All Vendors
fraud_detection

Verisoul

Verisoul operates fraud detection infrastructure while deploying defeat devices, session recording, consent bypass, fingerprinting, and persistence mechanisms across customer authentication flows. The platform positions itself as security solution while enabling comprehensive visitor surveillance that extends beyond stated fraud prevention functionality.

21 IOCs15 detections100% pre-consent14 sites
80
Vendor Risk Score

How This Briefing Works

This report opens with key findings, then maps the gaps between what Verisoul discloses and what BLACKOUT observed at runtime. From there: what it means for your organization, what to do about it, and the detection data and evidence underneath.

Key Findings

Key Findings

15 detections across 14 sites100% pre-consent activity
CRITICAL

Pre-Consent Activity

Verisoul was observed loading and executing before user consent was obtained on 100% of sites where it was detected.

GDPRePrivacy
Disclosure Gaps

Claims vs. Observed Behavior

1 gaps

pending

UNKNOWN
They Claim

Requires claims extraction via CDT

Observed Behavior

Defeat device, session recording, consent bypass, fingerprinting, and persistence detected in runtime

Customer Impact

What This Means For You

Marketing teams lose conversion attribution when security challenges filter behavioral signals. Analytics teams face measurement distortion from fraud detection layer interference. Legal teams inherit maximum liability exposure when security infrastructure deploys consent bypass. Revenue operations teams subsidize competitor intelligence through shared fraud platform observing authentication strategies.
Recommended Actions

What To Do About It

Role-specific actions based on observed behavior

If You Use Verisoul

  • Audit defeat device deployment within fraud detection infrastructure
  • Review session recording retention for authentication workflows
  • Verify fingerprinting scope does not exceed fraud prevention requirements
  • Require consent collection before Verisoul surveillance initialization

If You're Evaluating Verisoul

  • Fraud detection solutions without embedded visitor surveillance
  • Privacy-respecting authentication platforms limiting fingerprinting scope
  • Self-hosted security workflows eliminating cross-customer intelligence leakage

Negotiation Leverage

  • Challenge defeat device mechanisms within security infrastructure
  • Require disclosure of all surveillance capabilities beyond fraud detection
  • Demand opt-out from cross-customer fraud pattern analysis
  • Request data processing agreement amendments addressing visitor tracking through security layer
  • Negotiate liability indemnification for consent violations by fraud detection platform
Runtime Detections

Runtime Detections

5 BTI-C CODES

BLACKOUT observed this vendor's JavaScript executing in a live browser and classified each hostile behavior using our BTI-C (Behavioral Threat Intelligence — Capability) taxonomy. These are not theoretical risks — each code below was triggered by something we watched this vendor's code actually do.

BTI-C01Defeat Device

Evasion infrastructure, auditor bypass

Impact: Detection evasion mechanisms obscure surveillance deployment within fraud detection infrastructure.

BTI-C07Session Recording

Full session replay

Impact: Authentication sessions captured in full fidelity, exposing how visitors navigate security challenges and revealing fraud detection trigger patterns.

BTI-C09Consent Bypass

Ignoring CMP signals

Impact: Tracking mechanisms active within security layer before visitor consent collection completes.

BTI-C10Fingerprinting

Device identification

Impact: Comprehensive device characteristics harvested for fraud detection persistence across sessions.

BTI-C13Persistence Mechanisms

Long-lived identifiers

Impact: Long-lived tracking identifiers maintain fraud detection continuity beyond reasonable authentication timeframes.

IOC Manifest

IOC Manifest

21 INDICATORS

Indicators of compromise across 4 categories. Use for detection rules, CSP policies, or Pi-hole blocklists.

TRACK
*js.verisoul.ai/prod/google_tag_manager.js*
Tracking script
TRACK
*js.verisoul.ai/prod/bundle.js*
Tracking script
TRACK
verisoul.ai
Tracking script
TRACK
js.verisoul.ai/prod/bundle.js
Auto-extracted from scan
TRACK
js.verisoul.ai/prod/google_tag_manager.js
Auto-extracted from scan
Ecosystem

Ecosystem & Supply Chain

Verisoul embeds within customer authentication flows, creates measurement interference through security layer positioning, and establishes cross-customer monitoring channels observing fraud detection strategies and authentication friction patterns.
Loads (2)
Factors AiLinkedin
Evidence

Evidence Artifacts

Artifacts collected during analysis, available with evidence-tier access.

HAR Capture

Complete network capture with all requests and responses

IOC Manifest

21 detection signatures across scripts, domains, cookies, and network endpoints

Vendor Details