| Account Sharing | The use of a single user ID across multiple devices or multiple user IDs on a single device. |
| API Server | The server that exposes Bespot’s API endpoints for authentication, verification, fraud detection and data analytics. |
| App Tampering | Detect unauthorized modification of an app’s code or stored data on the device/external memory. |
| App Version | Version of the client application. |
| Auth Server | The server that issues access tokens using OAuth 2.0’s Client Credentials Flow, enabling secure server-to-server verification and API access with JWT-based authentication. |
| Authentication | The process of verifying a user’s identity using credentials such as API keys and JWT tokens. |
| Bearer Token | A type of access token used in HTTP authorization headers for secure API requests. |
| City | The city in which a transaction took place. |
| City Code | The city code for the city in which a transaction took place. |
| Client Server | A customer’s backend system that communicates with Bespot’s API Server for verification. |
| Cloned App | Detection of multiple instances of the same application running on a single device. |
| CocoaPods | A dependency management tool for Swift and Objective-C Cocoa projects, which simplifies the process of integrating third-party libraries. |
| Confidence Level | A measure of the likelihood that a user’s reported location is accurate. |
| Connection Type | The network connection method used by a device (e.g., Wi-Fi, mobile data). |
| Country | The country in which a transaction took place. Reported in ISO 3166-1 alpha-2 format, as provided by Bespot’s geolocation and network analysis. |
| Dashboard | The Bespot Dashboard is a real-time monitoring interface tailored to risk and fraud teams for visualizing user transactions, evaluating policy outcomes, and tracking device activity. It also enables case management for investigating suspicious behavior. |
| Date | Timestamp when the transaction evaluation was performed. |
| Developer Options Menu | A default Android setting that enables advanced debugging and system modifications, often used by developers but exploitable for fraud. It allows location spoofing via mock location apps, aiding in reverse engineering, network interception, automated fraud, and device identity manipulation. Detecting Developer Mode usage helps prevent location-based fraud and unauthorized app modifications. |
| Developer Tools | A built-in browser feature for debugging, inspection, and network analysis. While essential for web development, it can be exploited for fraud through client-side code manipulation, location spoofing, API interception, and data extraction. Detecting its usage helps prevent web-based threats and unauthorized modifications. |
| Device Connection | Detect connection type, and carrier (mobile only). |
| Device Environment | Detect OS, version, locale, country, language. |
| Device Fingerprinting | A method of uniquely identifying a device based on various parameters like OS, manufacturer, and model. |
| Device ID | A system-generated unique device identifier created during the fingerprinting process, based on multiple device parameters. |
| Device Manufacturer | The brand or company that produced the device being used (e.g. Apple). |
| Device Model | The specific device model used for verification (e.g. iPhone 16 Pro Max). |
| Device Provenance | Detect device specifications, manufacturer and model details. |
| Display Mirroring | Detect display sharing to an external TV, monitor, or projector. |
| Emulator | Software that mimics a real device, is often used for developer testing or fraud attempts. |
| Encrypted Ticket | A cryptographically secured data structure that stores transaction verification results. It ensures data integrity and prevents tampering by allowing your client application to cross-check SDK responses, mitigating the risk of man-in-the-middle attacks. |
| Fraud Detection | The process of identifying and preventing suspicious or malicious activities in an application. |
| Gatekeeper SDK | A software development kit designed to protect applications from fraudulent activities by detecting and reporting potential threats using session, user and device information. |
| Geofence Presence | Verification of whether a user is within a predefined geographic boundary (geofence), enabling location-based access control and compliance enforcement. |
| Geofencing | The process of creating virtual boundaries (geofences) around a specific geographic area, such as a country, state, city, or building, to monitor and track a user’s location relative to the defined region. Geofences are configurable to suit specific location-based requirements and regulations. |
| Geolocation Compliance | Adherence to regulatory requirements that ensure users are accessing a service from an authorized location. |
| IP Address | A numerical identifier assigned to a device when it connects to a network, used to determine its origin and detect potential fraud. IP addresses can be analyzed for anomalies such as location mismatches, rapid changes, or association with VPNs and proxies. |
| IP Country | Device IP country information. |
| IP Geolocation | The method of estimating a device’s geographical location by analyzing its IP address. This process helps identify the country, region, city, and sometimes the internet service provider (ISP) associated with the connection. IP geolocation is commonly used for fraud detection, security monitoring, content restrictions, and compliance enforcement but can be affected by VPNs, proxies, and dynamic IP allocations. |
| JWT (JSON Web Token) | A secure token format is used for authentication and authorization in API interactions. |
