Risk Levels
Every verify() call returns a riskLevel and an allowed boolean. These are independent: a transaction can be allowed: true with riskLevel: high.
Levels
lowTransaction looks safe. No signals flagged.
mediumSome signals flagged. Consider additional verification.
highStrong fraud signals detected. Can still be allowed depending on scenario configuration.
blockedTransaction blocked by backend policy. SDK-only value, always allowed: false.
unknownRisk could not be determined. SDK or backend failure. SDK-only value, always allowed: false.
risk_level and allowed are evaluated independently by the backend. The risk level reflects the fraud signal assessment, while the allowed decision is based on your organization's scenario configuration. A high risk transaction can be allowed: true if no rejection scenario triggers.
blocked and unknown are SDK-only values indicating error conditions. When riskLevel is either of these, allowed will be false and the errors array will contain details. The backend only returns low, medium, or high.
Decision Flow
verify() returns result
Transaction accepted. The risk level tells you how much friction to apply:
- low: proceed normally
- medium: proceed with caution, consider step-up verification
- high: accepted but flagged for review, add friction or monitor
Transaction rejected. Check result.errors for details:
- high: rejection scenario triggered
- blocked: backend policy block (blacklist, jurisdiction)
- unknown: SDK/network error