Enterprise Fraud Detection · v2.0

Guard Every Survey Response.

The market research industry’s most advanced fraud detection platform. 15+ detection layers, real-time ML scoring, 95%+ accuracy, and less than 1% false positives.

Request a Demo See How It Works

95%+

ML Detection Accuracy

<1%

False Positive Rate

<200ms

Green Lane Response

10K+

Requests / min

15+

Detection Methods

Every respondent is screened at the entry point — clean ones pass, fraud is stopped before it touches your data.

Respondents

15 layers · <200ms

Your data

Clean respondents reach your datasetBots, VPNs, duplicates & AI answers blocked at the door14 fraudulent blocked today

01 · Intro

Multi-layer architecture

Fraud Has Nowhere Left to Hide

Eight simultaneous detection layers analyze 100+ risk factors per session — from hardware fingerprints to natural hand tremor physics.

Hardware Layer

Device fingerprinting via WebGL, canvas hash, CPU, screen, and memory. Detects VMs (VMware, VirtualBox, QEMU, Xen) and headless browsers with a +50 risk penalty each.

SHA-256 device IDs · Cross-browser tracking

Behavioral Layer

Mouse physics, keystroke dynamics, touch biometrics, and engagement analytics. Detects bots via velocity variance, tremor energy (5–12Hz), and movement entropy scoring.

12 behavioral features · Fitts’ Law analysis

Network Layer

IP intelligence via GeoLite2, ISP reputation scoring, VPN/proxy detection, datacenter blocking, and timezone mismatch analysis across 20+ cloud providers.

ASN lookup · Timezone delta scoring

Text Layer

ONNX neural model detects gibberish, AI-generated content, copy-paste behavior, and low-relevance responses via semantic and stylistic analysis.

AI content detection · Relevance scoring

Identity Layer

Email and phone reputation via hash-based lookup. Disposable email detection, phone carrier analysis, and digital footprint risk assessment — zero PII stored.

Hash-only · No PII

Pattern Layer

Redis-backed cross-device linking, duplicate detection within 24h, burst monitoring, and global Three Strikes reputation tracking across all agencies.

Cross-agency blacklist · Burst alerts

Security Layer

Invisible honeypot fields — immediate BLOCK on violation. Detects Selenium, Puppeteer, and Playwright via CDP checks, navigator.webdriver, and timing anomalies.

Honeypot → Instant BLOCK

ML Layer

Isolation Forest anomaly detection trained on your agency’s own traffic. Self-calibrates through Learning → Calibrating → Production. No labeled data ever needed.

Unsupervised · Continuously adapts

02 · Detection Layers

Real-time decision engine

Six Verdicts. Zero Ambiguity.

Every session receives a unified risk score (0–100) and one of six actionable verdicts — delivered in under 200ms for 80% of traffic.

Allow

Score 0–29

All checks passed. Zero friction for legitimate respondents.

Flag

Score 30–59

Suspicious patterns detected. Manual review recommended.

Challenge

Score 60–79

Additional verification required before proceeding.

Block

Score 80–89

High-risk respondent blocked from survey access.

Ghost

Score 90–100

Professional fraudster silently fed a decoy survey.

Review

Behavioral anomaly

Hardware passed but behavior warrants human review.

AllowFlagChallengeBlockGhost

030608090100

03 · Decision Engine

Deep signal analysis

Behavioral Science Meets Fraud Detection

Humans move, type, and touch in ways bots cannot replicate. SurveyGuard measures the precise physics of human interaction.

Mouse Physics Analysis

Velocity variance, acceleration jerk, curvature sum, sample entropy, and Fitts’ Law compliance. Detects teleportation, mechanical linearity (>0.95), and absence of 5–12Hz hand tremor energy.

Hardware Fingerprinting

Screen, CPU, WebGL renderer, canvas hash, device memory, and platform combined into a deterministic SHA-256 device ID. Stable across incognito, cookie clearing, and browser switches.

Keystroke Dynamics

Flight time variance, dwell time patterns, typing calibration for fast/slow/mobile users, and paste detection. Flags <5% timing variance and zero-backspace perfect entry as bot signals.

VM & Automation Detection

Identifies SwiftShader, VMware, VirtualBox, QEMU, and Xen via WebGL strings (+50 risk each). Detects Selenium, Puppeteer, and Playwright via API checks and headless signatures.

Touch Biometrics

Pressure variance, contact area analysis, and gesture patterns for mobile respondents. Spoofed touch events trigger an immediate BLOCK with +50 risk penalty.

IP & Geolocation Intelligence

GeoLite2-powered ASN, country, city, and timezone lookup. Blocks 20+ cloud/hosting providers and flags timezone mismatches >2 hours as VPN/proxy indicators.

Engagement Analytics

Tab visibility tracking, attention scoring, session duration, and time-to-first-interaction. Sessions under 10 seconds or with zero interaction receive +20–25 risk.

