What’s coming

View updates, release notes, and additional information about recent changes to ID+.

1/15/2021

Release Notes for January 2021

The Code Freeze is Over

In December, Socure put in place a code freeze, to ensure stability and consistent operation through the always high-traffic Q4.

New Certificate in January

At the end of the month, we’re going to rotate the certificate for service.socure.com. This is a semi-annual maintenance task, and it only affects customers who pin their integrations to our certificate. Those of you who do should have been contacted by a TAM to confirm the new certificate number and chain. And if you’re pretty sure but not 100% sure, reach out and double check.

HIDTA and HIFCA Reason Codes

To minimize confusion, reason codes R187 and R188 relating to high intensity drug trafficking areas and high intensity financial crime areas (as defined by the DEA and FinCen, respectively) are now opt-in reason codes. Please contact your account manager if you’re interested in receiving them in your response.

New IP Address Reason Codes

Towards the end of January, we’re introducing new specificity around IP addresses. These codes will appear in the 600 range, and can apply to multiple modules:

  • R638: IP address originates from the US or US territories
  • R639: IP address originates from outside of the US or US territories
  • R640: IP address originates from an OFAC sanctioned country
  • I631: IP address is provided by a mobile carrier
  • I632: IP Connection is consumer
  • I633: IP Connection is business
  • I634: Proxy is an educational institution
  • I635: Proxy is registered to a corporation
  • R641: Proxy is from services that change location to beat DRM,TOR points, temporary proxies and other masking services
  • R642: IP address is associated with a cloud hosting provider and is likely a proxy. Users are not usually located in a hosting facility
  • R643: IP address is associated with a location allowing public internet access
  • R644: IP proxy is cloud-based
  • R646: IP proxy is VPN-based
  • R647: IP proxy is cloud-security-based

Device Risk Reason Codes

Device Risk has introduced new reason codes to provide additional insight into the observed device type. Device Risk will also return a mobile device model, if available. The new codes are:

  • I424: The device type is a desktop or laptop computer
  • I425: The device type is mobile, tablet, or wearable

Also in Device Risk, we’ve added new reason codes for when Device Risk does not recognize a session ID, or is invalid. Previously, Device Risk would return a 400 error after receiving an invalid or unrecognizable ID. The codes are:

  • R401: Device token was not previously encountered
  • R402: Invalid device token

New Device Risk React SDKs

Customers who use the React JavaScript library will soon have access to a version of the Device Risk SDK that will integrate seamlessly into mobile apps that use it on both Android and iOS. A standalone version will be available soon. Customers will also have an option to use it together with Document Verification.

Reason Code Clean Up For Document Verification

Over the past few months, we’ve worked with our customers to roll out our Document Verification v2 platform, which includes new reason codes, improved algorithms, and self service configurations via Socure’s Admin Dashboard.

All of our DocV customers are now using v2, so we will begin deprecating our v1 environment. Certain reason codes will no longer be returned in production, and will be removed from the Reason Code API as of Feb 16, 2021.

Please note that all the tests associated with the soon-to-be-deprecated reason codes have been combined or translated into one of the existing/new reason codes.

  • I803: Document check digit integrity test passed
  • I806: Document image is not in focus
  • I807: Document image glare obscures the document details
  • I835: Self-portrait contains one face
  • R803: Document check digit integrity test failed
  • R805: Document submitted is a paper copy
  • R806: Document image processed with editing software
  • R807: Document image capture integrity failed
  • R809: Document text has been modified
  • R817: Document image has been altered
  • R821: Document text has been modified
  • R828: Expiration date inconsistent with DOB and issue dates
  • R829: Issue date inconsistent with DOB and expiration dates
  • R830: DOB is not valid
  • R835: Self-portrait must contain one face
  • R846: Expired document is within expiration grace period
  • R847: Document is going to expire out of the set grace period
  • V806: Document image resolution is insufficient
  • V818: Document image is not in focus
  • V819: Document image glare obscures the document details
  • V827: Document is within six months of expiration
  • V836: Self-portrait was not considered in decision

Release Notes for December 2020

New Certificate in January

It’s not technically in December, but this is important, so we’re announcing it now. In January 2021, we’re going to rotate the certificate for service.socure.com. The good news is, this is a semi-annual maintenance task. The other good news is, it isn’t applicable to all customers—only those who pin integrations to our certificate. For those of you who do, you’ll need to add our new public certificate to your keystore, then validate it with a new fingerprint. However, it’s important to confirm whether this is applicable to your integration, so if you aren’t sure, start asking now.

