Device & Behavior Risk SDK

Modern Treasury's Risk SDK collects information about device and behavior, which can help reduce account creation and account takeover fraud. It can detect, for example, a large number of accounts created from the same device or IP address, logins from suspicious countries, presence of VPNs or device emulators, and users copying and pasting fields they typically type.

The Risk SDK is integrated into Modern Treasury's embeddable User Onboarding flow. If you have built your own experiences for user onboarding and payments, you can integrate the Risk SDK into your application frontend.


Creates a RiskDeviceBehaviorCheck object that will run device and behavior checks. runRiskDeviceBehaviorChecks takes a single options object which must have the following properties:

  • sessionKey (string) required
    A unique identifier for the session. We expect the sessionKey to be a server generated and short-lived (30 minutes expiration) key. You will pass the same ID from your backend when creating a KYC check or creating a Payment Order with Transaction Monitoring.
  • flow (string) required
    This is an identifier for the flow being monitored (e.g. merchant-onboarding, user-withdrawals, etc.). Passing in this parameter helps to detect irregularities in specific flows. The flow can also be used for writing rules and for analytics.
import {
} from "@modern-treasury/modern-treasury-js";

const options: RiskDeviceBehaviorCheckOptions = {
  sessionKey: "5195ac52-afb7-4425-bd8b-8234263f2139",
  flow: "merchant-onboarding",

const riskDeviceBehaviorCheck: RiskDeviceBehaviorCheck = modernTreasury.runRiskDeviceBehaviorChecks(
const options = {
  sessionKey: "5195ac52-afb7-4425-bd8b-8234263f2139",
  flow: "merchant-onboarding",

const riskDeviceBehaviorCheck = modernTreasury.runRiskDeviceBehaviorChecks(options);


You can call stopRiskDeviceBehaviorChecks to stop any device and behavior checks from running. It takes in no arguments.