General Alloy Workflow - Best Practices

Data Sources

Socure 30: Fraud / KYC Checks

Description of Provider

Socure’s ID+ service uses data points such as name, physical address, phone number, email address, IP address, and other information to confirm an identity belongs to the person entering it, and to what extent that identity poses any potential fraud risk. 

ID+ combines online and offline databases and then uses predictive data science to determine the authenticity of the information presented. ID+ performs a massive real-time search across 400+ data providers to find digital and offline presence indicators and behavioral information available about that identity.

ID+ then correlates and resolves data points from the search and associates them with the correct identity. Sophisticated machine learning models are applied against the returned intelligence to make predictions about whether the identity is real or not and the probability of intent to commit fraud.

Socure's ID+ API delivers comprehensive one-stop identity confirmation, meeting regulatory compliance requirements, and maximizing performance.

Dependent Tags

Address Warning, DOB Miskey, Email Warning, Fraud Risk, Fraud Warning, KYC Address Match, KYC DOB Match, KYC Name Match, KYC SSN Match, OFAC Match, SSN Miskey, SSN Warning

• Address Warning
  • Socure utilizes an Address Risk module which analyzes predictors such as single or multi-unit designation and suspended mail activity, in addition to suspicious activity by leveraging signals between IP address and physical address.
  • If any of the following reason codes return, the Address Warning tag will be triggered:
    • I911 - Primary input address is PO Box
    • R704 - Address is correctional facility
    • R707 - Address is commercial mail drop or general delivery
    • R720 - High risk address (This reason code relies heavily on IP Address data)
    • R932 - Entered address matches prison address
    • R972 - Primary input address is Commercial Mail Receiving Agency
• DOB Miskey
  • If the DOB supplied is +/- 1 year of the DOB found, this tag will return true.
  • Associated reason code:
    • R946: Entered date of birth possibly miskeyed
• Email Warning
  • The Email Risk Score provides a risk analysis of the email address based on various predictors, including account age, format, and domain. These factors can be used to determine whether an email address is disposable, auto-generated, or otherwise suspicious.
  • This tag will be triggered if Socure 30 Score: Email Risk is greater than or equal to 0.99.
•  Synthetic Fraud Warning
  • The Socure Sigma Synthetic fraud risk score is a value between 0.001 and 0.999 that predicts the probability that the combinations of PII provided at input correspond to a fictitious person. A higher score indicates a greater likelihood of synthetic fraud.
  • This tag will be triggered if Socure 30 Sigma Synthetic Fraud Score is greater than or equal to 0.9
• Fraud Risk
  • The ID+ Sigma Fraud Score is a number between 0 and 1 that helps predict the probability that the identity being presented is fraudulent. Larger scores indicate higher risk. Socure has developed industry-specific Sigma Fraud Score models. The threshold defined in the Fraud Risk tag corresponds to a “medium” risk threshold.
  • This tag will be triggered if Socure 30 Sigma Fraud Score is greater than or equal to 0.97 and less than 0.985
• Fraud Warning
  • Similar to Fraud Risk, we adjust the threshold in the Fraud Warning tag to signal an exceptionally high Sigma Fraud Score returned from Socure.
  • This tag will be triggered if Socure 30 Sigma Fraud Score is greater than or equal to 0.985
• KYC Address Match
  • Socure uses booleans [0.99(true) or 0.01(false)] to determine whether a match can be found between the profile submitted and the profile returned from its API. We determine an address to be matched by Socure if both the address line 1 and address zip code are matched
  • This tag will be set if Socure 30 KYC Validation: Street Address is True AND Socure 30 KYC Validation: Zip Code is True
• KYC DOB Match
  • This tag will be set if DOB is an exact match: Socure 30 KYC Validation - Date of Birth is True
• KYC Name Match
  • Socure verifies exact names fields (first and last), so if a nickname was supplied as the first name, the first name validation score would be 0.01 (false). For this reason, we consider a name to be verified if the last name is an exact match.
  • This tag will be set if Socure 30 KYC Validation: Surname is True
• KYC SSN Match
  • This tag will be set if the SSN was an exact match: Socure 30 KYC Validation: Social Security Number is True
• OFAC Match
  • Socure returns values describing the matches defined by Alloy. A confidence score of 75+ indicates either an exact name match and fuzzy DOB match or vice-versa must return true for the score to be a 75. Alloy returns the highest score possible.
  • This tag will be triggered if Socure 30 Watch List: OFAC Match is greater than or equal to 99
• SSN Miskey
  • If 2 digits are transposed (eg: 123456789 and 123456798), Socure determines the SSN to be a miskey.
  • Associated reason code:
    • R923: Entered SSN/TIN possibly miskeyed
• SSN Warning
  • This tag is triggered if Socure 30 returns at least one reason code contained in the “SSN Warning” reason code group.
  • These reason codes correlate to the fraud module and are used in generating the Sigma Fraud Score:
    • R907 - Entered SSN reported as deceased
    • R909 - Entered identity reported as deceased
    • R956 - Multiple SSNs reported with applicant