| Latitude & Longitude | Reported geographical coordinates that pinpoint a device’s location. Latitude specifies north-south position, while longitude indicates east-west. |
| Location Accuracy | The deviation of reported location in meters indicates the precision of geolocation data. |
| Location Hopping | Detects improbable travel distances within short timeframes, signaling potential location spoofing or fraud attempts. |
| Location Insights | A dashboard feature that helps detect anomalies, such as clustering locations to identify fraud farms, unusual movement patterns, or inconsistencies in reported locations. |
| Location/IP Match | Detects discrepancies between IP geolocation and reported coordinates, ensuring regional consistency and identifying potential location spoofing. |
| Mock Location | Software-generated GPS coordinates used to spoof a device’s location and bypass geolocation checks. |
| Multiple Device IPs | Detects multiple IP addresses used by the same device, indicating possible network switching, VPN usage, or proxy masking. |
| Multiple User IPs | Detects a single User ID accessing an account from multiple IP addresses, which may indicate credential sharing, location spoofing, or compromised account activity. |
| Multiple Users on a Single Device | Detects multiple User IDs using the same Device UID, potentially signaling shared devices, fraudulent account farming, or compromised credentials. |
| OAuth 2.0 | An industry-standard protocol for secure API authorization, allowing applications to access resources without exposing user credentials. Bespot has adopted OAuth 2.0 for its reliability, security, and compatibility with modern authentication workflows. |
| OS | User’s device operating system (e.g. Android, iOS, Windows, MacOS). |
| OS Version | The version of the user’s device operating system. |
| Policy Action | The outcome of a transaction evaluation, determining whether to allow, monitor, limit, or block access based on a predefined fraud strategy. |
| Policy Actions | The outcome of a transaction evaluation, determined by the selected fraud strategy or custom rules. It defines whether an action is allowed, monitored, limited, or blocked based on risk assessment. |
| Proxy Connection | Detects active proxy server connections, which can be used to reroute traffic and obscure a user’s true IP address. |
| Proxy Detection | Detection of devices using proxy servers to mask their actual location. |
| Proxy Provider | Checks IP addresses against a database of known proxy providers to identify potential traffic anonymization or fraud attempts. |
| Region/State | The administrative region or state in which a transaction took place. |
| Reverse Geocoding | The process of converting geographic coordinates into readable location data (e.g., city, state, country). |
| RiskMap | A configurable geolocation feature that clusters unique device activity by area and time. It identifies activity hotspots to detect fraud patterns such as location farming, bots, or anomalies. The area is adjustable based on the use case for precise detection. |
| Root/Jailbreak Detection | The process of identifying unauthorized modifications to a device’s operating system (rooting on Android, jailbreaking on iOS). Such modifications can allow users to bypass security restrictions, potentially enabling GPS spoofing, app tampering, and other fraudulent activities. |
| Rule Detections | Fraud detection rules that were triggered during a transaction evaluation. Each detection corresponds to a specific risk factor, such as location spoofing, multiple device usage, or VPN/proxy masking. |
| SDK (Software Development Kit) | A collection of tools that allow developers to integrate Bespot’s geolocation and fraud detection features into their applications. |
| Server-to-Server Verification | A validation process where the client’s backend communicates directly with Bespot’s API server using an Encrypted Ticket. This cryptographically secured data structure ensures sensitive information is transmitted securely, preserving data integrity and preventing tampering or man-in-the-middle attacks. |
| Suspicious Activity | Any detected behavior that deviates from normal user activity patterns and may indicate fraud. Identification is based on Bespot’s customized or predefined industry-specific fraud prevention strategies. |
| Swift Package Manager (SPM) | A dependency management tool built into Swift that simplifies the integration and distribution of Swift libraries and frameworks. |
| Transactional Data | Logged information related to user interactions, including timestamps, user IDs, device details, and geolocation data. For a detailed breakdown of all transactional data fields, see Transactional Data Details. |
| User ID | A unique identifier for each user, as provided by the customer through the client application. |
| User Location | Collect device coordinates, accuracy, speed, and provider. |
| User Lookup | A feature in the dashboard that allows administrators to view and analyze individual user activity. |
| User on Multiple Devices | Detects when a single User ID is accessed from multiple devices, which may indicate credential sharing, unauthorized access, or account misuse. |
| Virtual Container | A method of isolating applications within a sandboxed environment, sometimes used for fraud. |
| VPN App Presence | Detects for installed known VPN applications on a device, which may indicate an attempt to manipulate location or bypass restrictions. |
| VPN Connection | Identifies active VPN connections, which may be used to mask a user’s true location or bypass security measures. |
| VPN Detection | Detection of virtual private network (VPN) usage to mask a user’s true IP address. |
| VPN Provider | Checks IP addresses against a database of known VPN providers to detect anonymized or obfuscated traffic. |
