Fraud Hub
Fraud Hub is an advanced risk intelligence module designed to provide comprehensive fraud detection and risk assessment for identity verification workflows. It analyzes multiple data points across device behavior, network activity and document integrity to generate intelligent risk scores. By leveraging deep learning models and sophisticated pattern recognition, Fraud Hub identifies potential fraudulent activity in real-time.
The service goes beyond traditional document verification by examining the context surrounding the verification attempt, including device characteristics, network routing, document authenticity signals, and indicators of image manipulation. This multi-layered approach enables merchants to make informed decisions about user risk profiles and adjust their onboarding strategies accordingly.

How it Works
Fraud Hub operates through a sophisticated analysis pipeline that examines three critical dimensions of verification risk:
Device and Network Intelligence: The system analyzes the device and network from which the verification request originates, detecting risks such as VPN/proxy usage, geolocation mismatches, emulation, and IP instability. These signals are combined to assess the legitimacy of the verification source.
Document Integrity Analysis: Beyond standard document verification, Fraud Hub conducts advanced authenticity checks to detect manipulation such as digital edits, low image quality, scanned copies, fabricated templates, and web-sourced documents. It also validates security features like holograms and magnetic stripes to identify forged, altered, or stolen documents.
Facial Integrity Analysis: Beyond standard face verification, Fraud Hub conducts advanced checks to detect image manipulation, including digital edits, low-quality images, and spoofing attempts. It also analyzes facial authenticity to identify tampered or fraudulent facial submissions.
Risk Scoring and Aggregation: All detected signals are processed through machine learning models to generate comprehensive risk scores. Each category receives an individual score and summary, along with an overall fraud risk score, enabling merchants to assess specific risk dimensions or rely on a single aggregated score for streamlined decision-making.
The system processes verification requests in real time, running parallel checks across all three dimensions and returning detailed results along with an overall risk score. This supports advanced risk strategies, from routing high-risk cases to manual review to automatically declining applications with critical fraud indicators.
Parameter & Description
| Parameter | Description |
|---|---|
| fraud_hub | Required: No Type: string Length: 1 character Enable this option to receive a fraud score and risk signals related to the user's device behavior, network activity, and document integrity in the API response. |
Fraud Hub Request Object
//POST / HTTP/1.1
//Host: api.shuftipro.com
//Content-Type: application/json
//Authorization: Basic NmI4NmIyNzNmZjM0ZmNlMTlkNmI4WJRTUxINTJHUw==
{
"reference": "ABCD1234",
"country": "",
"language": "en",
"email": "[email protected]",
"fraud_hub": "1", //This key enables Fraud Hub to receive fraud score and risk signals in the API response.
"face": {
"proof": "",
"check_duplicate_request": 0
},
"document": {
"proof": "",
"additional_proof": "",
"supported_types": [
"id_card"
],
"document_number": ""
}
}
Response Structure
Fraud Hub data is returned as part of the verification response under the fraud_hub_data_points key. The response contains three main sections, each providing distinct risk intelligence.
Device and Network Intelligence
The device and network section evaluates the technical characteristics and geolocation indicators of the verification attempt.
| Parameter | Type | Description |
|---|---|---|
| is_proxy | Boolean | Indicates whether the request originated from a known proxy service or VPN. True suggests the user is masking their actual location or device. |
| threat_level | String | Overall threat classification based on device and network signals. Values: low, medium, high. |
| IP_routing_type | String | The type of IP routing detected. Values examples: fixed (stable residential/business IP), mobile (cellular network), dynamic (frequently changing). |
| country_mismatch | Boolean | True if the IP geolocation country differs from the user's stated country of residence. |
| stable_IP_detected | Boolean | True if the IP address remains consistent across multiple requests over time. Indicates a legitimate, established connection. |
| tor_usage_detected | Boolean | True if the request is routed through the Tor anonymity network. Strong indicator of intentional anonymity seeking. |
| frequent_IP_changes | Boolean | True if the user's IP address changes frequently within a short timeframe. |
| IP_timezone_mismatch | Boolean | True if the IP geolocation timezone differs significantly from the device-reported timezone. May indicate timezone spoofing or device misconfiguration. |
| data_center_detected | Boolean | True if the IP belongs to a cloud provider or data center range. Indicates the request may originate from a virtual machine or hosting provider rather than a personal device. |
| emulated_device_detected | Boolean | True if the device fingerprint suggests device emulation or simulation. Indicates the request may come from an automated tool or virtual environment. |
| jailbroken_or_rooted_device | Boolean | True if the mobile device has been jailbroken (iOS) or rooted (Android). Indicates compromised device security. |
| device_and_network_risk_score | Object | Aggregated risk assessment for device and network signals. Contains: • summary (text description) • risk_level (LOW/MEDIUM/HIGH) • risk_score (0-100) |
Document Integrity
The document integrity section provides a detailed analysis of the submitted document's authenticity and quality.