Now, on to the the features scheduled for the upcoming release in December:

SSN Prefill Module

We’re excited to release the Prefill Module. Customers who invoke the Prefill module and pass four digits on an SSN, along with other information such as name, address and date of birth, will receive the first five digits of that SSN in the response. This is the first of many autofill scenarios that will improve overall end user experience. Check the link for information on how to use the Prefill module.

iOS and Android SDK Updates

On the heels of last month’s iOS update, we’re planning to release an update to the Android SDK this month. Both are available in our GitHub repository. And if you have questions, or need access to our GitHub repositories, please reach out to your account manager.

New Capture Interface for December

The new capture interface we wrote about last month will be released in December. We’re excited to announce a new slate of features, including an improved capture experience for our DocV webSDK.

Native SDK and Reason Codes

Support for native iOS and Android applications is coming to the Device Risk product by mid-December. At that point we will provide SDKs that can be used to collect device metadata from mobile apps and support risk lookups, expanding our coverage beyond the browser. We are introducing reason codes to indicate whether the device being used to access your service is real or virtual (I423: “Device is a physical device” and R403: “Device is a virtual device”).


November 2020 at Socure

Features scheduled for the upcoming release in November:

New Feedback Endpoint Coming In November

The Feedback Endpoint is scheduled for release on November 15. This endpoint provides an alternate method for customers to send feedback data, following the same authentication and security protocols as the ID+ API. Uses industry standard models published by the Federal Reserve Fraud Classification labels.

ID Plus General Updates

Decision Logic Details Parameter

We’re adding a new node under the Decision Module that shows additional information. When users call the Decision module, the Details node will contain information such as codes and scores that influenced the decision. Reach out to your account manager to enable this feature.

New Reason Code for High-Profile Personalities

We’re adding a new code (I930) to KYC for notable names. People in the public eye, such as celebrities, politicians, and high-profile individuals, are at a higher risk of identity fraud because of the public availability of PII. KYC will check identities against a list of notable personalities and alert you to any matches.

New Parameters in Watchlist Webhooks

Watchlist will support passing userId and customerUserId in the request. These parameters will be returned in subsequent Watchlist Monitoring webhooks and snapshot endpoints. This gives customers another method to manage traceability among transactions, besides using the referenceId.

Address Pre-Processing Improvements

We’re updated our address pre-processing code to help standardize a number of uncommon address conventions that may cause issues with some customers.

Additional KYC and Watchlist DOB Filters

We’re constantly improving both our reg-tech capabilities, and the features that make our solutions the best in the industry. This month, we’re releasing additional DOB filters for the KYC and Watchlist modules. In addition to the new filters released last month, the additional filters include:

  • One Year Radius YYYY: match up to one year from the year submitted
  • One Year Radius YYYY/MM: match up to 12 months +/- from the YYYY/MM submitted
  • One Year Radius YYYY/MM/DD: match up to 365 days from the YYYY/MM/DD submitted
  • Two Digit Transposition Match: match if two digits are transposed. For example, 1978 will match 1987, but not 1897.

These configuration options will be available on the Settings page of the Admin Dashboard.

Document Verification

We’re doing a significant amount of work on our image capture workflow. While these are primarily code and backend changes—you won’t see new features or options—you should see small, steady improvements in speed, capture accuracy, and overall experience this month. We's also released a minor improvement to the DocV Event manager, in which we notify customers when the capture app session is expired. This information is returned in the Event Manager Webhook response.

New iOS SDK, Android SDK Coming Soon

A new iOS SDK is now available through our developer portal and on GitHub. Look for a new Android SDK later this month. And if you have questions, or need access to our GitHub repositories, please reach out.

New Capture Interface for December

Finally, we’re working on a new and more intuitive WebSDK Capture interface. It won’t be ready this month, but it’s on our roadmap for December. We’re pretty excited, and can’t wait to share the improvements. Look for more information in the coming weeks.

Device Risk

Username Parameter for Device Risk

Device Risk will accept a username passed alongside a Session ID and other parameters. This completes our support for common input data types collected on the login page (i.e. email address, phone number, and now username). This helps to correlate device and identity information.

First Party Cookie Support

Device Risk supports first-party cookies. Customers who set up their own domain to call our service benefit from employing first-party cookies to persist device session IDs, which are more likely to persist for return visits in modern browsers.

Device Risk Support in Sandbox

We’re going to expand support for Device Risk in Sandbox. Customers will be able to utilize our Sandbox to send Device Risk requests and receive responses with reason codes I401 (“Device token previously encountered”) and I414 (“Session connected using a proxy”). See the Sandbox User Guide for instructions on how to trigger these scenarios.

New Reason Codes and Signals for Devices

As we refine our Device Risk module, we’re adding new reason codes that provide additional user insight. These codes will specify the device category, type, and model.


