1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.recaptchaenterprise.v1beta1; 18 19import "google/api/annotations.proto"; 20import "google/api/client.proto"; 21import "google/api/field_behavior.proto"; 22import "google/api/resource.proto"; 23import "google/protobuf/timestamp.proto"; 24 25option csharp_namespace = "Google.Cloud.RecaptchaEnterprise.V1Beta1"; 26option go_package = "cloud.google.com/go/recaptchaenterprise/v2/apiv1beta1/recaptchaenterprisepb;recaptchaenterprisepb"; 27option java_multiple_files = true; 28option java_outer_classname = "RecaptchaEnterpriseProto"; 29option java_package = "com.google.recaptchaenterprise.v1beta1"; 30option objc_class_prefix = "GCRE"; 31option php_namespace = "Google\\Cloud\\RecaptchaEnterprise\\V1beta1"; 32option ruby_package = "Google::Cloud::RecaptchaEnterprise::V1beta1"; 33 34// Service to determine the likelihood an event is legitimate. 35service RecaptchaEnterpriseServiceV1Beta1 { 36 option (google.api.default_host) = "recaptchaenterprise.googleapis.com"; 37 option (google.api.oauth_scopes) = 38 "https://www.googleapis.com/auth/cloud-platform"; 39 40 // Creates an Assessment of the likelihood an event is legitimate. 41 rpc CreateAssessment(CreateAssessmentRequest) returns (Assessment) { 42 option (google.api.http) = { 43 post: "/v1beta1/{parent=projects/*}/assessments" 44 body: "assessment" 45 }; 46 option (google.api.method_signature) = "parent,assessment"; 47 } 48 49 // Annotates a previously created Assessment to provide additional information 50 // on whether the event turned out to be authentic or fradulent. 51 rpc AnnotateAssessment(AnnotateAssessmentRequest) 52 returns (AnnotateAssessmentResponse) { 53 option (google.api.http) = { 54 post: "/v1beta1/{name=projects/*/assessments/*}:annotate" 55 body: "*" 56 }; 57 option (google.api.method_signature) = "name,annotation"; 58 } 59} 60 61// The create assessment request message. 62message CreateAssessmentRequest { 63 // Required. The name of the project in which the assessment will be created, 64 // in the format "projects/{project_number}". 65 string parent = 1 [ 66 (google.api.field_behavior) = REQUIRED, 67 (google.api.resource_reference) = { 68 type: "cloudresourcemanager.googleapis.com/Project" 69 } 70 ]; 71 72 // Required. The assessment details. 73 Assessment assessment = 2 [(google.api.field_behavior) = REQUIRED]; 74} 75 76// Describes an event in the lifecycle of a payment transaction. 77message TransactionEvent { 78 // Enum that represents an event in the payment transaction lifecycle. 79 enum TransactionEventType { 80 // Default, unspecified event type. 81 TRANSACTION_EVENT_TYPE_UNSPECIFIED = 0; 82 83 // Indicates that the transaction is approved by the merchant. The 84 // accompanying reasons can include terms such as 'INHOUSE', 'ACCERTIFY', 85 // 'CYBERSOURCE', or 'MANUAL_REVIEW'. 86 MERCHANT_APPROVE = 1; 87 88 // Indicates that the transaction is denied and concluded due to risks 89 // detected by the merchant. The accompanying reasons can include terms such 90 // as 'INHOUSE', 'ACCERTIFY', 'CYBERSOURCE', or 'MANUAL_REVIEW'. 91 MERCHANT_DENY = 2; 92 93 // Indicates that the transaction is being evaluated by a human, due to 94 // suspicion or risk. 95 MANUAL_REVIEW = 3; 96 97 // Indicates that the authorization attempt with the card issuer succeeded. 98 AUTHORIZATION = 4; 99 100 // Indicates that the authorization attempt with the card issuer failed. 101 // The accompanying reasons can include Visa's '54' indicating that the card 102 // is expired, or '82' indicating that the CVV is incorrect. 103 AUTHORIZATION_DECLINE = 5; 104 105 // Indicates that the transaction is completed because the funds were 106 // settled. 107 PAYMENT_CAPTURE = 6; 108 109 // Indicates that the transaction could not be completed because the funds 110 // were not settled. 111 PAYMENT_CAPTURE_DECLINE = 7; 112 113 // Indicates that the transaction has been canceled. Specify the reason 114 // for the cancellation. For example, 'INSUFFICIENT_INVENTORY'. 115 CANCEL = 8; 116 117 // Indicates that the merchant has received a chargeback inquiry due to 118 // fraud for the transaction, requesting additional information before a 119 // fraud chargeback is officially issued and a formal chargeback 120 // notification is sent. 121 CHARGEBACK_INQUIRY = 9; 122 123 // Indicates that the merchant has received a chargeback alert due to fraud 124 // for the transaction. The process of resolving the dispute without 125 // involving the payment network is started. 