Alarm Feedback¶
To further improve the accuracy of the fraud alarms, BankID Antifraud provides a service that enables alarm recipients to provide feedback on alarms either via a web interface or directly via an API.
Feedback URI¶
Each alarm payload includes a signed link that can be used to submit feedback for that specific notification:
{
...
"feedbackUri": "https://<bankid-antifraud-domain>/alarm-feedback/<signed_notification_reference>"
}
API feedback¶
The API accepts POST requests with application/x-www-form-urlencoded data with the following fields:
| Field Name | Description | Example | Required |
|---|---|---|---|
suspicion |
Classification of the alarm | VERIFIED_FRAUD, VERIFIED_NOT_FRAUD, SUSPECTED_FRAUD |
Yes |
details |
Textual description of the fraud case. This is manually reviewed by analysts and used to augment insight into general fraud trends. | "klarna phishing", "vishing from individual impersonating bank employee" |
No |
Response codes¶
| Code | Description |
|---|---|
200 |
OK, feedback received |
400 |
The suspicion parameter is likely missing |
401 |
The signed_notification_reference is malformed and cannot be verified |
403 |
The link has expired, or the link has been tampered with, causing a mismatch when verifying the signature |
Web UI feedback¶
You can also submit feedback via a web interface by opening the feedback URI in a browser.
If you include the suspicion field as a query parameter, you will see a landing page confirming that the feedback has been received:
https://<bankid-antifraud-domain>/alarm-feedback/<signed_notification_reference>?suspicion=VERIFIED_FRAUD
This page also presents the option of entering additional details.
Notes¶
Resubmission
Feedback can be safely resubmitted any number of times.
Link expiration
The feedback link has an expiration time, currently set to 30 days.