Terminology and Key for Content Below
Data Source – Validates and returns information on the elements of an identity for KYC, fraud, AML checks, and more depending on the specific data source.
Tags (indicated in blue text) – Visual representations of microdecisions comprised of attributes that determine the logic of the workflow in addition to the outcomes.
Attributes (indicated in green text) – Fields that are used to build rules in each tag. Attributes are individual pieces of information returned from the data source. We use attributes to create tags.
Reason codes – Metadata returned by data sources that supplement attributes. ID Analytics-ID Score and Socure 30 use reason codes in generating fraud scores. Reason codes are not used as a “single source of truth,” which is why we use them in conjunction with fraud scores in the workflow.
Data Sources
Socure 30: Fraud / KYC Checks
Description of Provider
Socure’s ID+ service uses data points such as name, physical address, phone number, email address, IP address, and other information to confirm an identity belongs to the person entering it, and to what extent that identity poses any potential fraud risk.
ID+ combines online and offline databases and then uses predictive data science to determine the authenticity of the information presented. ID+ performs a massive real-time search across 400+ data providers to find digital and offline presence indicators and behavioral information available about that identity.
ID+ then correlates and resolves data points from the search and associates them with the correct identity. Sophisticated machine learning models are applied against the returned intelligence to make predictions about whether the identity is real or not and the probability of intent to commit fraud.
Socure's ID+ API delivers comprehensive one-stop identity confirmation, meeting regulatory compliance requirements, and maximizing performance.
Dependent Tags
Address Warning, DOB Miskey, Email Warning, Fraud Risk, Fraud Warning, KYC Address Match, KYC DOB Match, KYC Name Match, KYC SSN Match, OFAC Match, SSN Miskey, SSN Warning
Address Warning
Socure utilizes an Address Risk module which analyzes predictors such as single or multi-unit designation and suspended mail activity, in addition to suspicious activity by leveraging signals between IP address and physical address.
If any of the following reason codes return, the Address Warning tag will be triggered:
I911 - Primary input address is PO Box
R704 - Address is correctional facility
R707 - Address is commercial mail drop or general delivery
R720 - High risk address (This reason code relies heavily on IP Address data)
R932 - Entered address matches prison address
R972 - Primary input address is Commercial Mail Receiving Agency
DOB Miskey
If the DOB supplied is +/- 1 year of the DOB found, this tag will return true.
Associated reason code:
R946: Entered date of birth possibly miskeyed
Email Warning
The Email Risk Score provides a risk analysis of the email address based on various predictors, including account age, format, and domain. These factors can be used to determine whether an email address is disposable, auto-generated, or otherwise suspicious.
This tag will be triggered if Socure 30 Score: Email Risk is greater than or equal to 0.99.
Synthetic Fraud Warning
The Socure Sigma Synthetic fraud risk score is a value between 0.001 and 0.999 that predicts the probability that the combinations of PII provided at input correspond to a fictitious person. A higher score indicates a greater likelihood of synthetic fraud.
This tag will be triggered if Socure 30 Sigma Synthetic Fraud Score is greater than or equal to 0.9
Fraud Risk
The ID+ Sigma Fraud Score is a number between 0 and 1 that helps predict the probability that the identity being presented is fraudulent. Larger scores indicate higher risk. Socure has developed industry-specific Sigma Fraud Score models. The threshold defined in the Fraud Risk tag corresponds to a “medium” risk threshold.
This tag will be triggered if Socure 30 Sigma Fraud Score is greater than or equal to 0.97 and less than 0.985
Fraud Warning
Similar to Fraud Risk, we adjust the threshold in the Fraud Warning tag to signal an exceptionally high Sigma Fraud Score returned from Socure.
This tag will be triggered if Socure 30 Sigma Fraud Score is greater than or equal to 0.985
KYC Address Match
Socure uses booleans [0.99(true) or 0.01(false)] to determine whether a match can be found between the profile submitted and the profile returned from its API. We determine an address to be matched by Socure if both the address line 1 and address zip code are matched
This tag will be set if Socure 30 KYC Validation: Street Address is True AND Socure 30 KYC Validation: Zip Code is True
KYC DOB Match
This tag will be set if DOB is an exact match: Socure 30 KYC Validation - Date of Birth is True
KYC Name Match
Socure verifies exact names fields (first and last), so if a nickname was supplied as the first name, the first name validation score would be 0.01 (false). For this reason, we consider a name to be verified if the last name is an exact match.