126 CHARGEBACK_ALERT = 10; 127 128 // Indicates that a fraud notification is issued for the transaction, sent 129 // by the payment instrument's issuing bank because the transaction appears 130 // to be fraudulent. We recommend including TC40 or SAFE data in the 131 // `reason` field for this event type. For partial chargebacks, we recommend 132 // that you include an amount in the `value` field. 133 FRAUD_NOTIFICATION = 11; 134 135 // Indicates that the merchant is informed by the payment network that the 136 // transaction has entered the chargeback process due to fraud. Reason code 137 // examples include Discover's '6005' and '6041'. For partial chargebacks, 138 // we recommend that you include an amount in the `value` field. 139 CHARGEBACK = 12; 140 141 // Indicates that the transaction has entered the chargeback process due to 142 // fraud, and that the merchant has chosen to enter representment. Reason 143 // examples include Discover's '6005' and '6041'. For partial chargebacks, 144 // we recommend that you include an amount in the `value` field. 145 CHARGEBACK_REPRESENTMENT = 13; 146 147 // Indicates that the transaction has had a fraud chargeback which was 148 // illegitimate and was reversed as a result. For partial chargebacks, we 149 // recommend that you include an amount in the `value` field. 150 CHARGEBACK_REVERSE = 14; 151 152 // Indicates that the merchant has received a refund for a completed 153 // transaction. For partial refunds, we recommend that you include an amount 154 // in the `value` field. Reason example: 'TAX_EXEMPT' (partial refund of 155 // exempt tax) 156 REFUND_REQUEST = 15; 157 158 // Indicates that the merchant has received a refund request for this 159 // transaction, but that they have declined it. For partial refunds, we 160 // recommend that you include an amount in the `value` field. Reason 161 // example: 'TAX_EXEMPT' (partial refund of exempt tax) 162 REFUND_DECLINE = 16; 163 164 // Indicates that the completed transaction was refunded by the merchant. 165 // For partial refunds, we recommend that you include an amount in the 166 // `value` field. Reason example: 'TAX_EXEMPT' (partial refund of exempt 167 // tax) 168 REFUND = 17; 169 170 // Indicates that the completed transaction was refunded by the merchant, 171 // and that this refund was reversed. For partial refunds, we recommend that 172 // you include an amount in the `value` field. 173 REFUND_REVERSE = 18; 174 } 175 176 // Optional. The type of this transaction event. 177 TransactionEventType event_type = 1 [(google.api.field_behavior) = OPTIONAL]; 178 179 // Optional. The reason or standardized code that corresponds with this 180 // transaction event, if one exists. For example, a CHARGEBACK event with code 181 // 6005. 182 string reason = 2 [(google.api.field_behavior) = OPTIONAL]; 183 184 // Optional. The value that corresponds with this transaction event, if one 185 // exists. For example, a refund event where $5.00 was refunded. Currency is 186 // obtained from the original transaction data. 187 double value = 3 [(google.api.field_behavior) = OPTIONAL]; 188 189 // Optional. Timestamp when this transaction event occurred; otherwise assumed 190 // to be the time of the API call. 191 google.protobuf.Timestamp event_time = 4 192 [(google.api.field_behavior) = OPTIONAL]; 193} 194 195// The request message to annotate an Assessment. 196message AnnotateAssessmentRequest { 197 // Enum that represents the types of annotations. 198 enum Annotation { 199 // Default unspecified type. 200 ANNOTATION_UNSPECIFIED = 0; 201 202 // Provides information that the event turned out to be legitimate. 203 LEGITIMATE = 1; 204 205 // Provides information that the event turned out to be fraudulent. 206 FRAUDULENT = 2; 207 208 // Provides information that the event was related to a login event in which 209 // the user typed the correct password. Deprecated, prefer indicating 210 // CORRECT_PASSWORD through the reasons field instead. 211 PASSWORD_CORRECT = 3 [deprecated = true]; 212 213 // Provides information that the event was related to a login event in which 214 // the user typed the incorrect password. Deprecated, prefer indicating 215 // INCORRECT_PASSWORD through the reasons field instead. 216 PASSWORD_INCORRECT = 4 [deprecated = true]; 217 } 218 219 // Enum that represents potential reasons for annotating an assessment. 