> ## Documentation Index > Fetch the complete documentation index at: https://docs.verisoul.ai/llms.txt > Use this file to discover all available pages before exploring further. # Account vs Session > Understanding the difference between account and session signals in Verisoul Accounts and Sessions are the fundamental data entities in Verisoul. Understanding this distinction is crucial for implementing effective fraud prevention strategies. ## How Accounts and Sessions Work Together Every webpage or app interaction gets a `session_id` on the client side. This session is then later tied to an account (`account_id`). * **Sessions** represent a point in time interaction with your application * **Accounts** represent persistent user identities that span multiple sessions Sessions are typically only tied to a single account but this is not enforced via the API. ## Key Differences | Account | Session | | -------------------------- | ------------------------------------------ | | Persistent identity | Temporary interaction | | Aggregate of all sessions | Data from a single client-side interaction | | Spans multiple sessions | Limited time window (24 hours) | | Can be deleted and updated | Cannot be modified once created | | Can be added to lists | Cannot be added to lists | ## Session Signals Session signals are derived purely from data collected from the webpage or application without requiring information about the account\_id or other sessions. * **Device Information**: Hardware, software, and browser characteristics * **Network information**: IP address, connection type, service provider * **Location information**: Geolocation, country, state, city, zip code * **Behavioral data**: Mouse movements, typing patterns, touch interactions ### Types of Session Signals Session signals fall into two main categories: 1. **Session Data**: Raw information collected during the session 2. **Session Scores**: Risk evaluations derived from the session data #### Session Data Session data includes detailed information about the user's environment and behavior: ```json theme={null} "session": { "start_time": "2025-03-12T16:56:21.853Z", "true_country_code": "US", "network": { "ip_address": "2600:1700:261:b810:4d06:c3c4:86e:ffc", "service_provider": "AT&T Internet", "connection_type": "isp" }, "location": { "continent": "NA", "country_code": "US", "state": "Texas", "city": "Austin", "zip_code": "78703", "timezone": "America/Chicago", "latitude": 30.2881, "longitude": -97.764 }, "browser": { "type": "Chrome", "version": "132.0.0.0", "language": "en", "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36", "timezone": "America/Chicago" }, "device": { "category": "desktop", "type": "Mac", "os": "macOS 10.15.7", "cpu_cores": 16, "memory": 8, "gpu": "ANGLE (Apple, ANGLE Metal Renderer: Apple M4 Max, Unspecified Version)" }, "bot": { "mouse_num_events": 536, "click_num_events": 8, "keyboard_num_events": 2, "touch_num_events": 0, "clipboard_num_events": 2 } } ``` #### Session Scores Session scores are risk evaluations derived from analyzing the session data: ```json theme={null} "risk_signals": { "device_risk": false, "proxy": false, "vpn": false, "tor": false, "spoofed_ip": false, "datacenter": false, "recent_fraud_ip": false, "impossible_travel": false, "device_network_mismatch": false }, "risk_signal_scores": { "device_risk": 0.0295, "proxy": 0, "vpn": 0, "tor": 0, "datacenter": 0, "recent_fraud_ip": 0, "impossible_travel": 0, "device_network_mismatch": 0.0001 } ``` ## Account Signals Account signals are an aggregate of all the sessions associated with an account\_id. They also include information that can only be tied to the account level. ### What Are Account Signals? Account signals include: * **Identity information**: Email domains, usernames, account creation patterns * **Cross-session patterns**: How the user behaves across multiple sessions * **Linked accounts**: Connections to other accounts in your system * **Impossible travel**: Login attempts from geographically impossible locations * **Email risk**: Risk associated with the email address * **List membership**: Inclusion in allow/block lists * **Device and network uniqueness**: Number of unique devices and networks used over time periods ### Example of Account Signals Account signals provide a comprehensive view of user activity across multiple sessions: ```json theme={null} { "project_id": "00000000-0000-0000-0000-000000000001", "request_id": "e87bcdbd-e6f8-4ac1-aa26-ebe6126162d7", "account": { "id": "test-account", "email": "", "metadata": {} }, "num_sessions": 4, "first_seen": "2025-02-20T03:06:59.679317863Z", "last_seen": "2025-03-12T16:56:45.094931797Z", "last_session": "8d89023f-959a-4cc5-bf3a-e20cfe26b006", "country": "US", "countries": [ "US" ], "decision": "Fake", "account_score": 0.9409, "bot": 0, "multiple_accounts": 1, "risk_signals": 0.2235, "accounts_linked": 35, "lists": [ "custom_list" ], "unique_devices": { "1_day": 1, "7_day": 2 }, "unique_networks": { "1_day": 1, "7_day": 2 }, "email": { "email": "", "disposable": null, "personal": null, "valid": null }, "risk_signal_average": { "device_risk": 0.2348, "proxy": 0.0004, "vpn": 0, "tor": 0, "spoofed_ip": 0, "datacenter": 0, "recent_fraud_ip": 0, "impossible_travel": 0, "device_network_mismatch": 0.0001 } } ``` ### Risk Signal Average The `risk_signal_average` field represents an intelligent time-decay based algorithm of the session scores. This means: * Recent sessions have more weight in the calculation than older sessions * The algorithm intelligently aggregates risk signals across all sessions * It provides a more accurate representation of current risk than a simple average * It helps identify patterns of risk that persist across multiple sessions ## API Access and Rules Both account and session data is available via the API in real time. This allows you to: * Make real-time decisions based on current risk scores * Apply different rules to accounts vs sessions * Implement custom logic based on your specific use case Rules can be configured to run on both Accounts and Sessions, allowing for flexible fraud prevention strategies. ## Combining Account and Session Signals Verisoul's power comes from analyzing both account and session signals together ### New User Signup During signup, a user will only have one session, and that session's risk score will effectively be their account score. This initial assessment is critical for preventing fraudulent accounts from being created. ### Established Accounts with Risky Sessions An account in good standing can occasionally have a risky session that doesn't necessarily mean the entire account should be banned. For example: * A legitimate user might connect through a VPN or proxy for privacy reasons * A shared device might show unusual behavioral patterns * Network conditions might trigger certain risk signals In these cases, you might choose to: * Block the specific session activity without banning the account * Require additional authentication for that session * Limit functionality until the risk is cleared This approach allows you to maintain security while minimizing disruption for legitimate users who occasionally trigger risk signals. ## Implementation Best Practices ### When to Focus on Account Signals * During user registration * When users claim promotions or bonuses * For high-value transactions * When monitoring for multi-accounting ### When to Focus on Session Signals * During login attempts * When users change account settings * For password reset requests * When monitoring for account takeovers ### Balancing Security and User Experience * Apply stricter controls for high-risk accounts or sessions * Use progressive security measures based on risk levels * Consider the context of the action being performed * Monitor false positive rates and adjust thresholds accordingly