Annex

Fraud type codes

Fraud type code Fraud type Description
1000 None No fraud detected.
2101 Code Injection Code injection is the exploitation of a bug that is caused by processing invalid data. Injection is used by an attacker to introduce (or “inject”) code into a vulnerable landing page to go through the billing flow.
2102 Code Injection type 2 Code injection is the exploitation of a bug that is caused by processing invalid data. Injection is used by an attacker to introduce (or “inject”) code into a vulnerable landing page to go through the billing flow.
2201 Malicious app – gen. 1 This application fakes any classic application but in the background it will subscribe the user to DCB services without his consent.
2202 Malicious app – gen. 2 Malicious app with a second generation of transactions engine.
Started to appear in August 2018.
2203 Malicious app – gen. 3 Malicious app with a third generation of transactions engine.
Started to appear in March 2019.
2204 Malicious app – gen. 4 Malicious app with a Fourth generation of transactions engine.
Started to appear in April 2020.
2301 ClickJacking ClickJacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on. In order to avoid any false positive, you should provide us URL of any iframe used in your flow.
2401 Spoofing – gen. 1 Hijacking of the network connection of the user to perform transactions. It can be done :
  1. by a malicious app
  2. by a PC malware connected to a mobile phone
2402 Spoofing – gen. 2 Spoofing with a second generation of browser emulation engine.
Started to appear in October 2017.
2403 Spoofing – gen. 3 Spoofing with a third generation of browser emulation engine.
Started to appear in February 2018.
2404 Spoofing – gen. 4 Spoofing with a fourth generation of browser emulation engine.
Started to appear in September 2018.
2405 Spoofing – gen. 5 Spoofing with a fifth generation of browser emulation engine.
Started to appear in April 2019.
2407 Spoofing – gen. 7 Spoofing with a seventh generation of browser emulation engine.
Started to appear in December 2019.
2408 Spoofing – gen. 8 Spoofing with a eighth generation of browser emulation engine. Started to appear in April 2020.
2409 Spoofing – gen. 9 Spoofing with a ninth generation of browser emulation engine. Started to appear in April 2020.
2410 Spoofing – gen. 10 Spoofing with a tenth generation of browser emulation engine. Started to appear in May 2020.
2411 Spoofing – gen. 11 Spoofing with a eleventh generation of browser emulation engine. Started to appear in May 2020.
2412 Spoofing – gen. 12 12th generation of browser emulation engine. Started to appear in July 2020.
2413 Spoofing – gen. 13 13th generation of browser emulation engine. Started to appear in July 2020.
2414 Spoofing – gen. 14 14th generation of browser emulation engine. Started to appear in August 2020.
2415 Spoofing – gen. 15 15th generation of browser emulation engine. Started to appear in September 2020.
2416 Spoofing – gen. 16 Spoofing with a 16th generation of browser emulation engine. Started to appear in October 2020.
2417 Spoofing – gen. 17 Spoofing with a 17th generation of browser emulation engine. Started to appear in October 2020.
2418 Spoofing – gen. 18 Spoofing with a 18th generation of browser emulation engine. Started to appear in October 2020.
2419 Spoofing – gen. 19 Spoofing with a 19th generation of browser emulation engine. Started to appear in October 2020.
2501 Remotely controlled fraud – gen. 1 The device is controlled by a program that emulates human behavior. It can be done :
  1. by a malicious app
  2. by a PC malware connected to a mobile phone
  3. it can also be a monitoring tool.
2502 Remotely controlled fraud – gen. 2 Remotely controlled fraud with a second generation of user emulation engine. Started to appear in August 2018.
2503 Remotely controlled fraud – gen. 3 Remotely controlled fraud with a third generation of user emulation engine. Started to appear in March 2020.
2504 Remotely controlled fraud – gen. 4 Remotely controlled fraud with a fourth generation of user emulation engine. Started to appear in May 2020.
2505 Remotely controlled fraud – gen. 5 Remotely controlled fraud with a Fifth generation of user emulation engine. Started to appear in June 2020.
2506 Remotely controlled fraud – gen. 6 Remotely controlled fraud with a 6th generation of user emulation engine. Started to appear in September 2020.
2601 Blacklisted App Blacklist of the application detected as fraudulent.
2602 Blacklisted Domains Blacklist of the domain name detected as fraudulent
2603 Blacklisted Behaviours Blacklist of the suspicious behaviour from an application detected as fraudulent.
2604 Abnormal Behaviours An abnormal behaviour detected as fraudulent
2701 Replay Attacks A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed
2702 Replay Attacks – gen. 2 A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Started to appear in December 2019.
2801 Bypass Fraud Detection Type 1 Mandatory step bypassed
2802 Bypass Fraud Detection Type 2 Mandatory step bypassed
2803 Bypass Fraud Detection Type 3 Mandatory step bypassed (Crash Javascript)
3101 Accidental click Click to be considered has unintentional click. It can be caused by browser bugs, fat fingers or too much clicks on the page before the protected page.
4101 Kit expired A kit lifespan is 48 hours. This code will be returned in the event of a user action made client side after this delay.
4102 Token expired A token expire after 24 hours. If a call is made on a check with an expired token, this code is returned.
5101 Google Bot Flow made by a google bot.
5201 Impersonators Bots Bots that mimics human behavior type 1

Fraud type codes – DEPRECATED

Fraud type code Fraud type Description Example
1000 None No fraud detected
2001 Bad bot Bad bot trying to mimic real user behavior Malware downloading URL
2002 Spoofing Someone or something trying to disguise themselves as a real user but pieces just don’t add up. Analysis of dozens of different pieces of information about the user, browser, OS, etc and look for incoherences. A Safari browser on an Android phone.
2003 Replay Attacks URLs such as transaction confirmation pages are extracted from their context and hidden in fake pages with clickbait call to actions to make them called by a real user. The subscription page is downloaded by a man-in-the-middle and victims are automatically redirected to the subscription links gathered by the attacker.
2005 Browser Exploits Malicious code is executed by the user by exploiting cross-site scripting techniques XSS vulnerabilities are exploited to produce a link going to the billing page that will automatically click on the confirmation link.
2006 Click Jacking Web browser hack, the user clicks on a hidden page instead of the page he is shown, to accomplish actions unknowingly. The billing page is loaded with full transparency and the user clicks on an item, not realising he is clicking on a billing link.
2008 Touch Jacking In-app hack, the user clicks on a hidden page instead of the page he is shown, to accomplish actions unknowingly. Malware opening a webview and clicking automatically on items in the Webview.
2406 Spoofing – gen. 6 Spoofing with a sixth generation of browser emulation engine.
Started to appear in June 2019.
2703 Replay Attacks – gen. 3 A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. Started to appear in January 2020.