220 enum Reason { 221 // Default unspecified reason. 222 REASON_UNSPECIFIED = 0; 223 224 // Indicates that the transaction had a chargeback issued with no other 225 // details. When possible, specify the type by using CHARGEBACK_FRAUD or 226 // CHARGEBACK_DISPUTE instead. 227 CHARGEBACK = 1; 228 229 // Indicates that the transaction had a chargeback issued related to an 230 // alleged unauthorized transaction from the cardholder's perspective (for 231 // example, the card number was stolen). 232 CHARGEBACK_FRAUD = 8; 233 234 // Indicates that the transaction had a chargeback issued related to the 235 // cardholder having provided their card details but allegedly not being 236 // satisfied with the purchase (for example, misrepresentation, attempted 237 // cancellation). 238 CHARGEBACK_DISPUTE = 9; 239 240 // Indicates that the completed payment transaction was refunded by the 241 // seller. 242 REFUND = 10; 243 244 // Indicates that the completed payment transaction was determined to be 245 // fraudulent by the seller, and was cancelled and refunded as a result. 246 REFUND_FRAUD = 11; 247 248 // Indicates that the payment transaction was accepted, and the user was 249 // charged. 250 TRANSACTION_ACCEPTED = 12; 251 252 // Indicates that the payment transaction was declined, for example due to 253 // invalid card details. 254 TRANSACTION_DECLINED = 13; 255 256 // Indicates the transaction associated with the assessment is suspected of 257 // being fraudulent based on the payment method, billing details, shipping 258 // address or other transaction information. 259 PAYMENT_HEURISTICS = 2; 260 261 // Indicates that the user was served a 2FA challenge. An old assessment 262 // with `ENUM_VALUES.INITIATED_TWO_FACTOR` reason that has not been 263 // overwritten with `PASSED_TWO_FACTOR` is treated as an abandoned 2FA flow. 264 // This is equivalent to `FAILED_TWO_FACTOR`. 265 INITIATED_TWO_FACTOR = 7; 266 267 // Indicates that the user passed a 2FA challenge. 268 PASSED_TWO_FACTOR = 3; 269 270 // Indicates that the user failed a 2FA challenge. 271 FAILED_TWO_FACTOR = 4; 272 273 // Indicates the user provided the correct password. 274 CORRECT_PASSWORD = 5; 275 276 // Indicates the user provided an incorrect password. 277 INCORRECT_PASSWORD = 6; 278 279 // Indicates that the user sent unwanted and abusive messages to other users 280 // of the platform, such as spam, scams, phishing, or social engineering. 281 SOCIAL_SPAM = 14; 282 } 283 284 // Required. The resource name of the Assessment, in the format 285 // "projects/{project_number}/assessments/{assessment_id}". 286 string name = 1 [ 287 (google.api.field_behavior) = REQUIRED, 288 (google.api.resource_reference) = { 289 type: "recaptchaenterprise.googleapis.com/Assessment" 290 } 291 ]; 292 293 // Optional. The annotation that will be assigned to the Event. This field can 294 // be left empty to provide reasons that apply to an event without concluding 295 // whether the event is legitimate or fraudulent. 296 Annotation annotation = 2 [(google.api.field_behavior) = OPTIONAL]; 297 298 // Optional. Optional reasons for the annotation that will be assigned to the 299 // Event. 300 repeated Reason reasons = 3 [(google.api.field_behavior) = OPTIONAL]; 301 302 // Optional. Optional unique stable hashed user identifier to apply to the 303 // assessment. This is an alternative to setting the hashed_account_id in 304 // CreateAssessment, for example when the account identifier is not yet known 305 // in the initial request. It is recommended that the identifier is hashed 306 // using hmac-sha256 with stable secret. 307 bytes hashed_account_id = 4 [(google.api.field_behavior) = OPTIONAL]; 308 309 // Optional. If the assessment is part of a payment transaction, provide 310 // details on payment lifecycle events that occur in the transaction. 311 TransactionEvent transaction_event = 5 312 [(google.api.field_behavior) = OPTIONAL]; 313} 314 315// Empty response for AnnotateAssessment. 