KYCFeature Guides

Onboarding Fraud Checks

Learn how to implement Onboarding Fraud Checks to assess risk using device, IP, email, and phone signals.

Introduction

FrankieOne’s Onboarding Fraud solution enables you to build a risk-based onboarding workflow by incorporating powerful fraud signals. By analyzing signals from an applicant’s device, IP address, phone number, and email address, you can optimize your onboarding process—introducing more robust checks for high-risk applicants while ensuring a smooth journey for legitimate users.

This allows you to effectively reject bad actors showing strong fraudulent indicators while safely onboarding genuine customers.

Key Capabilities

Device Risk

Analyze device characteristics to identify suspicious setups like emulators or jailbroken devices.

IP Risk

Assess the risk associated with an IP address, detecting usage of VPNs or proxies.

Email Address Risk

Verify email addresses to uncover potential fraud indicators.

Phone Number Risk

Validate phone numbers and identify associated risk signals.

The End-to-End Fraud Check Flow

The fraud verification process involves a sequence of API calls to create an entity, register a device session (if applicable), and execute a workflow to get a result.

1

Create an Individual Entity

Before you can perform a fraud check, you need an entityId for the user. If you don’t already have one, create an individual entity by making a server-side call to the API. Ensure you provide email and phone details if you intend to check those signals.

$POST /v2/individuals

This request creates the user’s profile in the FrankieOne system and returns the essential entityId that will be used in all subsequent steps.

2

Register a Session (For Device & IP Checks)

To obtain device and IP signals, your application must integrate our oneSDK (either hosted or embedded). The oneSDK captures device data and establishes a session. This session must be registered with FrankieOne.

Make a server-side call to register the session against the entity. This step is only necessary if you require device and IP checks.

$POST /v2/individuals/{entityId}/sessions

This ensures that when the fraud check workflow is executed, FrankieOne can retrieve and analyze the data captured during that specific user session.

3

Execute Workflow

Once the entity is created (and a session is registered, if needed), you can execute the onboarding workflow. The workflow must be configured to include the FRAUD step to perform the checks.

$POST /v2/individuals/{entityId}/serviceprofiles/{serviceName}/workflows/{workflowName}/execute

This triggers the Fraud step, which analyzes the available signals (Email, Phone, Device, IP) and generates the results.

4

Get and Resolve Results

The workflow execution response will contain the results of the fraud checks. The overall step result will indicate a HIT or CLEAR based on the process results for each signal. You can then investigate any hits and resolve them.

To learn how to analyze the detailed outcomes, please see our dedicated guide:
Understanding Fraud Check Results

Limitations

Please be aware of the following limitations:

  • oneSDK Requirement: To get device and IP signals, you must implement oneSDK. Without it, only email and phone signals can be used.
  • Single Provider per Step: The fraud step is designed to support only one provider at a time. If you need to use different providers for different signals, you must configure separate fraud steps.
  • Supported Connectors: To find out which connectors are available for the v2 fraud step, please consult your implementation support manager.