Why prevent fraud?
The bigger your application, the more likely it is to be targeted by fraudsters. Fraudsters inspect and copy your app’s backend API requests and modify them to send OTP codes to themselves in order to retrieve the SMS charges. This is called SMS pumping or IRSF fraud (read more about it here).
Ding’s machine learning models use a number of signals to distinguish fraudulent users from legitimate users. We infer some of these signals, but many depend on the information provided by your integration. The more data you provide, the more effective fraud prevention will be and the higher your conversion rate will be.
Important signals to send to Ding
To increase the effectiveness of fraud prevention, we recommend that you send the following signals to Ding:
|The IP address of the user’s device.
|The unique ID of the user’s device.
|Whether the user has signed in to your application before.
|The platform of the user’s device (iOS or Android).
|The model of the user’s device.
|The version of the user’s device operating system.
|The version of your application.
In the future, we plan to provide client-side SDKs to collect those signals automatically.
Allow and block lists
You can configure your integration to allow or block specific users from signing in. This can be useful if you want to manually block users you have identified as fraudulent or to disable anti-fraud algorithms for specific users.
To edit the allow or block lists, go to the Dashboard and navigate to the Settings > Numbers tab.
Follow the API reference to get detailed information about the Ding API.
Learn more about Ding’s API endpoints.