Documentation
Prevent Fraud
Configure your integration to protect your application against fraud like SMS pumping or IRSF fraud with Prelude’s machine learning models.
Why prevent fraud?
The bigger your application, the more likely it is to be targeted by fraudsters. Fraudsters inspect and copy your app’s backend API requests and modify them to send OTP codes to themselves in order to retrieve the SMS charges. This is called SMS pumping or IRSF fraud (read more about it here).Signals
Prelude’s machine learning models use a number of signals to distinguish fraudulent users from legitimate users. We infer some of these signals, but many depend on the information provided by your integration. The more data you provide, the more effective fraud prevention will be and the higher your conversion rate will be.Important signals to send to Prelude
To increase the effectiveness of fraud prevention, we recommend that you send the following signals to Prelude:| Data | Estimated improvement | Description |
|---|---|---|
| IP address | 50% | The IP address of the user’s device. |
| Device ID | 40% | The unique ID of the user’s device. |
| Trusted user | 35% | This field should denote the trustworthiness of the user on your app, beyond just a basic validity check. It should ensure trust by confirming that the user is genuine within the context of your application. Examples of validation criteria include whether the user has completed onboarding steps, previously logged in, performed valid transactions, or completed a purchase. When set to true, this will bypass fraud checks for that user. Contact us to discuss your use case. |
| Platform | 35% | The platform of the user’s device (iOS or Android). |
| Device model | 20% | The model of the user’s device. |
| OS Version | 20% | The version of the user’s device operating system. |
| App version | 10% | The version of your application. |
In the future, we plan to provide client-side SDKs to collect those signals
automatically.
Inferring signals from User-Agent
Some signals can be inferred from the User-Agent string if you provide it to us:- Platform
- Device model
- OS version
Allow and block lists
You can configure your integration to allow or block specific users from signing in. This can be useful if you want to manually block users you have identified as fraudulent or to disable anti-fraud algorithms for specific users. To edit the allow or block lists, go to the Dashboard and navigate to the Settings > Numbers tab.
Allowlist