Risk Network

The Truepic Risk Network is the industry’s first shared intelligence network for visual risk signals. It helps organizations detect suspicious devices, locations, and user behaviors before bad actors access their platforms.

Fraudsters frequently reuse the same phones, the same spoofing tools, and the same falsified visual evidence across multiple companies. By sharing anonymized device intelligence across participating organizations, the Risk Network exposes these hidden patterns and provides an early warning system against repeat offenders.

How It Works

When an inspection is completed through Truepic Vision:

1. Truepic analyzes the device and capture behavior (e.g., spoofed GPS, modified time, rooted device).
2. Organizations can flag suspicious inspections, which then attach risk signals to the anonymized device profile.
3. The anonymized device identifier is shared across the network.
4. If that same device reappears anywhere else in the network, participating organizations receive relevant risk insights.

All signals are opt-in, anonymized, and privacy-protected.

Where Risk Network Data Appears in the API

Risk Network insights are included directly in the Inspection payload:

1. insights[]

An inspection-level summary highlighting notable risk signals. These are the possible insights:

• device_found_other_inspections - The device was found on other inspections, this is more of a warning than an alert as it could be benign. Details can be found in the devices array. When a devices was used in other inspections the other_inspections property for that device will have details about the specific list of inspections that this device has been used for.
• device_flagged_other_inspections - This device was flagged previously by someone within our fraud network as being associated with fraud. The details can be found in the devices array. See the below section for the details about the specific flags.
• falsified_location - There is evidence that the user has falsified their location. The specific falsified locations can be found in the locations[] property of an inspection. Each location will have a spoofed property that will either be not_spoofed or one of these values giving more detail: spoof_reason_not_specified, mock_simulated accuracy_high, timestamp_old, accuracy_chrome_devtools, altitude_missing, teleported, speed_vertical_accuracy_missing, accessory, bad_spoof_reason
• insecure_device - There are things about a device used to complete this inspection that indicate it the user may be using an insecure device for this inspection. There are many things that can trigger this warning.

These insights give you an at-a-glance view of potential issues without digging through device details.

2. devices[]

Lists every device that interacted with the inspection and includes:

• anonymized fingerprint_id
• prior inspections using the same device
• risk flags generated in this inspection
• risk flags from other inspections within your organization
• flags from other organizations in the risk network

3. locations[]

A list of all the locations where inspection activities occurred. These are related to timeline activities and truepics by a location_id and have a spoofed property which indicates if they were spoofed or not.

Device Risk Flags

Devices participating in an inspection may be associated with one or more Risk Network flags. These signals indicate suspicious device behavior, metadata manipulation, or user actions observed during the inspection.

Below is the full list of flags organizations may apply to a device:

Example Output

"devices": [
  {
    "fingerprint_id": "zpRGZWsRBs90bEmtPJLg",
    "other_inspections": [...],
    "flags": ["spoofed_location"],
    "flags_other_inspections": { "flag_counts": { "spoofed_location": 1 } },
    "flags_other_orgs": { "org_count": 2 }
  }
],
"insights": [
  { "type": "device_flagged_other_inspections" },
  { "type": "insecure_device" }
]
"locations": [
  {
    ...
    "spoofed": "teleported",
  }
]