316message AnnotateAssessmentResponse {} 317 318// Password leak verification info. 319message PasswordLeakVerification { 320 // Optional. Scrypt hash of the username+password that the customer wants to 321 // verify against a known password leak. 322 bytes hashed_user_credentials = 1 [(google.api.field_behavior) = OPTIONAL]; 323 324 // Output only. Whether or not the user's credentials are present in a known 325 // leak. 326 bool credentials_leaked = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 327 328 // Optional. The username part of the user credentials for which we want to 329 // trigger a leak check in canonicalized form. This is the same data used to 330 // create the hashed_user_credentials on the customer side. 331 string canonicalized_username = 3 [(google.api.field_behavior) = OPTIONAL]; 332} 333 334// A reCAPTCHA Enterprise assessment resource. 335message Assessment { 336 option (google.api.resource) = { 337 type: "recaptchaenterprise.googleapis.com/Assessment" 338 pattern: "projects/{project}/assessments/{assessment}" 339 }; 340 341 // Reasons contributing to the risk analysis verdict. 342 enum ClassificationReason { 343 // Default unspecified type. 344 CLASSIFICATION_REASON_UNSPECIFIED = 0; 345 346 // Interactions matched the behavior of an automated agent. 347 AUTOMATION = 1; 348 349 // The event originated from an illegitimate environment. 350 UNEXPECTED_ENVIRONMENT = 2; 351 352 // Traffic volume from the event source is higher than normal. 353 TOO_MUCH_TRAFFIC = 3; 354 355 // Interactions with the site were significantly different than expected 356 // patterns. 357 UNEXPECTED_USAGE_PATTERNS = 4; 358 359 // Too little traffic has been received from this site thus far to generate 360 // quality risk analysis. 361 LOW_CONFIDENCE_SCORE = 5; 362 363 // The request matches behavioral characteristics of a carding attack. 364 SUSPECTED_CARDING = 6; 365 366 // The request matches behavioral characteristics of chargebacks for fraud. 367 SUSPECTED_CHARGEBACK = 7; 368 } 369 370 // Output only. The resource name for the Assessment in the format 371 // "projects/{project_number}/assessments/{assessment_id}". 372 string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 373 374 // The event being assessed. 375 Event event = 2; 376 377 // Output only. Legitimate event score from 0.0 to 1.0. 378 // (1.0 means very likely legitimate traffic while 0.0 means very likely 379 // non-legitimate traffic). 380 float score = 3 [(google.api.field_behavior) = OUTPUT_ONLY]; 381 382 // Output only. Properties of the provided event token. 383 TokenProperties token_properties = 4 384 [(google.api.field_behavior) = OUTPUT_ONLY]; 385 386 // Output only. Reasons contributing to the risk analysis verdict. 387 repeated ClassificationReason reasons = 5 388 [(google.api.field_behavior) = OUTPUT_ONLY]; 389 390 // Information about the user's credentials used to check for leaks. 391 // This feature is part of the Early Access Program (EAP). Exercise caution, 392 // and do not deploy integrations based on this feature in a production 393 // environment. 394 PasswordLeakVerification password_leak_verification = 7; 395 396 // Assessment returned by account defender when a hashed_account_id is 397 // provided. 398 AccountDefenderAssessment account_defender_assessment = 8; 399 400 // Assessment returned by Fraud Prevention when TransactionData is provided. 401 FraudPreventionAssessment fraud_prevention_assessment = 11; 402} 403 404message Event { 405 // Optional. The user response token provided by the reCAPTCHA Enterprise 406 // client-side integration on your site. 407 string token = 1 [(google.api.field_behavior) = OPTIONAL]; 408 409 // Optional. The site key that was used to invoke reCAPTCHA Enterprise on your 410 // site and generate the token. 411 string site_key = 2 [(google.api.field_behavior) = OPTIONAL]; 412 413 // Optional. The user agent present in the request from the user's device 414 // related to this event. 415 string user_agent = 3 [(google.api.field_behavior) = OPTIONAL]; 416 417 // Optional. The IP address in the request from the user's device related to 418 // this event. 419 string user_ip_address = 4 [(google.api.field_behavior) = OPTIONAL]; 420 421 // Optional. The expected action for this type of event. This should be the 422 // same action provided at token generation time on client-side platforms 423 // already integrated with recaptcha enterprise. 424 string expected_action = 5 [(google.api.field_behavior) = OPTIONAL]; 425 426 // Optional. Unique stable hashed user identifier for the request. The 427 // identifier must be hashed using hmac-sha256 with stable secret. 428 bytes hashed_account_id = 6 [(google.api.field_behavior) = OPTIONAL]; 429 430 // Optional. Data describing a payment transaction to be assessed. Sending 431 // this data enables reCAPTCHA Enterprise Fraud Prevention and the 432 // FraudPreventionAssessment component in the response. 