This FAQ provides technical and processing information about Greenhouse's features, Fraud Detection and Spam Blocklist, to support your evaluation the features.
None of this is intended to be legal advice, neither are any of the answers provided intended to override or contradict the advice of your legal counsel.
Overview
What is the Real Talent Fraud Detection feature?
Fraud Detection provides automated risk assessment on incoming applications using device and contact signals (e.g., IP address, user agent, email/phone traits) to surface potential anonymization, impersonation, or suspicious activity as "fraud risk," complete with supporting signal details. Results are shown in Greenhouse and can be acted upon by recruiters with the appropriate permissions.
For a more detailed walkthrough of the feature from a user experience standpoint, please refer to our Fraud detection support site article.
What is the spam and IP blocklist feature?
Spam and IP blocklist provides an organization-managed blocklist that can automatically reject applications from user-specified email domains, email addresses, and/or IP addresses at intake. This can be used to block common spam trends at scale and enables your Security team to provide proactive detection against fraud based on their own collected and managed signals.
Are the Fraud Detection or Anti-Spam Blocklist features AI-powered?
No, these features do not use generative AI to reject applicants as potential fraud or spam. Fraud Detection uses distinct signals returned by a third-party provider based on the personal data submitted in the job application.
The Anti-Spam Blocklists are specific IPs and email domains defined and managed by your organization to automate the rejection of applications. The feature does not utilize Generative AI.
Does the Fraud Detection feature make automated rejection decisions?
No, the Fraud Detection feature provides a fraud report to employers. Greenhouse maintains three categories of signals that are included in fraud checks:
- High-risk fraud signals: Signals strongly associated with fraud, such as an IP address linked to a data center rather than a residential location. Strong signals provide a visual warning indicator to the recruiter that a high-risk signal was flagged. Greenhouse provides an option to filter out high-risk candidates within search and the Talent Matching interface.
-
Weak fraud signals: Signals with low or contextual correlation to fraud that may require review, such as a mismatch between device time zone and reported location. These signals could be helpful in the fraud detection process when used in combination with other flags (e.g., multiple low-risk signals, suspicious LinkedIn, interview red flags, ID verification failures).
-
Signals verifying the candidate’s identity: Indicators that suggest the candidate is authentic and human, such as an email address older than one year.
The full fraud report also includes a Digital profile using enrichment data provided by IPQS, a Greenhouse subprocessor, to provide additional context when reviewing the fraud signals.
When does fraud detection run in the application flow?
Spam and IP blocklists (org-level) run before fraud checks. If an application is rejected as spam, a fraud report is not run. Fraud detection runs after other application hygiene steps (e.g., auto-reject rules, automerge, application limits)
Are Fraud Detection checks run on historical job applications?
Fraud Detection reports are not automatically run on previous job applications prior to enabling Fraud Detection on a job.
Manually running fraud detection can be initiated for enabled jobs within the Greenhouse application or in bulk from the Talent Matching user interface. Since IP-based risk signals are time‑sensitive and may be less reliable the older they are, we may display a warning when running fraud detection for older job applications
Where can I get a list of Fraud Detection signals that Greenhouse provides?
A dictionary of available Fraud signals is published in our Trust Portal.
Does the Fraud Detection feature perform background checks?
No. Fraud Detection uses device and contact information with our fraud partner; it does not query criminal records or credit bureaus, and is not a background check product.
Data collection and storage
What applicant data is used to calculate Fraud Detection signals?
To power our fraud signals, we utilize the applicant’s device information (e.g., IP address, browser information), email address, and phone number to determine fraud signals.
Do you use a third party service to power your fraud signals?
Yes, we partner with IPQualityScore (IPQS) to provide fraud signals as well as data enrichment (e.g., IP Geolocation, IP organization, IP connection types, email/domain age, phone number type, and carrier information). The data enrichment is used to power Greenhouse-specific fraud indicators and supporting information to your organization's recruiting and security teams. The signals (including the data enrichment) become part of the customer-controlled application profile and can be managed (including deletion) by the customer (i.e., the data controller).
