Skip to main content

Fraud Hub

Fraud Hub is an advanced risk intelligence module designed to provide comprehensive fraud detection and risk assessment for identity verification workflows. It analyzes multiple data points across device behavior, network activity and document integrity to generate intelligent risk scores. By leveraging deep learning models and sophisticated pattern recognition, Fraud Hub identifies potential fraudulent activity in real-time.

The service goes beyond traditional document verification by examining the context surrounding the verification attempt, including device characteristics, network routing, document authenticity signals, and indicators of image manipulation. This multi-layered approach enables merchants to make informed decisions about user risk profiles and adjust their onboarding strategies accordingly.


Fraud Hub

How it Works

Fraud Hub operates through a sophisticated analysis pipeline that examines three critical dimensions of verification risk:

Device and Network Intelligence: The system analyzes the device and network from which the verification request originates, detecting risks such as VPN/proxy usage, geolocation mismatches, emulation, and IP instability. These signals are combined to assess the legitimacy of the verification source.

Document Integrity Analysis: Beyond standard document verification, Fraud Hub conducts advanced authenticity checks to detect manipulation such as digital edits, low image quality, scanned copies, fabricated templates, and web-sourced documents. It also validates security features like holograms and magnetic stripes to identify forged, altered, or stolen documents.

Facial Integrity Analysis: Beyond standard face verification, Fraud Hub conducts advanced checks to detect image manipulation, including digital edits, low-quality images, and spoofing attempts. It also analyzes facial authenticity to identify tampered or fraudulent facial submissions.

Risk Scoring and Aggregation: All detected signals are processed through machine learning models to generate comprehensive risk scores. Each category receives an individual score and summary, along with an overall fraud risk score, enabling merchants to assess specific risk dimensions or rely on a single aggregated score for streamlined decision-making.

The system processes verification requests in real time, running parallel checks across all three dimensions and returning detailed results along with an overall risk score. This supports advanced risk strategies, from routing high-risk cases to manual review to automatically declining applications with critical fraud indicators.

Parameter & Description

ParameterDescription
fraud_hubRequired: No
Type: string
Length: 1 character

Enable this option to receive a fraud score and risk signals related to the user's device behavior, network activity, and document integrity in the API response.

Fraud Hub Request Object

fraud-hub-request-object

//POST / HTTP/1.1
//Host: api.shuftipro.com
//Content-Type: application/json
//Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==

{
"reference": "ABCD1234",
"country": "",
"language": "en",
"email": "[email protected]",

"fraud_hub": "1", //This key enables Fraud Hub to receive fraud score and risk signals in the API response.

"face": {
"proof": "",
"check_duplicate_request": 0
},
"document": {
"proof": "",
"additional_proof": "",
"supported_types": [
"id_card"
],
"document_number": ""
}
}

Response Structure

Fraud Hub data is returned as part of the verification response under the fraud_hub_data_points key. The response contains three main sections, each providing distinct risk intelligence.

Device and Network Intelligence

The device and network section evaluates the technical characteristics and geolocation indicators of the verification attempt.

ParameterTypeDescription
is_proxyBooleanIndicates whether the request originated from a known proxy service or VPN. True suggests the user is masking their actual location or device.
threat_levelStringOverall threat classification based on device and network signals. Values: low, medium, high.
IP_routing_typeStringThe type of IP routing detected. Values examples: fixed (stable residential/business IP), mobile (cellular network), dynamic (frequently changing).
country_mismatchBooleanTrue if the IP geolocation country differs from the user's stated country of residence.
stable_IP_detectedBooleanTrue if the IP address remains consistent across multiple requests over time. Indicates a legitimate, established connection.
tor_usage_detectedBooleanTrue if the request is routed through the Tor anonymity network. Strong indicator of intentional anonymity seeking.
frequent_IP_changesBooleanTrue if the user's IP address changes frequently within a short timeframe.
IP_timezone_mismatchBooleanTrue if the IP geolocation timezone differs significantly from the device-reported timezone. May indicate timezone spoofing or device misconfiguration.
data_center_detectedBooleanTrue if the IP belongs to a cloud provider or data center range. Indicates the request may originate from a virtual machine or hosting provider rather than a personal device.
emulated_device_detectedBooleanTrue if the device fingerprint suggests device emulation or simulation. Indicates the request may come from an automated tool or virtual environment.
jailbroken_or_rooted_deviceBooleanTrue if the mobile device has been jailbroken (iOS) or rooted (Android). Indicates compromised device security.
device_and_network_risk_scoreObjectAggregated risk assessment for device and network signals. Contains:
summary (text description)
risk_level (LOW/MEDIUM/HIGH)
risk_score (0-100)

Document Integrity

The document integrity section provides a detailed analysis of the submitted document's authenticity and quality.

