View updates, release notes, and additional information about recent changes to ID+.
In December, Socure put in place a code freeze, to ensure stability and consistent operation through the always high-traffic Q4.
At the end of the month, we’re going to rotate the certificate for service.socure.com. This is a semi-annual maintenance task, and it only affects customers who pin their integrations to our certificate. Those of you who do should have been contacted by a TAM to confirm the new certificate number and chain. And if you’re pretty sure but not 100% sure, reach out and double check.
To minimize confusion, reason codes R187 and R188 relating to high intensity drug trafficking areas and high intensity financial crime areas (as defined by the DEA and FinCen, respectively) are now opt-in reason codes. Please contact your account manager if you’re interested in receiving them in your response.
Towards the end of January, we’re introducing new specificity around IP addresses. These codes will appear in the 600 range, and can apply to multiple modules:
Device Risk has introduced new reason codes to provide additional insight into the observed device type. Device Risk will also return a mobile device model, if available. The new codes are:
Also in Device Risk, we’ve added new reason codes for when Device Risk does not recognize a session ID, or is invalid. Previously, Device Risk would return a 400 error after receiving an invalid or unrecognizable ID. The codes are:
Customers who use the React JavaScript library will soon have access to a version of the Device Risk SDK that will integrate seamlessly into mobile apps that use it on both Android and iOS. A standalone version will be available soon. Customers will also have an option to use it together with Document Verification.
Over the past few months, we’ve worked with our customers to roll out our Document Verification v2 platform, which includes new reason codes, improved algorithms, and self service configurations via Socure’s Admin Dashboard.
All of our DocV customers are now using v2, so we will begin deprecating our v1 environment. Certain reason codes will no longer be returned in production, and will be removed from the Reason Code API as of Feb 16, 2021.
Please note that all the tests associated with the soon-to-be-deprecated reason codes have been combined or translated into one of the existing/new reason codes.
I803: Document check digit integrity test passedI806: Document image is not in focusI807: Document image glare obscures the document detailsI835: Self-portrait contains one faceR803: Document check digit integrity test failedR805: Document submitted is a paper copyR806: Document image processed with editing softwareR807: Document image capture integrity failedR809: Document text has been modifiedR817: Document image has been alteredR821: Document text has been modifiedR828: Expiration date inconsistent with DOB and issue datesR829: Issue date inconsistent with DOB and expiration datesR830: DOB is not validR835: Self-portrait must contain one faceR846: Expired document is within expiration grace periodR847: Document is going to expire out of the set grace periodV806: Document image resolution is insufficientV818: Document image is not in focusV819: Document image glare obscures the document detailsV827: Document is within six months of expirationV836: Self-portrait was not considered in decisionIt’s not technically in December, but this is important, so we’re announcing it now. In January 2021, we’re going to rotate the certificate for service.socure.com. The good news is, this is a semi-annual maintenance task. The other good news is, it isn’t applicable to all customers—only those who pin integrations to our certificate. For those of you who do, you’ll need to add our new public certificate to your keystore, then validate it with a new fingerprint. However, it’s important to confirm whether this is applicable to your integration, so if you aren’t sure, start asking now.
Now, on to the the features scheduled for the upcoming release in December:
We’re excited to release the Prefill Module. Customers who invoke the Prefill module and pass four digits on an SSN, along with other information such as name, address and date of birth, will receive the first five digits of that SSN in the response. This is the first of many autofill scenarios that will improve overall end user experience. Check the link for information on how to use the Prefill module.
On the heels of last month’s iOS update, we’re planning to release an update to the Android SDK this month. Both are available in our GitHub repository. And if you have questions, or need access to our GitHub repositories, please reach out to your account manager.
The new capture interface we wrote about last month will be released in December. We’re excited to announce a new slate of features, including an improved capture experience for our DocV webSDK.
Support for native iOS and Android applications is coming to the Device Risk product by mid-December. At that point we will provide SDKs that can be used to collect device metadata from mobile apps and support risk lookups, expanding our coverage beyond the browser. We are introducing reason codes to indicate whether the device being used to access your service is real or virtual (I423: “Device is a physical device” and R403: “Device is a virtual device”).
Features scheduled for the upcoming release in November:
The Feedback Endpoint is scheduled for release on November 15. This endpoint provides an alternate method for customers to send feedback data, following the same authentication and security protocols as the ID+ API. Uses industry standard models published by the Federal Reserve Fraud Classification labels.
We’re adding a new node under the Decision Module that shows additional information. When users call the Decision module, the Details node will contain information such as codes and scores that influenced the decision. Reach out to your account manager to enable this feature.
We’re adding a new code (I930) to KYC for notable names. People in the public eye, such as celebrities, politicians, and high-profile individuals, are at a higher risk of identity fraud because of the public availability of PII. KYC will check identities against a list of notable personalities and alert you to any matches.
Watchlist will support passing userId and customerUserId in the request. These parameters will be returned in subsequent Watchlist Monitoring webhooks and snapshot endpoints. This gives customers another method to manage traceability among transactions, besides using the referenceId.
We’re updated our address pre-processing code to help standardize a number of uncommon address conventions that may cause issues with some customers.
