Best Practices for Implementing Risk Signals

Risk signals are various types of checks that help verify that a person is who they say they are and that they’re suitable to do business with. For example, when a new user is creating an account online, you can check the reputation of their phone number, email address and IP address to see whether those channels have been used in fraudulent transactions in the past.

Because risk signals are inexpensive and low-friction for users, they provide an excellent way to check the risk of the user before you perform more expensive and active methods of identity verification. That’s why so many businesses are adding risk signals to their onboarding workflows as well as at strategic points throughout the customer lifecycle.

Let’s take a look at the best practices for implementing risk signals in your business processes.

Which Risk Signals Should I Use?

There is a wide variety of risk signals to choose from. Jumio regularly evaluates and selects the best risk signals on the market to include in our identity verification platform. Following is a brief description of the risk signals we offer, how they help, and when to use each one.

Global Identity Check

This risk signal runs the user’s name, address, phone and email through a network of global identity databases to gain assurance that they belong to this person and to assess the person’s overall risk. It returns a single risk rating for the person, which you can then use in your rules to trigger more stringent KYC procedures as needed. This service is especially useful as a lightweight check at onboarding to determine whether further checks are needed, or for ongoing risk monitoring of your existing customers.

Geo IP Check

This risk signal checks the risk and reputation of the user’s IP address and determines their ISP’s location. This service is especially useful for stopping the user journey before it starts if the user is attempting to hide their actual location or if their IP address has unusually high velocity that can be attributed to a bot.

Device Check

This risk signal assesses the risk of the user’s device through indicators such as extensive device history, fingerprinting anomalies, usage patterns and emulators. Because this service runs in the background before the user has entered any information, it’s an excellent, frictionless check to run at the beginning of the onboarding journey or digital transaction.

Email Check

This risk signal assesses the risk of an email address by evaluating its velocity, age, domain details, country, fraud history and other details. This service returns detailed information about the email address so you can make an informed decision.

Phone Number Check

This risk signal determines the risk and reputation of a phone number. It looks at usage patterns, phone data attributes, fraud history and more. The service returns a risk rating and additional data that can guide your workflow, such as requiring users with blocked phone numbers to enter an unblocked number.

Address Checks

Address checks validate and corroborate addresses with independent, third-party sources. They determine whether the address extracted from a government-issued ID exists in the real world and whether the person being verified actually lives at the address on their ID. These services are useful for complying with regional regulations that require you to validate addresses and establish proof of residency using independent public sources.

Government Database Checks

Government database checks let you verify that the data provided by the user or extracted from the ID card matches the data held by the jurisdiction that issued the legal document. This service checks government databases around the world, providing a simple method for detecting manipulated IDs (the data doesn’t match the database) and synthetic IDs (the ID doesn’t exist in the database).

Social Security Number Check

This risk signal verifies that the name and address (and optionally the date of birth and phone number) match the Social Security number by checking databases from the Social Security Administration, USPS, credit bureaus and other proprietary sources. This service is useful as a lightweight check for U.S. users.

Challenges When Selecting a Vendor

After deciding which risk signals you want in your workflows, you need to choose a vendor. If you only want a single risk signal, you might decide to select a vendor who provides that service and work directly with them to implement it into your workflows. However, this one-off approach quickly becomes inefficient for the following reasons:


Requires engagement with multiple data providers separately, which leads to inefficiencies and increased administrative burden.

Lack of Translation Layer

Normalizing variations in data formats and frequencies of updates among providers can be complex without a translation layer.

Integration Complexity

Each integration can be technically challenging and time-consuming to implement and maintain. Each data provider has its own API, data format, and integration requirements.

Higher Costs

While direct connections may seem cost-effective initially, the cumulative expenses associated with integrating and maintaining multiple connections, along with potential scalability challenges, could outweigh the benefits over time.

Less Control of Sensitive Information

Each additional vendor increases chances of a data breach. And ensuring compliance with diverse regulatory frameworks adds another layer of complexity and potential risk.

Using an Integrated Platform

Instead of creating a separate implementation for each risk signal, it’s far more efficient to use an integrated identity verification platform like Jumio. Because we regularly evaluate risk signal vendors and do the work to integrate them into our platform, Jumio customers can take advantage of the best risk signals on the market and easily add them into their existing workflows without the headache of integrating with an entirely separate vendor. You only have to sign one contract, maintain one implementation and pay one invoice rather than managing integrations and relationships with multiple vendors. With hundreds of data sources and a rich dataset at our disposal, we can provide you with a comprehensive risk score and the most informed identity verification results.

Here are some of the benefits of implementing risk signals through the Jumio platform:

Easier Integration and Maintenance

With Jumio, you have one platform, one API and one contract. This approach is faster and easier to implement and maintain, so you can focus on your own operations. And we provide all the data, tools and analytics you need to manage fraud across the user journey in one place.

Scalability and Performance

Jumio’s infrastructure is designed to handle large volumes of data and perform real-time risk assessments at scale. This type of scalability and performance may be difficult for larger companies to achieve on their own, especially as their data volumes and processing requirements grow.

A Complete Fraud Prevention and Compliance Solution

Jumio provides one platform that integrates complete fraud and compliance solutions, management tools, data and analytics with an intelligent decisioning layer. We normalize data provided by the various data sources, minimizing the time and costs businesses must spend if they do it themselves. Jumio also makes it easy to create custom workflows and rules to fit unique business operations and balance fraud prevention with user experience without having to write code. And customizable risk scoring helps you drive decisions faster. The result is that Jumio optimizes operations and saves our customers on time and cost.

Expertise and Specialization

Backed by a proven track record and a commitment to eradicating fraud, Jumio helps businesses confidently trust their users while also ensuring compliance, whereas other vendors are strictly data providers. Choosing Jumio helps you future proof your business.

Best-in-Class Data Sources

With Jumio, you leverage industry-leading global data sources passed through an intelligence layer that is easily integrated into a dynamic workflow. This lets you catch fraud faster in the workflow without hindering your users’ experience.

To learn more about best practices for implementing risk signals, contact us to start a conversation with a Jumio specialist about choosing the right risk signals for your unique business needs.


Get the latest updates from the Identity and Beyond blog, delivered to your inbox.

    Yes, I would like to receive periodic updates from the Jumio blog as well as marketing communications regarding Jumio products, services, and events. I can unsubscribe at any time.

    Jumio values your privacy. To learn more, visit our Privacy Statement.