ID Analytics : Fraud

Description of Provider

ID Score is meant for fraud detection (First Party, Third Party, Synthetic, and Identity Manipulation) and identity verification. The model calculates an application’s fraud risk score and reason codes based on the information provided in the score request. The individual and combined personally identifiable information (“PII”) data elements asserted in the application are used to calculate a wide variety of predictive variables based on recent and historic transactions, confirmed frauds, and third-party data sources.

Dependent Tags

Address Warning, Fraud Risk, Fraud Warning, SSN Warning

• Address Warning
  • This tag will be triggered if ID Analytics ID Score returns at least one reason code contained in the “Address Warning” reason code group:
    • 153 - Address match to list of business or commercial addresses
    • 157 - Address match to list of prison addresses
    • 163 - Address match to list of Post Office or private Mail box facility
    • 498 - Address associated with confirmed fraud
    • 520 - Address associated with suspected or confirmed fraud
• Fraud Risk
  • ID Analytics uses a complex machine learning algorithm to generate scores. ID Score evaluates identity risk by comparing the asserted identity elements with identity information in the ID Network. The technology rank-orders identity patterns from 001 to 998. A higher score (e.g. 900) reflects a high level of identity risk, while a lower score (e.g. 100) reflects a low level of identity risk. ID Analytics works with its clients to identify the score level and associated threshold of risk at which an application for a product or service can be considered “safe”.
  • Based on recommendations received from IDA in addition to case studies performed by our data team, we’ve collectively determined the following thresholds indicate “medium” risk.
    • ID Analytics ID Score is greater than or equal to 700 and less than 850
    • The above thresholds will trigger this tag
• Fraud Warning
  • Similar logic to the above for Fraud Risk is applied
  • This threshold indicates “high” risk and will trigger this tag: ID Analytics ID Score is greater than or equal to 850
• SSN Warning
  • This tag will be triggered if ID Analytics ID Score returns at least one reason code contained in the “SSN Warning” reason code group:
    • 232 - SSN Reported as Deceased
    • 248 - SSN, Name and DOB reported as Deceased
    • 499 - Unusual number of SSNs associated with this identity
    • 614 - SSN associated with confirmed fraud

Iovation: Device Fraud

Description of Provider

Iovation detects device anomalies, bots, Tor networks or proxy servers, IP address distance from the application address, velocity on the device, and device risk.

Dependent Tags

Device Warning, Foreign Device

• Device Risk
  • This tag will be triggered if Iovation Score (Number) is in a range of -99 and -1 Iovation Device Not Provided is False
  • Device Not Provided: No blackbox is received, this could be due to direct action by the end-user or an issue with the integration. The absence of a device ID can be correlated to increased risk in many cases.
• Device Warning
  • This tag will be triggered if Iovation Score (Number) is less than or equal to -100 AND Iovation Device Not Provided is False
  • Device Not Provided: No blackbox is received, this could be due to direct action by the end-user or an issue with the integration. The absence of a device ID can be correlated to increased risk in many cases.
• Foreign Device
  • This tag will be triggered if Iovation IP Address: Out of Country List is True OR Iovation rules.non_US_IP is True
  • Out of Country List: IP Address detected in a sanctioned country. Specifically: Afghanistan, Nigeria, North Korea, Ghana, or Iran.
  • non_US_IP: IP Address returned from anywhere outside of the US.

