Fraud Detection
Quick Start
Advanced Features
Fraud Detection
Leverage Grantiva's advanced fraud detection capabilities to identify and prevent malicious activity, protect your users, and maintain platform integrity.
Enterprise Feature
Advanced fraud detection with machine learning models is available for Enterprise tier and above. Professional tier includes basic fraud detection rules.
Fraud Detection Overview
Grantiva's fraud detection system combines multiple signals to identify potentially fraudulent behavior:
- Device Intelligence: Jailbreak detection, app tampering, and integrity checks
- Behavioral Analysis: Unusual patterns in attestation frequency and timing
- Geographic Anomalies: Impossible travel detection and location consistency
- Machine Learning: Pattern recognition across your entire user base
- Network Analysis: Identifying coordinated attacks and bot networks
Real-Time Fraud Signals
Device Compromise Indicators
{
"fraudSignals": {
"deviceCompromise": {
"jailbreakDetected": true,
"confidence": 0.95,
"method": "filesystem_artifacts",
"details": {
"suspiciousFiles": ["/private/var/lib/cydia"],
"modifiedSystemFiles": true,
"hookingFrameworks": ["substrate", "substitute"]
}
},
"appTampering": {
"detected": true,
"indicators": [
"modified_binary",
"injected_dylib",
"debugger_attached"
],
"severity": "high"
},
"attestationAnomalies": {
"invalidCertificateChain": false,
"replayedAttestation": false,
"timingAnomaly": true,
"expectedDuration": 245,
"actualDuration": 12
}
}
}
Behavioral Patterns
Grantiva analyzes user behavior to detect anomalies that may indicate fraud:
{
"behavioralAnalysis": {
"attestationPattern": {
"normal": {
"frequency": "2-5 per day",
"timing": "business hours",
"consistency": 0.89
},
"current": {
"frequency": "147 per hour",
"timing": "3:00 AM local",
"consistency": 0.12
},
"anomalyScore": 92
},
"geographicPattern": {
"impossibleTravel": {
"detected": true,
"location1": { "city": "New York", "time": "14:30:00" },
"location2": { "city": "London", "time": "14:45:00" },
"physicallyPossible": false
}
},
"deviceSwitching": {
"devicesUsed24h": 15,
"normalRange": "1-3",
"suspicionLevel": "high"
}
}
}
Fraud Detection Rules
Rule Configuration
{
"fraudRules": [
{
"id": "high_frequency_attestation",
"description": "Detect attestation flooding attacks",
"conditions": {
"attestationRate": { "greaterThan": "10/minute" },
"duration": { "greaterThan": "5 minutes" }
},
"actions": [
{
"type": "throttle",
"limit": "1/minute",
"duration": "1 hour"
},
{
"type": "alert",
"severity": "medium",
"notify": ["security@company.com"]
}
]
},
{
"id": "coordinated_attack",
"description": "Detect coordinated fraud attempts",
"conditions": {
"all": [
{ "similarDevices": { "count": ">10", "window": "5m" } },
{ "sharedCharacteristics": ["ip_subnet", "device_model"] },
{ "behaviorSimilarity": { "threshold": 0.85 } }
]
},
"actions": [
{
"type": "block",
"scope": "network",
"duration": "24 hours"
},
{
"type": "investigate",
"priority": "high"
}
]
}
]
}
Machine Learning Models
Fraud Score Calculation
Enterprise customers have access to ML-powered fraud scoring:
{
"mlFraudScore": {
"score": 87.3,
"confidence": 0.92,
"model": "fraud_detector_v3.2",
"factors": [
{
"feature": "attestation_velocity",
"contribution": 0.34,
"value": "abnormal_high"
},
{
"feature": "device_reputation",
"contribution": 0.28,
"value": "new_device_suspicious_pattern"
},
{
"feature": "network_similarity",
"contribution": 0.21,
"value": "matches_known_fraud_cluster"
},
{
"feature": "temporal_pattern",
"contribution": 0.17,
"value": "off_hours_burst"
}
],
"recommendation": "block_and_investigate"
}
}
Implementation Guide
iOS Client Integration
class FraudDetectionService {
private let grantiva = Grantiva()
func checkForFraud(beforeAction action: String) async throws {
// Get current device assessment
let assessment = try await grantiva.getDeviceAssessment()
// Check fraud indicators
if assessment.fraudIndicators.isHighRisk {
// Log the attempt
Analytics.log(.fraudAttemptDetected, parameters: [
"action": action,
"fraudScore": assessment.fraudScore,
"indicators": assessment.fraudIndicators.active
])
// Handle based on severity
switch assessment.fraudIndicators.severity {
case .critical:
// Block immediately
throw FraudError.deviceCompromised(
reason: assessment.fraudIndicators.primaryReason
)
case .high:
// Require additional verification
try await requireAdditionalVerification()
case .medium:
// Limit functionality
applyRestrictedMode()
case .low:
// Monitor closely
enableEnhancedLogging()
}
}
}
private func requireAdditionalVerification() async throws {
// Step-up authentication
let biometricResult = try await BiometricAuth.verify()
if !biometricResult.success {
throw FraudError.verificationFailed
}
// Perform fresh attestation
