Threat Codes
Understanding FraudStop Threat Codes
When the token validation API (/token/validate/) rejects a token it will return a limited set of flags to give insight into why a specific token was blocked.
| Threat Flag | Threat Code | Meaning |
|---|---|---|
| APP_SOURCE | 1 | App does not originate from the Google Play Store (comes from third party app stores or is downloaded from an advert.) |
| APP_ACTIVITY | 2 | App is engaged in activity associated exclusively with fraud such as spoofing. |
| FRAUDSCAN_BLACKLIST | 4 | App has been found performing auto subscriptions by FraudScan or has been reported by one of our clients. |
| SUSPICIOUS_TOKEN | 8 | Repeat token has been submitted with different timestamps. Potential circumvention attempt or it could be an implementation issue. It is possible to validate a token twice, but the timestamp submitted needs to be the same as the initial submission of that token. |
| BOT_ACTIVITY | 16 | Originating IP or user agent has performed repeat visits, belongs to a different country than the one assigned to the merchant or is otherwise suspicious. |
| IFRAME | 32 | Payment page has been served inside an iframe. |
| GENERAL_ACTIVITY | 64 | Suspicious activity detected for which the source can not be identified. |
| OPERATOR_RULE | 128 | A market specific rule mandated by the operator. |
| INCORRECT_COUNTRY | 256 | The transaction appears to come from outside of the country. This is flag is currently opt in only, if you wish to use it please speak to your account manager. |
| MSISDN_BLACKLIST | 512 | The MSISDN associated with the transaction has been blacklisted by the operator. |