433 TransactionData transaction_data = 13 434 [(google.api.field_behavior) = OPTIONAL]; 435} 436 437// Transaction data associated with a payment protected by reCAPTCHA Enterprise. 438// All fields are optional. 439message TransactionData { 440 // Structured address format for billing and shipping addresses. 441 message Address { 442 // The recipient name, potentially including information such as "care of". 443 string recipient = 1; 444 445 // The first lines of the address. The first line generally contains the 446 // street name and number, and further lines may include information such as 447 // an apartment number. 448 repeated string address = 2; 449 450 // The town/city of the address. 451 string locality = 3; 452 453 // The state, province, or otherwise administrative area of the address. 454 string administrative_area = 4; 455 456 // The CLDR country/region of the address. 457 string region_code = 5; 458 459 // The postal or ZIP code of the address. 460 string postal_code = 6; 461 } 462 463 // Details about a user's account involved in the transaction. 464 message User { 465 // Unique account identifier for this user. If using account defender, 466 // this should match the hashed_account_id field. Otherwise, a unique and 467 // persistent identifier for this account. 468 string account_id = 6; 469 470 // The epoch milliseconds of the user's account creation. 471 int64 creation_ms = 1; 472 473 // The email address of the user. 474 string email = 2; 475 476 // Whether the email has been verified to be accessible by the user (OTP or 477 // similar). 478 bool email_verified = 3; 479 480 // The phone number of the user, with country code. 481 string phone_number = 4; 482 483 // Whether the phone number has been verified to be accessible by the user 484 // (OTP or similar). 485 bool phone_verified = 5; 486 } 487 488 // Line items being purchased in this transaction. 489 message Item { 490 // The full name of the item. 491 string name = 1; 492 493 // The value per item that the user is paying, in the transaction currency, 494 // after discounts. 495 double value = 2; 496 497 // The quantity of this item that is being purchased. 498 int64 quantity = 3; 499 500 // When a merchant is specified, its corresponding account_id. Necessary to 501 // populate marketplace-style transactions. 502 string merchant_account_id = 4; 503 } 504 505 // Details about the transaction from the gateway. 506 message GatewayInfo { 507 // Name of the gateway service (for example, stripe, square, paypal). 508 string name = 1; 509 510 // Gateway response code describing the state of the transaction. 511 string gateway_response_code = 2; 512 513 // AVS response code from the gateway 514 // (available only when reCAPTCHA Enterprise is called after authorization). 515 string avs_response_code = 3; 516 517 // CVV response code from the gateway 518 // (available only when reCAPTCHA Enterprise is called after authorization). 519 string cvv_response_code = 4; 520 } 521 522 // Unique identifier for the transaction. This custom identifier can be used 523 // to reference this transaction in the future, for example, labeling a refund 524 // or chargeback event. Two attempts at the same transaction should use the 525 // same transaction id. 526 optional string transaction_id = 11; 527 528 // The payment method for the transaction. The allowed values are: 529 // 530 // * credit-card 531 // * debit-card 532 // * gift-card 533 // * processor-{name} (If a third-party is used, for example, 534 // processor-paypal) 535 // * custom-{name} (If an alternative method is used, for example, 536 // custom-crypto) 537 string payment_method = 1; 538 539 // The Bank Identification Number - generally the first 6 or 8 digits of the 540 // card. 541 string card_bin = 2; 542 543 // The last four digits of the card. 544 string card_last_four = 3; 545 546 // The currency code in ISO-4217 format. 547 string currency_code = 4; 548 549 // The decimal value of the transaction in the specified currency. 550 double value = 5; 551 552 // The value of shipping in the specified currency. 0 for free or no shipping. 553 double shipping_value = 12; 554 555 // Destination address if this transaction involves shipping a physical item. 556 Address shipping_address = 6; 557 558 // Address associated with the payment method when applicable. 