Fraud Prevention SDK - Device & Behavioural Intelligence

How to implement Device and Behavioural Intelligence solution?

To collect user device and behavior data, you will need to integrate the Bureau's Device Intelligence SDK into your mobile or web application. This data can be used to identify suspicious devices and prevent fraud.

The implementation process is simple and can be started as soon as you have signed up for a Bureau account and obtained your Client ID or Credential ID. Contact us at [email protected] to sign-up for an account.

Getting Started

Bureau SDK collects and provides insights for each session. A session is defined as a sequence of interactions with your app or website by a single user. Each session has two types of insights: a unique device fingerprint for that session and signals that measure the risk level of the session.

For the best results, we recommend integrating our Device Intelligence solution at each major milestone throughout your user journey, not just at the beginning. The more information we have, the better, as it helps us refine our risk score.

The common milestones include login, registration, changing password, adding more user, application completion, KYC, payment, withdrawal, address change, nominee addition, refund request, chargeback request.

The Bureau's Device Intelligence Solution implementation requires a two-step process for both mobile and web.

  1. SDK integration: This involves adding the SDK code to your app or website
    1. Android SDK
    2. iOS SDK
    3. Flutter SDK
    4. Web SDK
  2. Backend API integration: This involves connecting your app or website to the Bureau's backend API
    1. Device Intelligence API Documentation

Bureau Fraud Prevention SDK Glossary

The high level flow of the Bureau Fraud Prevention SDK involves three main steps

a. Start collecting data from the device / browser of the end user by initiating a session. This is usually around risky checkpoints in the user's journey like payment, login, authentication, change of address, addition of a nominee, statement withdrawal, placing a refund and so on.

b. Submit the session data to our servers for our system to compute fingerprint and the risk signals. This happen on the Bureau backend using proprietary ML models.

c. Invoke the Bureau service to fetch intelligence about the session data that was submitted. This is a call to the backend server. In return, we provide the unqiue device ID, browser ID along with the risk score and risk level of the session using datapoints collected in the session.

  1. Client ID or Credential ID
    1. The Client ID or Credential ID is a unique identifier that Bureau provides to you to interact with our system programmatically. This ID is required for all API calls to the Bureau SDK.
  2. Session ID
    1. The Session ID is a unique identifier that you must set for each session. This identifier is used to track the session and to fetch the insights for that session for example - app launch, app signup or login flow
  3. User ID
    1. The User ID is a unique identifier that you must set for each user. This identifier is used to track the user across sessions and to correlate the insights for different sessions. For example - Hashed SSN/PAN/Other government identity number, mobile number and so on.
  4. Fingerprint
    1. The fingerprint is a unique identifier that is generated by Bureau based on different device parameters. This identifier is used to uniquely identify the device and to generate the insights for the session.
  5. init ()
    1. This function initiates the process of collecting data from the user's device / browser for further processing by our systems
  6. submit ()
    1. This function transfers the collected datapoints from the user's device / browser to our systems for further processing


The Session ID is a unique parameter that is mandatorily required to fetch the insights (risk score/ fingerprint) for each session.

Frequently Asked Questions

  1. What is the minimum version supported for Android API levels?
    1. Minimum supported API level is 21
  2. What is the size of the SDK?
    1. The size of the SDK is less than 400 KB. This means that it can be easily integrated into your application without significantly increasing its size.
  3. Where can I find the credential or the client ID?
    1. The credential or client ID will be given to you by Bureau's Customer Support team. You will need this ID to authenticate your requests to the Bureau SDK API.
  4. What is the expected latency for each session?
    1. The expected latency for the API call to submit raw data is around 110-140 milliseconds.
    2. The expected latency for the API call to fetch insights is around 110-140 milliseconds.
  5. Can I call the session insights call from the front end too?
    1. Yes, you can call the session insights call from the front end. However, it is not advisable for security reasons. The session insights call returns sensitive information about the user, such as their device fingerprint. It is better to call this call from the backend, where you can take steps to secure the data.
  6. How do I ensure that user ID is unique?
    1. We would recommend that you provide a hash of any unique identifier for the user, such as their PAN, SSN, or NIK. This will help to ensure that the user ID is unique and that you can track the user across sessions.
  7. Do you accept sessions with the same session ID?
    1. No, we do not accept sessions with the same session ID. Each session must have a unique session ID. This is to ensure that the insights for each session are accurate and not corrupted.
  8. Can I push submit session data but not invoke it?
    1. Yes, you can push submit session data but not redeem it. This means that you can send the session data to the Bureau SDK API, but you do not have to call the backend /v1/suppliers/device-fingerprint API to redeem the data. This can be useful if you want to store the session data for later analysis.