Why prevent fraud?

The bigger your application, the more likely it is to be targeted by fraudsters. Fraudsters inspect and copy your app’s backend API requests and modify them to send OTP codes to themselves in order to retrieve the SMS charges. This is called SMS pumping or IRSF fraud (read more about it here).


Prelude’s machine learning models use a number of signals to distinguish fraudulent users from legitimate users. We infer some of these signals, but many depend on the information provided by your integration. The more data you provide, the more effective fraud prevention will be and the higher your conversion rate will be.

Important signals to send to Prelude

To increase the effectiveness of fraud prevention, we recommend that you send the following signals to Prelude:

DataEstimated improvementDescription
IP address50%The IP address of the user’s device.
Device ID40%The unique ID of the user’s device.
Returning user35%Whether the user has signed in to your application before.
Platform35%The platform of the user’s device (iOS or Android).
Device model20%The model of the user’s device.
OS Version20%The version of the user’s device operating system.
App version10%The version of your application.

In the future, we plan to provide client-side SDKs to collect those signals automatically.

Allow and block lists

You can configure your integration to allow or block specific users from signing in. This can be useful if you want to manually block users you have identified as fraudulent or to disable anti-fraud algorithms for specific users.

To edit the allow or block lists, go to the Dashboard and navigate to the Settings > Numbers tab.

Dashboard screenshot


Next steps

Follow the API reference to get detailed information about the Prelude API.

API Reference

Learn more about Prelude’s API endpoints.