| Parameter | Type | Description |
|---|---|---|
| Document Liveness | ||
| screenshot_detected | Boolean | True if the document appears to be a screenshot rather than an original photograph. Suggests potential fraud or manipulation. |
| printed_copy_detected | Boolean | True if the document appears to be printed, which may indicate fraud. |
| screen_replay_detected | Boolean | True if the document appears to have been captured from a screen or digital display. Indicates the document is not from a physical source. |
| scanned_document_detected | Boolean | True if the document is a scan of a physical document rather than a direct photograph. |
| Document Authenticity | ||
| fake_template_used | Boolean | True if the document template appears to be a known forgery or counterfeit template. Indicates intentional fraud. |
| synthetic_document_detected | Boolean | True if the document appears to be AI-generated or synthetically created rather than a real physical document. |
| mrz_tampering | Boolean | True if the Machine-Readable Zone (present on passports and travel documents) shows signs of alteration or tampering. |
| sample_document_detected | Boolean | True if the document is a known sample or demonstration document (e.g., "SPECIMEN" marked). |
| hologram_authenticity_not_confirmed | Boolean | True if security holograms present on the document could not be verified as authentic. May indicate a counterfeit document. |
| Document Security Features | ||
| resolution_quality_poor | Boolean | True if the submitted image has insufficient resolution or clarity for proper analysis. May indicate user error or intentional obfuscation. |
| digital_manipulation_detected | Boolean | True if the image shows signs of digital editing, filtering, or manipulation. Suggests document alteration. |
| metadata_integrity_not_verified | Boolean | True if the image's metadata (EXIF data) could not be verified or appears inconsistent. May indicate an edited or spoofed image. |
| Document Source Analysis | ||
| historical_data_not_matched | Boolean | True if the document's data does not match the previously verified data for the same document/user. |
| web_source_image_identified | Boolean | True if the document image appears to have been sourced from the internet or online sources rather than captured by the user. |
| background_template_detected | Boolean | True if the document background matches with a known template from the documents available online. |
| Document Format Validation | ||
| invalid_image | Boolean | True if the submitted image is corrupted, unreadable, or in an unsupported format. |
| unsupported_document_type | Boolean | True if the document type submitted is not supported for verification. |
| electronic_document_detected | Boolean | True if an electronic or digitally published document was used for verification. |
| Document Expiration | ||
| document_expired | Boolean | True if the document's expiration date has passed. |
| Fragment Analysis | ||
| document_fragment_edited | Boolean | True if the document appears to have been edited, spliced, or composited from multiple sources. |
| Overall Document Risk Level | ||
| document_risk_level | Object | Aggregated risk assessment for document integrity. Contains: • summary (text description) • risk_level (LOW/MEDIUM/HIGH) • document_fraud_score (0-100) |
Face Integrity
The face integrity section provides a detailed analysis of the submitted face's authenticity and quality.
