Configuring Fraud Settings

Learn about Singular's built-in fraud detection and prevention methods and how to configure the behavior of each method.

To learn about user-defined rules and how to create them, see Configuring User-Defined Rules.


The core of the Singular Fraud Prevention Engine consists of two parts:

  1. Singular Protection Methods: These methods are built and refined by our fraud experts to protect against the most common types of fraud.
  2. User Defined Rules: Singular also supports the creation of custom rules to address each user's specific needs.

The Engine checks each end-user touchpoint (such as a click on an ad) against all of the Singular protection methods and any existing user-defined rules. If a touchpoint matches the definition included in a rule or method, the touchpoint is marked as whitelisted, rejected, or suspicious, according to the rule setting.

Whitelisted A touchpoint that is marked as whitelisted is considered valid and no other method or rule can marked it as rejected or suspicious.

If a touchpoint is rejected, Singular will not attribute an install to that touchpoint.

Suspicious Any touchpoint matching this rule/method is still considered valid for attribution but also marked as suspicious.

Note: The Engine marks a touchpoint based on the first rule that matches it, so the order of evaluation is important. Whitelisting rules are evaluated first to make sure any whitelisted touchpoint is not rejected. Then come rejection rules and finally suspicion rules.

Protection Methods

Singular has conducted extensive research into attribution fraud to detect and implement the most useful and actionable fraud prevention methods in the market.

One of the results of that research is the calculated effectiveness of each of the different methods in the market today:

Taken from Singular’s 2017 Fraud Index

Based on these results, we have chosen and tuned the most effective methods and have made them easily accessible in the UI. We fine-tuned the methods based on the collective information from Singular’s clients to achieve the best results while minimizing the false-positive rate.

The pre-defined methods Singular employs are:

Blacklisted IPs

The method is triggered when a touchpoint’s IP address matches a blacklisted IP range. Singular maintains a list of blacklisted IPs that updates continuously, the list contains IP addresses of:

  1. Cloud Service Providers and Data Centers
  2. Proxy and IP anonymization services
  3. TOR exit points
  4. High risk IPs: IPs thats have been spotted doing fraudulent or other abusive activity on the internet.


This method is triggered if an end-user moved at an impossible speed from the click location to the install location. For example: an end-user clicks an ad and two hours later there is an install event from 10,000 km away.


In many cases click spamming and click injections create an influx of clicks from the same source. The Hyper-Engagement method detects this influx and takes action to reject clicks coming from the same source.

Time-to-Install (TTI) Outliers

Click Injection attacks are performed by detecting an installation and firing a fake click. Since the click is fired as the app finished installing, it will often result in an abnormally short Time-to-Install (TTI).
This methods detects the cases of abnormally short TTIs.

iOS Install Receipt Validation

Apple provides a receipt for each app installed on an iOS device through iTunes. The receipt can be used to verify that the app has been installed by a real user on a real device.

Receipt verification is a multi step process:

  1. Making sure that a receipt exists.
  2. Verifying the authenticity of the receipt by checking Apple’s digital signature.
  3. Validating the receipt by matching the receipt’s details to the current installation (for example comparing the app’s longname).
  4. Ensuring that the receipt hasn’t been used for another install (so that fraudsters wouldn’t re-use the same receipt on multiple installations / devices).

Note: Singular preforms receipt validation only on devices with iOS 7.0 or higher and only when the app includes a Singular SDK of version 8.2 or higher.

Configuring the Protection Methods

To manage the Protection Methods used in your account, go to Fraud Prevention > Settings.


The Fraud Settings page displays all the methods along with their associated actions. The actions dictate what happens when the protection method is triggered. Change the action and save the settings to change the behavior of the Fraud Engine immediately.

The possible actions are:

  • Do Nothing: If this action is chosen, the method is disabled and will not affect the attribution decision or reporting.
  • Mark as Suspicious: The method flags touchpoints as suspicious but doesn’t affect attribution decision.
  • Reject: The method rejects touchpoints and prevents CPI and CPA billing postbacks.
Was this article helpful?
0 out of 0 found this helpful