This tag will be set if Socure 30 KYC Validation: Surname is True
KYC SSN Match
This tag will be set if the SSN was an exact match: Socure 30 KYC Validation: Social Security Number is True
OFAC Match
Socure returns values describing the matches defined by Alloy. A confidence score of 75+ indicates either an exact name match and fuzzy DOB match or vice-versa must return true for the score to be a 75. Alloy returns the highest score possible.
This tag will be triggered if Socure 30 Watch List: OFAC Match is greater than or equal to 99
SSN Miskey
If 2 digits are transposed (eg: 123456789 and 123456798), Socure determines the SSN to be a miskey.
Associated reason code:
R923: Entered SSN/TIN possibly miskeyed
SSN Warning
This tag is triggered if Socure 30 returns at least one reason code contained in the “SSN Warning” reason code group.
These reason codes correlate to the fraud module and are used in generating the Sigma Fraud Score:
R907 - Entered SSN reported as deceased
R909 - Entered identity reported as deceased
R956 - Multiple SSNs reported with applicant
ID Analytics : Fraud
Description of Provider
ID Score is meant for fraud detection (First Party, Third Party, Synthetic, and Identity Manipulation) and identity verification. The model calculates an application’s fraud risk score and reason codes based on the information provided in the score request. The individual and combined personally identifiable information (“PII”) data elements asserted in the application are used to calculate a wide variety of predictive variables based on recent and historic transactions, confirmed frauds, and third-party data sources.
Dependent Tags
Address Warning, Fraud Risk, Fraud Warning, SSN Warning
Address Warning
This tag will be triggered if ID Analytics ID Score returns at least one reason code contained in the “Address Warning” reason code group:
153 - Address match to list of business or commercial addresses
157 - Address match to list of prison addresses
163 - Address match to list of Post Office or private Mail box facility
498 - Address associated with confirmed fraud
520 - Address associated with suspected or confirmed fraud
Fraud Risk
ID Analytics uses a complex machine learning algorithm to generate scores. ID Score evaluates identity risk by comparing the asserted identity elements with identity information in the ID Network. The technology rank-orders identity patterns from 001 to 998. A higher score (e.g. 900) reflects a high level of identity risk, while a lower score (e.g. 100) reflects a low level of identity risk. ID Analytics works with its clients to identify the score level and associated threshold of risk at which an application for a product or service can be considered “safe”.
Based on recommendations received from IDA in addition to case studies performed by our data team, we’ve collectively determined the following thresholds indicate “medium” risk.
ID Analytics ID Score is greater than or equal to 700 and less than 850
The above thresholds will trigger this tag
Fraud Warning
Similar logic to the above for Fraud Risk is applied
This threshold indicates “high” risk and will trigger this tag: ID Analytics ID Score is greater than or equal to 850
SSN Warning
This tag will be triggered if ID Analytics ID Score returns at least one reason code contained in the “SSN Warning” reason code group:
232 - SSN Reported as Deceased
248 - SSN, Name and DOB reported as Deceased
499 - Unusual number of SSNs associated with this identity
614 - SSN associated with confirmed fraud
Iovation: Device Fraud
Description of Provider
Iovation detects device anomalies, bots, Tor networks or proxy servers, IP address distance from the application address, velocity on the device, and device risk.
Dependent Tags
Device Warning, Foreign Device
Device Risk
This tag will be triggered if Iovation Score (Number) is in a range of -99 and -1 Iovation Device Not Provided is False
Device Not Provided: No blackbox is received, this could be due to direct action by the end-user or an issue with the integration. The absence of a device ID can be correlated to increased risk in many cases.
Device Warning
This tag will be triggered if Iovation Score (Number) is less than or equal to -100 AND Iovation Device Not Provided is False
Device Not Provided: No blackbox is received, this could be due to direct action by the end-user or an issue with the integration. The absence of a device ID can be correlated to increased risk in many cases.