ParameterTypeDescription
Document Liveness
screenshot_detectedBooleanTrue if the document appears to be a screenshot rather than an original photograph. Suggests potential fraud or manipulation.
printed_copy_detectedBooleanTrue if the document appears to be printed, which may indicate fraud.
screen_replay_detectedBooleanTrue if the document appears to have been captured from a screen or digital display. Indicates the document is not from a physical source.
scanned_document_detectedBooleanTrue if the document is a scan of a physical document rather than a direct photograph.
Document Authenticity
fake_template_usedBooleanTrue if the document template appears to be a known forgery or counterfeit template. Indicates intentional fraud.
synthetic_document_detectedBooleanTrue if the document appears to be AI-generated or synthetically created rather than a real physical document.
mrz_tamperingBooleanTrue if the Machine-Readable Zone (present on passports and travel documents) shows signs of alteration or tampering.
sample_document_detectedBooleanTrue if the document is a known sample or demonstration document (e.g., "SPECIMEN" marked).
hologram_authenticity_not_confirmedBooleanTrue if security holograms present on the document could not be verified as authentic. May indicate a counterfeit document.
Document Security Features
resolution_quality_poorBooleanTrue if the submitted image has insufficient resolution or clarity for proper analysis. May indicate user error or intentional obfuscation.
digital_manipulation_detectedBooleanTrue if the image shows signs of digital editing, filtering, or manipulation. Suggests document alteration.
metadata_integrity_not_verifiedBooleanTrue if the image's metadata (EXIF data) could not be verified or appears inconsistent. May indicate an edited or spoofed image.
Document Source Analysis
historical_data_not_matchedBooleanTrue if the document's data does not match the previously verified data for the same document/user.
web_source_image_identifiedBooleanTrue if the document image appears to have been sourced from the internet or online sources rather than captured by the user.
background_template_detectedBooleanTrue if the document background matches with a known template from the documents available online.
Document Format Validation
invalid_imageBooleanTrue if the submitted image is corrupted, unreadable, or in an unsupported format.
unsupported_document_typeBooleanTrue if the document type submitted is not supported for verification.
electronic_document_detectedBooleanTrue if an electronic or digitally published document was used for verification.
Document Expiration
document_expiredBooleanTrue if the document's expiration date has passed.
Fragment Analysis
document_fragment_editedBooleanTrue if the document appears to have been edited, spliced, or composited from multiple sources.
Overall Document Risk Level
document_risk_levelObjectAggregated risk assessment for document integrity. Contains:
summary (text description)
risk_level (LOW/MEDIUM/HIGH)
document_fraud_score (0-100)

Face Integrity

The face integrity section provides a detailed analysis of the submitted face's authenticity and quality.

ParameterTypeDescription
Overall Face Integrity Score
facial_integrity_scoreIntegerAn overall aggregated score from 0 to 100 based on the analysis of facial features, used to assess the likelihood of fraud in the facial image.