Text Quality Scoring

ONNX neural model flags gibberish (+30 risk), AI-generated content (+40–60 risk), and copy-paste patterns. Works client-side, server-side, or in hybrid mode.

04 · Behavioral Science

Exclusive technology

Ghost Protocol™

Professional fraudsters know when they’re blocked — so we don’t tell them. Ghost Protocol silently routes the most dangerous bad actors into a convincing decoy survey.

01 · Redirect

Silent Redirection

Risk scores 90–100 trigger a seamless redirect to a fake survey. The fraudster never learns they’ve been caught — eliminating retaliation, account switching, and repeat attempts.

02 · Collect

Intelligence Collection

While fraudsters “complete” the decoy, SurveyGuard collects additional device and behavioral signals to strengthen the global blacklist and improve future detection.

03 · Protect

Cross-Agency Protection

Ghost-flagged profiles feed into the global reputation system, instantly protecting every SurveyGuard client from the same professional fraud networks.

05 · Ghost Protocol

Machine learning

AI That Learns Your Traffic

Isolation Forest unsupervised learning — trained on your agency’s own normal traffic. No labeled data needed. Continuously adapts to new fraud tactics.

The model analyzes 12 behavioral and hardware features per session, mapping each to an anomaly score then a risk value of 0–100.

01Mouse linearity score
02Keystroke flight time avg.
03Typing relative variance
04Session duration
05Paste count
06Browser entropy
07Movement entropy
08Tremor energy (5–12Hz)
09Tremor score (0–1)
10Max acceleration
11Mean jerk
12Curvature sum

Isolation Forest Model

Unsupervised

LearningCalibratingProduction

Trains automatically on normal traffic patterns. Once calibrated, switches to full ML predictions — no manual intervention required. Handles high-dimensional features and continuously adapts to evolving fraud tactics.

Detection Accuracy95%+

False Positive Rate<1%

Avg. Processing Time<500ms

06 · AI Model

Network intelligence

Global Reputation & IP Defence

Cross-agency fraud tracking, datacenter blocking, and timezone-aware geolocation create a perimeter professional fraud farms cannot penetrate.

IP Intelligence

GeoLite2 city, ASN, and country lookup
Blocks 20+ cloud/hosting providers (AWS, GCP, Azure, DigitalOcean…)
VPN/proxy pattern matching on ISP name
Bad ISP → immediate BLOCK (+100 risk)
Datacenter IP → +50 risk penalty

Timezone Mismatch

Compares browser timezone vs. IP geolocation
>2h mismatch → +40 risk (likely VPN)
>6h mismatch → +60 risk (probable proxy)
>12h mismatch → +80 risk (near-certain fraud tool)
Configurable via environment variable paths

Three Strikes System

Cross-agency global fraud reputation database
Strike 1: Warning + elevated monitoring
Strike 2: Soft-blocked across all agencies
Strike 3: Permanent global blacklist entry
All tracking via hashes — zero PII in the system

07 · IP & Reputation

Speed & scale

Built for Enterprise Scale from Day One

Redis-backed caching, async processing, and dynamic friction routing ensure fraud detection never slows down legitimate respondents.

Green Lane

<200ms

80% of all traffic

Trusted respondents pass instantly. Zero friction, zero delay, zero compromise on data quality.

Yellow Lane

3–4s

Suspicious traffic

Proof-of-Work challenge adds compute cost for suspicious sessions. Humans pass with minor delay.

Red Lane

3–6s

High-risk traffic

Slider CAPTCHA for the highest-risk sessions. Most bots fail immediately; legitimate users pass in seconds.

10K+

Requests / min per agency

1,000+

Concurrent requests handled

90 days

Auto data retention & pruning

08 · Performance

Trust & compliance

Privacy-First by Architecture

SurveyGuard never stores PII. All analysis runs on SHA-256 hashes. GDPR right-to-erasure and ISO 20252 quality standards are built in from the start.

GDPR Compliant

ISO 20252

TLS 1.3 In Transit

AES-256 At Rest

Zero PII Storage

CSV Data Export

Right to Erasure

CORS Whitelisting

Data Minimization

Device IDs and email/phone data stored only as SHA-256 hashes — one-way and non-reversible. IP addresses are masked in logs. No personal information touches the database in plaintext.

Multi-Tenant Agency Isolation

Full RBAC with agency-level data separation. Each agency sees only their own data, thresholds, and analytics. Shared intelligence (blacklists) operates on hashes only — complete cross-tenant privacy.

09 · Compliance

Clean Data Starts Here.

Join market research agencies using SurveyGuard to protect data quality, reduce fraud costs, and deliver better insights.

Request a Demo Visit softsight.ai

From the blog

The case for catching fraud at the door

Field notes on how survey fraud actually works — and why post-hoc data cleaning is already too late.

All essays

Data Quality

Clean data is only useful if it gets to you efficiently.

Automate the full supplier coordination lifecycle, from RFQ through reconciliation.

Explore FieldworkOS