Foreign Device
This tag will be triggered if Iovation IP Address: Out of Country List is True OR Iovation rules.non_US_IP is True
Out of Country List: IP Address detected in a sanctioned country. Specifically: Afghanistan, Nigeria, North Korea, Ghana, or Iran.
non_US_IP: IP Address returned from anywhere outside of the US.
Ekata: KYC
Description of Provider
Ekata provides real-time global identity data, proprietary network insights, and 21 years of sophisticated data science to power their APIs. They have APIs for data validation, data enrichment, and identity verification. As the global standard for identity verification, they apply pattern recognition, predictive analytics, and machine learning to the five key consumer data attributes of email, phone, name (person or business), physical address, and IP.
Dependent Tags
Email Warning, KYC Address Match
Email Warning
This tag will be triggered if:
Ekata Primary Email Address: Is Autogenerated is True OR
Ekata Primary Email Address: Is Disposable is True
KYC Address Match
This tag will be set if Ekata determines an address match if it has a record indicating the submitted name matches the submitted address.
Ekata Address: Matched is True
Outcomes / Decision Criteria
Customers who have applied will be automatically decisioned into one of three outcomes:
Approved
Denied
Manual Review
Below are the criteria, thresholds, and additional factors that define which of the three outcomes a customer is decisioned with.
Approved
Customers who meet all KYC criteria and have no significant fraud flags
Customers’ evaluations are approved if Fraud Review is not set AND Denied KYC is not set AND Denied Fraud is not set
KYC criteria met:
Denied KYC is not set, which means all of the following criteria are true:
Name verified
Physical Address verified
Date of Birth verified
Social Security Number verified
OFAC Match is not set - no OFAC matches
Fraud criteria met:
Denied Fraud is not set - no fraud flags as defined in the following “Denied” section
Fraud Review is not set - no fraud flags as defined in the following “Manual Review” section
Denied
Customers who are almost certainly fraudulent
Customers’ evaluations are denied if Denied Fraud is set
Denied Fraud can be set in 5 scenarios:
Fraud Warning is set
Socure 30 Sigma Fraud Score is greater than or equal to 0.985 OR
ID Analytics ID Score ID Score if greater than or equal to 850
Device Warning (iovation) is set
Iovation SureScore is less than 0 AND
Iovation Device Not Provided is False
Synthetic Fraud Warning is set
Socure 30 Sigma Synthetic Fraud Score is greater than or equal to 0.9
Address Warning is set AND Fraud Risk are set
Address Warning: ID Analytics ID Score returns at least one reason code contained in the “Address Warning” reason code group OR Socure 30 returns at least one reason code contained in the “Address Warning” reason code group
Fraud Risk: ID Analytics ID Score is greater than or equal to 700 and less than 850 OR Socure 30 Sigma Fraud Score is greater than or equal to 0.97 and less than 0.985
SSN Warning AND Fraud Risk are set
SSN Warning: Socure 30 returns at least one reason code contained in the “SSN Warning” reason code group OR ID Analytics ID Score returns at least one reason code contained in the “SSN Warning” reason code group
Fraud Risk: Socure 30 Sigma Fraud Score is greater than or equal to 0.97 and less than 0.985 OR ID Analytics ID Score is greater than or equal to 700 and less than 850
Manual Review
Customers with minor fraud flags or who require additional documentation
Customers’ evaluations are set to Manual Review if Denied KYC is set OR Fraud Review is set
Denied KYC is set if at least one of the KYC Match Criteria is not met:
Address could not be verified, or
SSN could not be verified, or
Date of Birth could not be verified, or
Name could not be verified, or
Date of Birth Miskey, or
SSN Miskey, or
OFAC Hit, AND
Denied Fraud is not set. We set this threshold to ensure that the only applications which require review are those which are not already being denied.
Fraud Review is set if
ID Analytics ID Score between is greater than or equal to 700 and less than 850 OR
Socure 30 Sigma Fraud Score is greater than or equal to 0.97 and less than 0.985