559 Address billing_address = 7; 560 561 // Information about the user paying/initiating the transaction. 562 User user = 8; 563 564 // Information about the user or users fulfilling the transaction. 565 repeated User merchants = 13; 566 567 // Items purchased in this transaction. 568 repeated Item items = 14; 569 570 // Information about the payment gateway's response to the transaction. 571 GatewayInfo gateway_info = 10; 572} 573 574message TokenProperties { 575 // Enum that represents the types of invalid token reasons. 576 enum InvalidReason { 577 // Default unspecified type. 578 INVALID_REASON_UNSPECIFIED = 0; 579 580 // If the failure reason was not accounted for. 581 UNKNOWN_INVALID_REASON = 1; 582 583 // The provided user verification token was malformed. 584 MALFORMED = 2; 585 586 // The user verification token had expired. 587 EXPIRED = 3; 588 589 // The user verification had already been seen. 590 DUPE = 4; 591 592 // The user verification token did not match the provided site key. 593 // This may be a configuration error (for example, development keys used in 594 // production) or end users trying to use verification tokens from other 595 // sites. 596 SITE_MISMATCH = 5 [deprecated = true]; 597 598 // The user verification token was not present. It is a required input. 599 MISSING = 6; 600 601 // A retriable error (such as network failure) occurred on the browser. 602 // Could easily be simulated by an attacker. 603 BROWSER_ERROR = 7; 604 } 605 606 // Whether the provided user response token is valid. When valid = false, the 607 // reason could be specified in invalid_reason or it could also be due to 608 // a user failing to solve a challenge or a sitekey mismatch (i.e the sitekey 609 // used to generate the token was different than the one specified in the 610 // assessment). 611 bool valid = 1; 612 613 // Reason associated with the response when valid = false. 614 InvalidReason invalid_reason = 2; 615 616 // The timestamp corresponding to the generation of the token. 617 google.protobuf.Timestamp create_time = 3; 618 619 // The hostname of the page on which the token was generated. 620 string hostname = 4; 621 622 // Action name provided at token generation. 623 string action = 5; 624} 625 626// Assessment for Fraud Prevention. 627message FraudPreventionAssessment { 628 // Information about stolen instrument fraud, where the user is not the 629 // legitimate owner of the instrument being used for the purchase. 630 message StolenInstrumentVerdict { 631 // Probability (0-1) of this transaction being executed with a stolen 632 // instrument. 633 float risk = 1; 634 } 635 636 // Information about card testing fraud, where an adversary is testing 637 // fraudulently obtained cards or brute forcing their details. 638 message CardTestingVerdict { 639 // Probability (0-1) of this transaction attempt being part of a card 640 // testing attack. 641 float risk = 1; 642 } 643 644 // Probability (0-1) of this transaction being fraudulent. Summarizes the 645 // combined risk of attack vectors below. 646 float transaction_risk = 1; 647 648 // Assessment of this transaction for risk of a stolen instrument. 649 StolenInstrumentVerdict stolen_instrument_verdict = 2; 650 651 // Assessment of this transaction for risk of being part of a card testing 652 // attack. 653 CardTestingVerdict card_testing_verdict = 3; 654} 655 656// Account defender risk assessment. 657message AccountDefenderAssessment { 658 // Labels returned by account defender for this request. 659 enum AccountDefenderLabel { 660 // Default unspecified type. 661 ACCOUNT_DEFENDER_LABEL_UNSPECIFIED = 0; 662 663 // The request matches a known good profile for the user. 664 PROFILE_MATCH = 1; 665 666 // The request is potentially a suspicious login event and should be further 667 // verified either via multi-factor authentication or another system. 668 SUSPICIOUS_LOGIN_ACTIVITY = 2; 669 670 // The request matched a profile that previously had suspicious account 671 // creation behavior. This could mean this is a fake account. 672 SUSPICIOUS_ACCOUNT_CREATION = 3; 673 674 // The account in the request has a high number of related accounts. It does 675 // not necessarily imply that the account is bad but could require 676 // investigating. 677 RELATED_ACCOUNTS_NUMBER_HIGH = 4; 678 } 679 680 // Labels for this request. 681 repeated AccountDefenderLabel labels = 1; 682} 683