OverviewIdentity API ReferenceRisk APIScreening APIBusiness Check

Risk Insights

Overview

Beltic Risk is the platform’s cross-channel intelligence layer for digital identifiers—email addresses, phone numbers, IPs, and domains/websites.

It evaluates trust, reputation, and behavioral history across Beltic’s intelligence graph to surface fraud patterns, anonymity signals, and compromise indicators in real time.

The resulting Risk Score provides a single, interpretable metric for routing decisions across onboarding, authentication, and compliance workflows.

Core Purpose

Modern identity and transaction flows depend on multiple identifiers, each with different failure modes: disposable inboxes, SIM-swap exposure, anonymous network egress, or newly registered domains.

Beltic Risk aggregates heterogeneous signals into a unified trust model that adapts to regional context, identifier type, and evolving adversarial behavior—without forcing teams to stitch together point solutions.

Core Capabilities

1) Identifier-Level Intelligence

Beltic computes rich signals per identifier type, then correlates them at the entity and session layers.

  • Email Intelligence

    • Deliverability posture: domain age, DNS health, mail exchange presence, catch-all heuristics

    • Reputation posture: disposable/temporary patterns, spam-trap proximity, frequent-complainer signals, breach/leak exposure

    • Behavioral posture: recent abuse participation, honeypot touchpoints, known trial-abuse or chargeback associations

  • Phone Intelligence

    • Line characterization: carrier, line type (wireless/landline/VoIP/prepaid), regional attributes

    • Status posture: activity indicators, reachability confidence, DNC participation (where applicable)

    • Risk posture: leak exposure, recent abuse flags, spammer indicators, VOIP/disposable SMS detection, premium-rate risk

  • IP Intelligence

    • Network characterization: ASN/organization, host naming, timezone, mobile vs. fixed indicators

    • Anonymity posture: proxy/VPN/Tor detection (active and historical), data-center ranges, shared/dynamic traits

    • Abuse posture: recent attack velocity, crawler/bot presence, credential-stuffing or takeover patterns

  • Domain / Website Intelligence

    • Registration & hosting: WHOIS timeline, registrar, hosting geo/ASN, DNS posture

    • Security posture: certificate validity window, algorithm, HSTS presence, mixed-content exposure

    • Legitimacy cues: brand/keyword consistency checks, visual/UX indicators, prior blacklist hits, typosquatting and punycode risks

    • Performance & content: high-level accessibility/SEO/best-practice signals and business classification cues

Outcome: Independent vectors per identifier feed a correlated view, improving precision for synthetic identities and coordinated attacks.

2) Global Risk Scoring

Beltic assigns a 0–100 Risk Score per identifier and/or composite (e.g., email+phone+IP), calibrated by region and use case.

Interpretive Bands

  • 0–40 — Trusted: Strong posture; low observed risk

  • 40–80 — Medium Risk: Mixed signals; scrutinize context and friction level

  • 80–100 — High Risk: Strong indicators of anonymity, abuse, or compromise

Decisioning & Policy Patterns

  • Adaptive Friction:

    • Trusted band: fast-path approvals

    • Medium band: add step-up (e.g., additional doc, OTP, selfie)

    • High band: auto-deny or case escalation

  • Contextual Overrides:

    Combine Risk Score with channel posture (e.g., known customer, high-value transaction, device familiarity) to modulate actions.

  • Compound Thresholds:

    Example: Deny if (IP anonymity high) AND (email disposable OR phone VOIP) AND (new domain age).

Monitoring, Explainability, and Governance

  • Telemetry & KPIs: Latency, throughput, approval/deny mix, false-positive/false-negative tracking by segment

  • Attribution: Each score ships with contributing factor metadata (e.g., domain age, SIM-swap risk cue, ASN reputation)

Example Decision Flows

  1. Onboarding Trust Gate

    • Compute composite (email+phone+IP).

    • ≤25: auto-approve; 26–60: add friction; ≥61: escalate or deny.

    • Log contributing factors for future dispute resolution.

  2. Session Integrity / Login

    • Evaluate IP anonymity + device familiarity.

    • Trigger step-up only when anonymity + geo drift coincide, preserving UX for known devices.

  3. Payments & High-Risk Actions

    • Cross-check phone line type and activity posture with IP reputation.

    • Quarantine transactions where VOIP + active VPN + recent abuse co-occur.

  4. Website Intake Triage

    • For merchant or partner onboarding, assess domain age, certificate hygiene, typosquatting/brand risk, and hosting ASN reputation before advancing underwriting.

What “Good” Looks Like (Heuristic Examples)

  • Email: Mature domain, valid MX/DNS, no disposable/ trap proximity, no recent abuse, no risky TLD cues

  • Phone: Valid format, known carrier, non-VOIP (when policy requires), no recent abuse/leak, reachable status where available

  • IP: Residential or enterprise ASN, no active VPN/Tor, geo consistent with profile, no bot/crawler flags

  • Domain/Website: Reasonable domain age, valid cert window and chain, no blacklist history, no clear typosquatting, stable hosting posture

This documentation is maintained by Beltic. For questions, feedback, or support, feel free to contact our support team.

© 2025 Beltic. All rights reserved.