Does IPQualityScore (IPQS) store our data?
IPQS is a Greenhouse subprocessor as they need to process the device information, email address, and phone number we provide to collect the fraud signals and data enrichment.
Our agreement with IPQS ensures that data is processed in memory and returns results to Greenhouse. They do not store candidate data or use it to power their overall fraud network. Fraud signal data is only stored on Greenhouse databases and abides by the same security controls as the rest of our product.
Are Fraud Detection signals shared across customers?
No. Fraud Detection signals are specific to your organization. If a candidate is flagged as a high-risk fraudulent candidate or if they were rejected as a security concern by a recruiter, that information is not shared with other customers.
Where is the information displayed in the Greenhouse application?
Fraud Detection results and device information is displayed in-app on the candidate profile, Talent Matching, and application review pages for authorized users.
Does Greenhouse lookup LinkedIn profile information?
No, Greenhouse does not currently support automatically extracting LinkedIn profile information for candidates to use for Fraud Detection signals. However, companies utilizing LinkedIn RSC can access LinkedIn profile information via an iframe directly from Talent Matching or the candidate profile in Greenhouse to support manual investigations.
Candidate rights
How are candidate deletion requests handled for Fraud Detection signal data?
To delete Fraud Detection signal data stored by Greenhouse, customers must utilize the built-in data retention and deletion features. Fraud Detection signal data is available as an option on the ‘Data to be Deleted’ list.
Can a candidate get a copy of their Fraud Detection or device data?
Yes, customers can include the Real Talent fraud/device information in the Greenhouse candidate packet to provide relevant personal data.
Security and trust
Who can configure and view the Spam IP and domain blocklists?
Users with Site Admin permissions can configure the blocklists. All changes to the blocklist will be logged in the Greenhouse changelog and accessible via our Audit log add-on product.
Security teams can additionally utilize our Harvest API to manage blocklists using their own signals and automation systems.
Who can access the Fraud Detection signals in the Greenhouse application?
Access is controlled via dedicated permission stripes for Job Admins for both read access and running a fraud report.
How do Greenhouse and IPQS protect Fraud signal data?
Data is protected in transit using TLS 1.2+ and is protected at rest by both Greenhouse and IPQS. Greenhouse adheres to a strict data minimization policy and IPQS is configured for zero day data retention to only process but not store customer data.
Access to Greenhouse data is protected by safeguards such as multi-factor access controls that include device trust. Access to the console is very limited, requiring two levels of approval and quarterly access reviews. Staff members with access to this data must successfully complete a background check before being granted access to any customer data. Additionally, all staff members with customer data access must agree to our written zero-tolerance policy, which defines their responsibilities and the consequences (including, but not limited to, termination of employment) of abusing their access. Both Greenhouse and IPQS undergo annual SOC 2 Type 2 and ISO 27001 audits to validate that our organizational security controls are operating as expected.
Practical guidance
Can Fraud Detection be configured for specific locations or jobs?
Yes, organizations can configure Fraud Detection to be enabled for all offices and departments , or they can specify certain offices and departments to enable it.
What should we do if an IP address is missing?
Fraud Detection will run if the candidate has at least a phone number and email address, but we will surface that an IP address is missing; organizations using an Option 5 Job Board that are fully API-boarded will need to include IP in API requests to Greenhouse to improve accuracy.
Refer to the following API documentation for more details on how to pass the applicant’s IP address to Greenhouse.
What if we accidentally block a legitimate email/IP via the blocklists?
Site Admins can remove the entry from the blocklist and update candidates as needed using existing Greenhouse workflows to locate and reinstate mistakenly flagged applications.
How can I track the effectiveness of the feature?
Greenhouse will be providing customers with fraud signal data for their own reporting within Greenhouse Analytics once the feature is generally available.
Greenhouse recommends recruiters leverage in-app features to improve the quality of their reporting, such as:
- ‘Resolve signals’: Allows you to remove the fraud signals from a job application to track false positives or inaccuracies.
- ‘Security concern rejection’: Allows you to reject a candidate for fraud or spam after manual validation is completed.