Accounts and Sessions are the fundamental data entities in Verisoul. Understanding this distinction is crucial for implementing effective fraud prevention strategies.

How Accounts and Sessions Work Together

Every webpage or app interaction gets a session_id on the client side. This session is then later tied to an account (account_id).

  • Sessions represent a point in time interaction with your application
  • Accounts represent persistent user identities that span multiple sessions

Sessions are typically only tied to a single account but this is not enforced via the API.

Key Differences

AccountSession
Persistent identityTemporary interaction
Aggregate of all sessionsData from a single client-side interaction
Spans multiple sessionsLimited time window (24 hours)
Can be deleted and updatedCannot be modified once created
Can be added to listsCannot be added to lists

Session Signals

Session signals are derived purely from data collected from the webpage or application without requiring information about the account_id or other sessions.

  • Device Information: Hardware, software, and browser characteristics
  • Network information: IP address, connection type, service provider
  • Location information: Geolocation, country, state, city, zip code
  • Behavioral data: Mouse movements, typing patterns, touch interactions

Types of Session Signals

Session signals fall into two main categories:

  1. Session Data: Raw information collected during the session
  2. Session Scores: Risk evaluations derived from the session data

Session Data

Session data includes detailed information about the user’s environment and behavior:

"session": {
    "start_time": "2025-03-12T16:56:21.853Z",
    "true_country_code": "US",
    "network": {
        "ip_address": "2600:1700:261:b810:4d06:c3c4:86e:ffc",
        "service_provider": "AT&T Internet",
        "connection_type": "isp"
    },
    "location": {
        "continent": "NA",
        "country_code": "US",
        "state": "Texas",
        "city": "Austin",
        "zip_code": "78703",
        "timezone": "America/Chicago",
        "latitude": 30.2881,
        "longitude": -97.764
    },
    "browser": {
        "type": "Chrome",
        "version": "132.0.0.0",
        "language": "en",
        "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36",
        "timezone": "America/Chicago"
    },
    "device": {
        "category": "desktop",
        "type": "Mac",
        "os": "macOS 10.15.7",
        "cpu_cores": 16,
        "memory": 8,
        "gpu": "ANGLE (Apple, ANGLE Metal Renderer: Apple M4 Max, Unspecified Version)"
    },
    "bot": {
        "mouse_num_events": 536,
        "click_num_events": 8,
        "keyboard_num_events": 2,
        "touch_num_events": 0,
        "clipboard_num_events": 2
    }
}

Session Scores

Session scores are risk evaluations derived from analyzing the session data:

"risk_signals": {
    "device_risk": false,
    "proxy": false,
    "vpn": false,
    "tor": false,
    "spoofed_ip": false,
    "datacenter": false,
    "recent_fraud_ip": false,
    "impossible_travel": false,
    "device_network_mismatch": false
},
"risk_signal_scores": {
    "device_risk": 0.0295,
    "proxy": 0,
    "vpn": 0,
    "tor": 0,
    "datacenter": 0,
    "recent_fraud_ip": 0,
    "impossible_travel": 0,
    "device_network_mismatch": 0.0001
}

Account Signals

Account signals are an aggregate of all the sessions associated with an account_id. They also include information that can only be tied to the account level.

What Are Account Signals?

Account signals include:

  • Identity information: Email domains, usernames, account creation patterns
  • Cross-session patterns: How the user behaves across multiple sessions
  • Linked accounts: Connections to other accounts in your system
  • Impossible travel: Login attempts from geographically impossible locations
  • Email risk: Risk associated with the email address
  • List membership: Inclusion in allow/block lists
  • Device and network uniqueness: Number of unique devices and networks used over time periods

Example of Account Signals

Account signals provide a comprehensive view of user activity across multiple sessions:

{
    "project_id": "00000000-0000-0000-0000-000000000001",
    "request_id": "e87bcdbd-e6f8-4ac1-aa26-ebe6126162d7",
    "account": {
        "id": "test-account",
        "email": "",
        "metadata": {}
    },
    "num_sessions": 4,
    "first_seen": "2025-02-20T03:06:59.679317863Z",
    "last_seen": "2025-03-12T16:56:45.094931797Z",
    "last_session": "8d89023f-959a-4cc5-bf3a-e20cfe26b006",
    "country": "US",
    "countries": [
        "US"
    ],
    "decision": "Fake",
    "account_score": 0.9409,
    "bot": 0,
    "multiple_accounts": 1,
    "risk_signals": 0.2235,
    "accounts_linked": 35,
    "lists": [
        "custom_list"
    ],
    "unique_devices": {
        "1_day": 1,
        "7_day": 2
    },
    "unique_networks": {
        "1_day": 1,
        "7_day": 2
    },
    "email": {
        "email": "",
        "disposable": null,
        "personal": null,
        "valid": null
    },
    "risk_signal_average": {
        "device_risk": 0.2348,
        "proxy": 0.0004,
        "vpn": 0,
        "tor": 0,
        "spoofed_ip": 0,
        "datacenter": 0,
        "recent_fraud_ip": 0,
        "impossible_travel": 0,
        "device_network_mismatch": 0.0001
    }
}

Risk Signal Average

The risk_signal_average field represents an intelligent time-decay based algorithm of the session scores. This means:

  • Recent sessions have more weight in the calculation than older sessions
  • The algorithm intelligently aggregates risk signals across all sessions
  • It provides a more accurate representation of current risk than a simple average
  • It helps identify patterns of risk that persist across multiple sessions

API Access and Rules

Both account and session data is available via the API in real time. This allows you to:

  • Make real-time decisions based on current risk scores
  • Apply different rules to accounts vs sessions
  • Implement custom logic based on your specific use case

Rules can be configured to run on both Accounts and Sessions, allowing for flexible fraud prevention strategies.

Combining Account and Session Signals

Verisoul’s power comes from analyzing both account and session signals together

New User Signup

During signup, a user will only have one session, and that session’s risk score will effectively be their account score. This initial assessment is critical for preventing fraudulent accounts from being created.

Established Accounts with Risky Sessions

An account in good standing can occasionally have a risky session that doesn’t necessarily mean the entire account should be banned. For example:

  • A legitimate user might connect through a VPN or proxy for privacy reasons
  • A shared device might show unusual behavioral patterns
  • Network conditions might trigger certain risk signals

In these cases, you might choose to:

  • Block the specific session activity without banning the account
  • Require additional authentication for that session
  • Limit functionality until the risk is cleared

This approach allows you to maintain security while minimizing disruption for legitimate users who occasionally trigger risk signals.

Implementation Best Practices

When to Focus on Account Signals

  • During user registration
  • When users claim promotions or bonuses
  • For high-value transactions
  • When monitoring for multi-accounting

When to Focus on Session Signals

  • During login attempts
  • When users change account settings
  • For password reset requests
  • When monitoring for account takeovers

Balancing Security and User Experience

  • Apply stricter controls for high-risk accounts or sessions
  • Use progressive security measures based on risk levels
  • Consider the context of the action being performed
  • Monitor false positive rates and adjust thresholds accordingly