We’re constantly improving both our reg-tech capabilities, and the features that make our solutions the best in the industry. This month, we’re releasing additional DOB filters for the KYC and Watchlist modules. In addition to the new filters released last month, the additional filters include:
These configuration options will be available on the Settings page of the Admin Dashboard.
We’re doing a significant amount of work on our image capture workflow. While these are primarily code and backend changes—you won’t see new features or options—you should see small, steady improvements in speed, capture accuracy, and overall experience this month. We's also released a minor improvement to the DocV Event manager, in which we notify customers when the capture app session is expired. This information is returned in the Event Manager Webhook response.
A new iOS SDK is now available through our developer portal and on GitHub. Look for a new Android SDK later this month. And if you have questions, or need access to our GitHub repositories, please reach out.
Finally, we’re working on a new and more intuitive WebSDK Capture interface. It won’t be ready this month, but it’s on our roadmap for December. We’re pretty excited, and can’t wait to share the improvements. Look for more information in the coming weeks.
Device Risk will accept a username passed alongside a Session ID and other parameters. This completes our support for common input data types collected on the login page (i.e. email address, phone number, and now username). This helps to correlate device and identity information.
Device Risk supports first-party cookies. Customers who set up their own domain to call our service benefit from employing first-party cookies to persist device session IDs, which are more likely to persist for return visits in modern browsers.
We’re going to expand support for Device Risk in Sandbox. Customers will be able to utilize our Sandbox to send Device Risk requests and receive responses with reason codes I401 (“Device token previously encountered”) and I414 (“Session connected using a proxy”). See the Sandbox User Guide for instructions on how to trigger these scenarios.
As we refine our Device Risk module, we’re adding new reason codes that provide additional user insight. These codes will specify the device category, type, and model.
Features scheduled for the upcoming release in October:
Socure’s new Synthetic Fraud module is a powerhouse of predictive features that help customers stop synthetic fraud. See the DevHub page for technical details or contact your account manager for more information.
Both Global Watchlist and KYC customers will receive new DOB fuzziness tolerance match settings. When matching DOB, customers select one of four options (e.g. “Exact YYYY”). The new release will bring the total number of match options to nine, adding additional choices such as 1 Year Radius, 2 Digit Transposition YYYY/MM, 2 Digit Transposition YYYY. The release will not change your existing defaults.
KYC will have the ability (with particular contractual requirements in place) to verify active duty military and dependents. Submit a KYC request, and the module will return the reason code R975: MLA covered borrower status to indicate status. Contact your Account Manager to learn how to take advantage of this new service.
KYC will return a new reason code if the SSN/ITIN provided contains only four digits. Reason code I905: SSN/ITIN provided at input contained only 4 digits provides extra awareness, in case you do not have front end validation for nine digits, but expect a match on the full nine.
In Global Watchlist, we're added a new response parameter that explains how names you submit match the names on the watchlist. The matchType field in your Watchlist response will explain how the names match (e.g. nameExact, akaPhonetic). Look for the new fields in the comments object of the response.
Two new Global Watchlist reason codes will show if the address is in a High-Intensity Drug Trafficking Area (HIDTA) or an or High Intensity Financial Crime Area (HIFCA) county:
R187: Address resolves to a High-Intensity Drug Trafficking AreaR188: Address resolves to a High-Intensity Financial Crime AreaSocure’s Event Manager monitors names and proactively pushes out Add, Change, and Delete events for the Global Watchlist. Sandbox will now support Event Manager, enabling users to receive notifications from the test environment.
Lots of changes in Document Verification (we call it DocV). Also, make sure you check out the recently released section for more DocV updates.
DocV can now shift strategies on the fly, from lenient to strict, based on decision logic and risk threshold. Specific thresholds can trigger this strategy shift; see the WebSDK guides for configuration options.
DocV will return a new reason code when the user does not submit an image of the back of the license. The new code is I854: The back of the license was not passed; no barcode to extract information.
Document Verification is often a step-up authentication option, such as when KYC fails or the Fraud Score is high. Now, customers who use Document Verification can link the two transactions by passing the original referenceID as a parameter in the step-up transaction. This creates better traceability. See the Document Verification page in DevHub for more information.
Document Verification customers who use the WebSDK, and are part of Socure’s early access Device Risk Intelligence program, will receive additional Device Risk parameters in their API responses. If you are not part of the Device Risk Program but still use the WebSDK, the API behavior will not change. For more information, or to learn about our Device Risk Intelligence program, reach out to your account representative.
Device Risk is introducing two new parameters this month, one input and one in the response:
Users will export transaction history into a CSV file. We’re also offering configuration options for the exports. Contact Socure to enable this feature.
Users will select email as a notification method for Watchlist Notifications, instead of receiving the notifications via webhooks. Configure this option on the Event Manager Tab in the Admin Dashboard.
Here’s what we’ve recently released:
Document Verification customers who embed the WebSDK can now change colors and texts. Customizations will be accessible through the Dashboard Settings Customizations tab.
In the Document Verification Capture App, users can now change font size and button border radius. We’re continuing to release customizations accessible on the Settings > Customization tab on the Admin Dashboard.
WebSDK customers can disable SMS messages for mobile-to-mobile handoffs. Alternatively, users can use their existing SMS service to send a link.
Document Verification WebSDK customers can now generate a dynamic URL and redirect the end users when the verification process is complete.