk score
The score field is a numeric value from 0 to 100 that indicates the risk level of the registration event. Higher scores indicate higher risk. The following table describes each risk tier and the recommended action based on Alibaba Cloud risk control team experience.
You can adjust these actions based on your business operations as needed.
| Score range | Risk level | Recommended action |
|---|---|---|
| [0, 35) | Low risk | Allow the registration. |
| [35, 65) | Medium risk | Tag the account for observation. |
| [65, 85) | Medium-high risk | Perform further security verification, or restrict permissions for high-risk operations. |
| [85, 100] | High risk | Restrict permissions for high-risk operations. |
Risk tags
The tags field is returned only for the Enhanced Edition. To understand the business meaning of the tags field in the Data return parameter, contact Alibaba Cloud support.