Score interpretation:
• 0-20 = Low Risk
• 21-60 = Medium Risk
• 61-100 = High Risk
Image Quality Issues
under_exposed_imageBooleanTrue if the image is too dark, resulting in insufficient facial detail and affecting verification accuracy.
over_exposed_imageBooleanTrue if the image is excessively bright, causing a loss of facial detail and compromising verification quality.
pixelated_imageBooleanTrue if the image is blurred or pixelated, leading to a loss of facial detail and reduced verification reliability.
light_glare_imageBooleanTrue if the image contains light glare or reflections, obscuring facial features and impacting verification accuracy.
blurred_imageBooleanTrue if the image is out of focus, causing loss of clarity and hindering accurate facial verification.
Image Authenticity Issues
screenshot_attackBooleanTrue if the image is a screenshot or screen capture, potentially indicating a fraudulent attempt to spoof the facial image.
silicon_mask_attackBooleanTrue if the image shows signs of being captured using a silicon mask, a technique commonly used in spoofing attacks.
paper_attackBooleanTrue if the image appears to be a photograph of a printed paper or photo, indicating a potential spoofing attempt.
edited_deepfakeBooleanTrue if the image has been digitally altered or generated using deepfake technology, suggesting manipulation for fraudulent purposes.
Face Detection and Recognition
face_not_detectionBooleanTrue if no face is detected in the image, preventing facial verification.
multiple_face_detectedBooleanTrue if multiple faces are detected in the image, which could indicate a potential issue with verification accuracy.
close_eye_detectedBooleanTrue if the eyes are closed in the image, potentially compromising the accuracy of facial recognition or verification.
AI and Behavioral Anomalies
replay_attackBooleanTrue if the image is a replay of a previously captured face, indicating a potential spoofing attempt using recorded media.
ai_signature_detectedBooleanTrue if the image shows signs of being generated or altered by AI, suggesting potential manipulation or deepfake involvement.

Fraud Hub Scoring

The overall fraud assessment is provided through a comprehensive risk score that aggregates all detected signals.

ParameterTypeDescription
overall_risk_scoreIntegerAggregated fraud risk score on a scale of 0-100. Combines all device, network, and document signals into a single risk metric.

Score interpretation:
• 0-33 = Low Risk
• 34-66 = Medium Risk
• 67-100 = High Risk

Response Example

fraud-hub-response-example
{
"fraud_hub_data_points": {
"device_and_network_intelligence": {
"is_proxy": false,
"threat_level": "low",
"IP_routing_type": "fixed",
"country_mismatch": true,
"stable_IP_detected": true,
"tor_usage_detected": false,
"frequent_IP_changes": false,
"IP_timezone_mismatch": false,
"data_center_detected": false,
"emulated_device_detected": false,
"jailbroken_or_rooted_device": false,
"device_and_network_risk_score": {
"summary": "Minor concerns due to country mismatch. Some positive signals detected.",
"risk_level": "LOW",
"risk_score": 16
}
},
"document_integrity": {
"document_liveness": {
"screenshot_detected": false,
"printed_copy_detected": false,
"screen_replay_detected": false,
"scanned_document_detected": true
},
"document_risk_level": {
"summary": "Critical authenticity concerns due to scanned document, hologram authenticity not confirmed, and web source image identified.",
"risk_level": "HIGH",
"document_fraud_score": 72
},
"data_validation_expiry": {
"document_expired": false
},
"template_layout_integrity": {
"fake_template_used": false,
"synthetic_document_detected": false
},
"document_format_validation": {
"invalid_image": false,
"unsupported_document_type": false,
"electronic_document_detected": false
},
"document_security_features": {
"mrz_tampering": false,
"sample_document_detected": false,
"hologram_authenticity_not_confirmed": true
},
"image_properties_validation": {
"resolution_quality_poor": true,
"digital_manipulation_detected": false,
"metadata_integrity_not_verified": true
},
"similarity_background_analysis": {
"web_source_image_identified": true,
"background_template_detected": false
},
"document_fragment_edit_detection": {
"document_fragment_edited": false
}
},
"face_integrity": {
"face_risk_level": {
"risk_level": "LOW",
"face_fraud_score": 1
},
"image_quality_issues": {
"blurred_image": false,
"pixelated_image": false,
"light_glare_image": false,
"over_exposed_image": false,
"under_exposed_image": false
},
"image_authenticity_issues": {
"paper_attack": false,
"edited_deepfake": false,
"screenshot_attack": false,
"silicon_mask_attack": false
},
"ai_and_behavioral_anomalies": {
"replay_attack": false,
"ai_signature_detected": false
},
"face_detection_and_recognition": {
"close_eye_detected": false,
"face_not_detection": false,
"multiple_face_detected": true
}
},
"fraud_hub_scoring": {
"overall_risk_score": 42,
"risk_level": "MEDIUM"
}
}
}