Ekata: KYC

Description of Provider

Ekata provides real-time global identity data, proprietary network insights, and 21 years of sophisticated data science to power their APIs. They have APIs for data validation, data enrichment, and identity verification. As the global standard for identity verification, they apply pattern recognition, predictive analytics, and machine learning to the five key consumer data attributes of email, phone, name (person or business), physical address, and IP.

Dependent Tags

Email Warning, KYC Address Match

• Email Warning
  • This tag will be triggered if:
    • Ekata Primary Email Address: Is Autogenerated is True OR
    • Ekata Primary Email Address: Is Disposable is True
• KYC Address Match
  • This tag will be set if Ekata determines an address match if it has a record indicating the submitted name matches the submitted address. 
    • Ekata Address: Matched is True

Outcomes / Decision Criteria 

Customers who have applied will be automatically decisioned into one of three outcomes: 

• Approved
• Denied
• Manual Review

Below are the criteria, thresholds, and additional factors that define which of the three outcomes a customer is decisioned with.

Approved 

Customers who meet all KYC criteria and have no significant fraud flags

• Customers’ evaluations are approved if Fraud Review is not set AND Denied KYC is not set AND Denied Fraud is not set
• KYC criteria met:
  • Denied KYC is not set, which means all of the following criteria are true:
    • Name verified
    • Physical Address verified
    • Date of Birth verified
    • Social Security Number verified
    • OFAC Match is not set - no OFAC matches
• Fraud criteria met:
  • Denied Fraud is not set - no fraud flags as defined in the following “Denied” section
  • Fraud Review is not set - no fraud flags as defined in the following “Manual Review” section

Denied

Customers who are almost certainly fraudulent

• Customers’ evaluations are denied if Denied Fraud is set
• Denied Fraud can be set in 5 scenarios:
  1. Fraud Warning is set
     • Socure 30 Sigma Fraud Score is greater than or equal to 0.985 OR
     • ID Analytics ID Score ID Score if greater than or equal to 850
  2. Device Warning (iovation) is set
     • Iovation SureScore is less than 0 AND 
     • Iovation Device Not Provided is False
  3. Synthetic Fraud Warning is set
     • Socure 30 Sigma Synthetic Fraud Score is greater than or equal to 0.9
  4. Address Warning is set AND Fraud Risk are set
     • Address Warning: ID Analytics ID Score returns at least one reason code contained in the “Address Warning” reason code group OR Socure 30 returns at least one reason code contained in the “Address Warning” reason code group
     • Fraud Risk: ID Analytics ID Score is greater than or equal to 700 and less than 850 OR Socure 30 Sigma Fraud Score is greater than or equal to 0.97 and less than 0.985
  5. SSN Warning AND Fraud Risk are set
     • SSN Warning: Socure 30 returns at least one reason code contained in the “SSN Warning” reason code group OR ID Analytics ID Score returns at least one reason code contained in the “SSN Warning” reason code group
     • Fraud Risk: Socure 30 Sigma Fraud Score is greater than or equal to 0.97 and less than 0.985 OR ID Analytics ID Score is greater than or equal to 700 and less than 850

Manual Review

Customers with minor fraud flags or who require additional documentation

• Customers’ evaluations are set to Manual Review if Denied KYC is set OR Fraud Review is set
• Denied KYC is set if at least one of the KYC Match Criteria is not met:
  • Address could not be verified, or
  • SSN could not be verified, or
  • Date of Birth could not be verified, or
  • Name could not be verified, or
  • Date of Birth Miskey, or
  • SSN Miskey, or
  • OFAC Hit, AND
  • Denied Fraud is not set. We set this threshold to ensure that the only applications which require review are those which are not already being denied.
• Fraud Review is set if
  • ID Analytics ID Score between is greater than or equal to 700 and less than 850 OR
  • Socure 30 Sigma Fraud Score is greater than or equal to 0.97 and less than 0.985