| Parameter | Type | Description |
|---|---|---|
| Overall Face Integrity Score | ||
| facial_integrity_score | Integer | An overall aggregated score from 0 to 100 based on the analysis of facial features, used to assess the likelihood of fraud in the facial image. Score interpretation: • 0-20 = Low Risk • 21-60 = Medium Risk • 61-100 = High Risk |
| Image Quality Issues | ||
| under_exposed_image | Boolean | True if the image is too dark, resulting in insufficient facial detail and affecting verification accuracy. |
| over_exposed_image | Boolean | True if the image is excessively bright, causing a loss of facial detail and compromising verification quality. |
| pixelated_image | Boolean | True if the image is blurred or pixelated, leading to a loss of facial detail and reduced verification reliability. |
| light_glare_image | Boolean | True if the image contains light glare or reflections, obscuring facial features and impacting verification accuracy. |
| blurred_image | Boolean | True if the image is out of focus, causing loss of clarity and hindering accurate facial verification. |
| Image Authenticity Issues | ||
| screenshot_attack | Boolean | True if the image is a screenshot or screen capture, potentially indicating a fraudulent attempt to spoof the facial image. |
| silicon_mask_attack | Boolean | True if the image shows signs of being captured using a silicon mask, a technique commonly used in spoofing attacks. |
| paper_attack | Boolean | True if the image appears to be a photograph of a printed paper or photo, indicating a potential spoofing attempt. |
| edited_deepfake | Boolean | True if the image has been digitally altered or generated using deepfake technology, suggesting manipulation for fraudulent purposes. |
| Face Detection and Recognition | ||
| face_not_detection | Boolean | True if no face is detected in the image, preventing facial verification. |
| multiple_face_detected | Boolean | True if multiple faces are detected in the image, which could indicate a potential issue with verification accuracy. |
| close_eye_detected | Boolean | True if the eyes are closed in the image, potentially compromising the accuracy of facial recognition or verification. |
| AI and Behavioral Anomalies | ||
| replay_attack | Boolean | True if the image is a replay of a previously captured face, indicating a potential spoofing attempt using recorded media. |
| ai_signature_detected | Boolean | True if the image shows signs of being generated or altered by AI, suggesting potential manipulation or deepfake involvement. |
Fraud Hub Scoring
The overall fraud assessment is provided through a comprehensive risk score that aggregates all detected signals.
| Parameter | Type | Description |
|---|---|---|
| overall_risk_score | Integer | Aggregated fraud risk score on a scale of 0-100. Combines all device, network, and document signals into a single risk metric. Score interpretation: • 0-33 = Low Risk • 34-66 = Medium Risk • 67-100 = High Risk |
Response Example
{
"fraud_hub_data_points": {
"device_and_network_intelligence": {
"is_proxy": false,
"threat_level": "low",
"IP_routing_type": "fixed",
"country_mismatch": true,
"stable_IP_detected": true,
"tor_usage_detected": false,
"frequent_IP_changes": false,
"IP_timezone_mismatch": false,
"data_center_detected": false,
"emulated_device_detected": false,
"jailbroken_or_rooted_device": false,
"device_and_network_risk_score": {
"summary": "Minor concerns due to country mismatch. Some positive signals detected.",
"risk_level": "LOW",
"risk_score": 16
}
},
"document_integrity": {
"document_liveness": {
"screenshot_detected": false,
"printed_copy_detected": false,
"screen_replay_detected": false,
"scanned_document_detected": true
},
"document_risk_level": {
"summary": "Critical authenticity concerns due to scanned document, hologram authenticity not confirmed, and web source image identified.",
"risk_level": "HIGH",
"document_fraud_score": 72
},
"data_validation_expiry": {
"document_expired": false
},
"template_layout_integrity": {
"fake_template_used": false,
"synthetic_document_detected": false
},
"document_format_validation": {
"invalid_image": false,
"unsupported_document_type": false,
"electronic_document_detected": false
},
"document_security_features": {
"mrz_tampering": false,
"sample_document_detected": false,
"hologram_authenticity_not_confirmed": true
},
"image_properties_validation": {
"resolution_quality_poor": true,
"digital_manipulation_detected": false,
"metadata_integrity_not_verified": true
},
"similarity_background_analysis": {
"web_source_image_identified": true,
"background_template_detected": false
},
"document_fragment_edit_detection": {
"document_fragment_edited": false
}
},
"face_integrity": {
"face_risk_level": {
"risk_level": "LOW",
"face_fraud_score": 1
},
"image_quality_issues": {
"blurred_image": false,
"pixelated_image": false,
"light_glare_image": false,
"over_exposed_image": false,
"under_exposed_image": false
},
"image_authenticity_issues": {
"paper_attack": false,
"edited_deepfake": false,
"screenshot_attack": false,
"silicon_mask_attack": false
},
"ai_and_behavioral_anomalies": {
"replay_attack": false,
"ai_signature_detected": false
},
"face_detection_and_recognition": {
"close_eye_detected": false,
"face_not_detection": false,
"multiple_face_detected": true
}
},
"fraud_hub_scoring": {
"overall_risk_score": 42,
"risk_level": "MEDIUM"
}
}
}