let attestation = try await grantiva.performAttestation(
withContext: .stepUpAuth
)
// Verify improved trust score
if attestation.fraudScore > 50 {
throw FraudError.insufficientTrust
}
}
}
// Usage in sensitive operations
class PaymentViewController: UIViewController {
let fraudService = FraudDetectionService()
@IBAction func processPayment() {
Task {
do {
// Check for fraud before processing
try await fraudService.checkForFraud(
beforeAction: "process_payment"
)
// Safe to proceed
await processPaymentTransaction()
} catch let error as FraudError {
handleFraudDetection(error)
} catch {
showGenericError()
}
}
}
}
Server-Side Fraud Prevention
// Node.js fraud detection middleware
const fraudDetection = async (req, res, next) => {
const token = req.headers.authorization?.split(' ')[1];
const decoded = jwt.verify(token, process.env.JWT_SECRET);
// Extract fraud signals from token
const { deviceIntelligence, fraudIndicators } = decoded;
// Check against fraud rules
const fraudCheck = await checkFraudRules({
deviceId: deviceIntelligence.deviceId,
riskScore: deviceIntelligence.riskScore,
endpoint: req.path,
method: req.method,
ip: req.ip,
timestamp: new Date()
});
if (fraudCheck.blocked) {
// Log fraud attempt
await logFraudAttempt({
...fraudCheck,
userId: decoded.sub,
requestDetails: {
path: req.path,
body: sanitizeForLogging(req.body)
}
});
return res.status(403).json({
error: 'Access denied',
reason: 'Suspicious activity detected',
code: 'FRAUD_DETECTED'
});
}
if (fraudCheck.requiresReview) {
// Flag for manual review
await queueForReview({
transactionId: req.id,
fraudCheck: fraudCheck,
hold: true
});
}
// Add fraud context to request
req.fraudContext = {
score: fraudCheck.score,
flags: fraudCheck.flags,
restrictions: fraudCheck.restrictions
};
next();
};
// Apply to sensitive endpoints
app.post('/api/transfer', fraudDetection, async (req, res) => {
// Additional fraud checks for high-value operations
if (req.body.amount > 10000) {
const enhancedCheck = await performEnhancedFraudCheck(req);
if (!enhancedCheck.approved) {
return res.status(403).json({
error: 'Transaction requires manual approval',
reference: enhancedCheck.reviewId
});
}
}
// Process transaction
});
Fraud Response Strategies
Automated Response Actions
{
"responseStrategies": {
"immediate_block": {
"triggers": ["confirmed_jailbreak", "malware_detected", "certificate_manipulation"],
"actions": [
"revoke_all_tokens",
"block_device",
"notify_user",
"create_incident"
]
},
"graduated_response": {
"triggers": ["suspicious_pattern", "anomaly_detected"],
"levels": [
{
"threshold": 50,
"actions": ["increase_monitoring", "log_details"]
},
{
"threshold": 70,
"actions": ["limit_features", "require_mfa", "notify_security"]
},
{
"threshold": 85,
"actions": ["restrict_to_readonly", "flag_for_review"]
},
{
"threshold": 95,
"actions": ["suspend_access", "investigate"]
}
]
},
"adaptive_friction": {
"description": "Add friction proportional to risk",
"implementations": [
{
"risk_range": [30, 50],
"friction": "captcha_required"
},
{
"risk_range": [51, 70],
"friction": "email_verification"
},
{
"risk_range": [71, 85],
"friction": "sms_2fa"
},
{
"risk_range": [86, 100],
"friction": "manual_review"
}
]
}
}
}
Fraud Analytics Dashboard
Key Metrics
- Fraud Detection Rate 2.3% of total attestations
- False Positive Rate 0.08% (Industry avg: 0.5%)
- Average Detection Time < 50ms
- Prevented Fraud Value $1.2M last 30 days
Monitoring Fraud Trends
// Fetch fraud analytics
const fraudAnalytics = await grantiva.analytics.getFraudTrends({
period: '30d',
groupBy: 'day',
metrics: ['detection_rate', 'fraud_types', 'geographic_distribution']
});
// Example response
{
"summary": {
"totalFraudAttempts": 4521,
"successfullyBlocked": 4498,
"falsePositives": 23,
"accuracy": 0.9949
},
"trends": [
{
"date": "2024-01-15",
"fraudAttempts": 156,
"topTypes": ["jailbreak", "bot_network", "replay_attack"],
"hotspots": ["RO", "NG", "VN"]
}
],
"emergingThreats": [
{
"type": "new_jailbreak_variant",
"firstSeen": "2024-01-14",
"affectedDevices": 234,
"mitigation": "signature_updated"
}
]
}
Best Practices
- Layer Defense: Combine multiple fraud signals for better accuracy
- User Experience: Balance security with usability - avoid false positives
- Continuous Learning: Regularly update fraud rules based on new patterns
- Incident Response: Have clear procedures for fraud investigations
- Privacy First: Ensure fraud detection respects user privacy
- Regular Audits: Review fraud detection effectiveness monthly
Fraud Detection by Tier
| Feature | Professional | Enterprise | Enterprise Plus |
|---|---|---|---|
| Basic Rules | ✓ | ✓ | ✓ |
| ML Models | - | ✓ | ✓ |
| Custom Rules | 5 | 50 | Unlimited |
| Real-time Scoring | - | ✓ | ✓ |
| Network Analysis | - | Basic | Advanced |