What gets flagged?
Examples of signals that may raise a flag:- Inconsistent or unreadable document fields
- Face capture confidence below threshold
- Reused session attempts or suspected replay
- Mismatch between document and selfie
Specific heuristics can evolve; treat flags as guidance to drive your own policy.
Where to read flags
- Webhook payloads can include a
flagsarray with high‑level reasons - Your own datastore (recommended): persist flags alongside session outcomes
Example enriched payload
Acting on flags
- Auto‑approve when no flags and status is
completed - Route to manual review for medium/high severity flags
- Auto‑deny on critical flags (define per policy)
Pseudocode
Best practices
- Log all flag decisions with sessionId for auditability
- Keep your policy centrally managed and versioned
- Periodically review false positives/negatives and adjust thresholds