October 2020 Release Notes

Features scheduled for the upcoming release in October:

ID+ Introduces a New Synthetic Fraud Module

Socure’s new Synthetic Fraud module is a powerhouse of predictive features that help customers stop synthetic fraud. See the DevHub page for technical details or contact your account manager for more information.

Global Watchlist and KYC

Additional DOB Tolerances for Global Watchlist and KYC Settings

Both Global Watchlist and KYC customers will receive new DOB fuzziness tolerance match settings. When matching DOB, customers select one of four options (e.g. “Exact YYYY”). The new release will bring the total number of match options to nine, adding additional choices such as 1 Year Radius, 2 Digit Transposition YYYY/MM, 2 Digit Transposition YYYY. The release will not change your existing defaults.

Military Lending Act

KYC will have the ability (with particular contractual requirements in place) to verify active duty military and dependents. Submit a KYC request, and the module will return the reason code R975: MLA covered borrower status to indicate status. Contact your Account Manager to learn how to take advantage of this new service.

Four-Digit SSN Reason Code in KYC

KYC will return a new reason code if the SSN/ITIN provided contains only four digits. Reason code I905: SSN/ITIN provided at input contained only 4 digits provides extra awareness, in case you do not have front end validation for nine digits, but expect a match on the full nine.

Name and AKAs added to the Global Watchlist Response

In Global Watchlist, we're added a new response parameter that explains how names you submit match the names on the watchlist. The matchType field in your Watchlist response will explain how the names match (e.g. nameExact, akaPhonetic). Look for the new fields in the comments object of the response.

New Reason Codes for Global Watchlist

Two new Global Watchlist reason codes will show if the address is in a High-Intensity Drug Trafficking Area (HIDTA) or an or High Intensity Financial Crime Area (HIFCA) county:

  • R187: Address resolves to a High-Intensity Drug Trafficking Area
  • R188: Address resolves to a High-Intensity Financial Crime Area

Sandbox Support for the Event Manager

Socure’s Event Manager monitors names and proactively pushes out Add, Change, and Delete events for the Global Watchlist. Sandbox will now support Event Manager, enabling users to receive notifications from the test environment.

Document Verification Updates

Lots of changes in Document Verification (we call it DocV). Also, make sure you check out the recently released section for more DocV updates.

Decision Logic-Based Dynamic Strategy Changes

DocV can now shift strategies on the fly, from lenient to strict, based on decision logic and risk threshold. Specific thresholds can trigger this strategy shift; see the WebSDK guides for configuration options.

New Reason Code and Description Changes

DocV will return a new reason code when the user does not submit an image of the back of the license. The new code is I854: The back of the license was not passed; no barcode to extract information.

Document Verification Step-Up Transaction ReferenceID

Document Verification is often a step-up authentication option, such as when KYC fails or the Fraud Score is high. Now, customers who use Document Verification can link the two transactions by passing the original referenceID as a parameter in the step-up transaction. This creates better traceability. See the Document Verification page in DevHub for more information.

Device Risk

New Early Access Program Support: Device Risk integration with Doc Verification WebSDK

Document Verification customers who use the WebSDK, and are part of Socure’s early access Device Risk Intelligence program, will receive additional Device Risk parameters in their API responses. If you are not part of the Device Risk Program but still use the WebSDK, the API behavior will not change. For more information, or to learn about our Device Risk Intelligence program, reach out to your account representative.

Input and Response Parameters for Device Risks

Device Risk is introducing two new parameters this month, one input and one in the response:

  • Device Risk will accept a new input parameter that specifies the type of page where the Device Risk JavaScript page is located (login page, landing page, etc.). This optional parameter helps our engine understand where a customer is in the account workflow.
  • In the response, Device Risk will return a reason code that indicates the IP Geolocation of the device.

Admin Dashboard

Dashboard Transaction History Export

Users will export transaction history into a CSV file. We’re also offering configuration options for the exports. Contact Socure to enable this feature.

Socure Dashboard and Watchlist Monitoring Email Option

Users will select email as a notification method for Watchlist Notifications, instead of receiving the notifications via webhooks. Configure this option on the Event Manager Tab in the Admin Dashboard.

Recent Releases

Here’s what we’ve recently released:

WebSDK Plugin Customization Options

Document Verification customers who embed the WebSDK can now change colors and texts. Customizations will be accessible through the Dashboard Settings Customizations tab.

Capture Application Customization

In the Document Verification Capture App, users can now change font size and button border radius. We’re continuing to release customizations accessible on the Settings > Customization tab on the Admin Dashboard.

SMS Updates for WebSDK

WebSDK customers can disable SMS messages for mobile-to-mobile handoffs. Alternatively, users can use their existing SMS service to send a link.

Dynamic Redirect URL

Document Verification WebSDK customers can now generate a dynamic URL and redirect the end users when the verification process is complete.