Handle Review & Step-Up Flows

Overview

When the Consumer Onboarding workflow cannot auto-approve or auto-reject an applicant, it routes the evaluation through one or more step-up or review paths. This page covers how your integration detects, handles, and completes these flows.

Decision routing

Every Consumer Onboarding evaluation produces a decision that determines the next action in your integration.

When the decision is REVIEW, inspect tags, review_queues, and eval_status to determine which step-up path the workflow selected.

Escalation paths

Consumer Onboarding uses progressive verification: the workflow applies the least-friction step-up that matches the risk signal.

flowchart TD
    A[Evaluation submitted] --> B{Risk level}
    B -->|Low| C[ACCEPT]
    B -->|Extreme| D[REJECT]
    B -->|Elevated digital risk| E[OTP / SNA step-up]
    B -->|Identity uncertainty| F[eCBSV step-up]
    B -->|Elevated identity or fraud risk| G[Predictive DocV step-up]
    B -->|Watchlist match| H[Compliance review queue]
    B -->|Inconclusive| I[Manual review queue]
    E --> J{Result}
    F --> J
    G --> J
    J -->|Pass| C
    J -->|Fail| D
    J -->|Inconclusive| I

One-Time Passcode and Silent Network Authentication

The workflow uses phone possession verification as part of onboarding. Digital Intelligence and phone risk signals influence how the workflow evaluates phone possession and downstream escalation risk.

• Trigger: Silent Network Authentication (SNA) fails or is unavailable.
• Behavior: The workflow sends a One-Time Passcode (OTP) to the consumer's phone number.
• Outcomes: Verified (proceed), failed/abandoned (reject).
• Sync/Async: The evaluation handles OTP synchronously within the flow.

For OTP configuration, see One-Time Passcode (OTP).

eCBSV

When identity mismatches or synthetic fraud signals require authoritative validation, the workflow steps up to eCBSV.

• Trigger: Sigma Synthetic or Verify Plus signals suggest identity uncertainty.
• Behavior: Validates SSN, name, and date of birth directly with the Social Security Administration.
• Outcomes: Confirmed (proceed), mismatch (reject or review).
• Requirement: The applicant must provide consent. US-only.

For eCBSV details, see eCBSV.

Predictive DocV step-up

When fraud risk is elevated but not conclusive, the workflow triggers document verification. This is an asynchronous step-up — the evaluation pauses until the consumer completes document capture.

• Trigger: Fraud suite signals indicate high (but not definitive) risk.
• Behavior: RiskOS™ pauses the evaluation and requests a government-issued ID and selfie.
• Outcomes: ACCEPT (verified), REJECT (forgery/mismatch/liveness failure), RESUBMIT (poor quality), REVIEW (inconclusive).

Detect the step-up signal

Check for both conditions in the evaluation response:

• eval_status is "evaluation_paused" or status is "ON_HOLD".
• data_enrichments includes an object where enrichment_provider is "SocureDocRequest".

Extract handoff assets

Locate the SocureDocRequest object and extract from response.data:

{
  "eval_id": "500c6b88-9f5c-4d62-9422-163a59a343fe",
  "decision": "REVIEW",
  "status": "ON_HOLD",
  "eval_status": "evaluation_paused",
  "data_enrichments": [
    {
      "enrichment_provider": "SocureDocRequest",
      "response": {
        "data": {
          "docvTransactionToken": "70c6a4bc-f646-4c6a-94c1-9cd428e356ef",
          "url": "https://verify.socure.com/#/dv/70c6a4bc-f646-4c6a-94c1-9cd428e356ef"
        }
      }
    }
  ]
}

Complete the handoff

1. Persist the eval_id and docvTransactionToken for later correlation with the webhook result.
2. Return the token to your client-side application.
3. Launch the DocV SDK or Hosted Flow to present the document capture UI.

No resubmit: Treat DocV as a one-time step-up. If the step-up fails, RiskOS™ completes the evaluation and delivers the final decision (typically REJECT) via webhook. Route the user to your fallback flow.

Receive the final decision

After document capture completes, RiskOS™ resumes the evaluation asynchronously. The final result arrives via the evaluation_completed webhook event.

{
  "event_type": "evaluation_completed",
  "event_id": "3b31289c-2d4a-4107-80bc-dda63031d5a0",
  "event_at": "2025-07-17T01:20:01Z",
  "data": {
    "eval_id": "11111111-2222-3333-4444-555555555555",
    "decision": "ACCEPT",
    "status": "CLOSED",
    "eval_status": "evaluation_completed"
  }
}

Use the eval_id to correlate the webhook with the original evaluation. Route the user based on the final decision:

• ACCEPT → Continue onboarding
• REJECT → Route to fallback or denial flow

For webhook configuration, see Webhooks. For DocV webhook details, see DocV Webhooks.

Watchlist and compliance review

When the Watchlist enrichment detects potential sanctions, PEP, or adverse media matches, the evaluation routes to a compliance review queue.

• Trigger: Global Watchlist returns potential matches.
• Behavior: The workflow tags the evaluation (for example, "Watchlist Review") and routes it to a configured review queue (for example, "Compliance").
• Resolution: A compliance analyst reviews the match in the RiskOS™ Dashboard and issues a final decision.

Manual review

When risk signals are inconclusive across multiple enrichments, the evaluation routes to manual review.

• Trigger: Conflicting or borderline signals that don't meet auto-approve or auto-reject thresholds.
• Behavior: The workflow routes the evaluation to a configured review queue in the RiskOS™ Dashboard.
• Resolution: An analyst reviews enrichment results, reason codes, and tags, then issues a final decision.

Progressive verification

Consumer Onboarding applies step-ups progressively. Early, low-friction checks reduce the population that reaches high-friction steps:

1. Digital Intelligence filters bots and risky devices.
2. Allow/Deny lists filter known entities.
3. Phone Risk + OTP verify phone possession.
4. Verify Plus + Sigma Synthetic confirm baseline identity.
5. eCBSV provides authoritative SSN validation for uncertain cases.
6. Fraud enrichments aggregate multi-signal fraud risk.
7. DocV applies biometric verification for high-risk cases.
8. First-Party Fraud + Watchlist complete post-verification compliance.

Each step narrows the funnel. The workflow minimizes the number of evaluations that require high-friction verification steps such as Predictive DocV or manual review.

Operational recommendations

• Staff review queues for expected volume. Monitor review queue depth in the RiskOS™ Dashboard and adjust analyst capacity based on the review-to-total evaluation ratio.
• Set SLAs for manual review resolution. Unresolved reviews create a poor consumer experience. Define target resolution times for each review queue.
• Handle DocV step-up timeouts. If a consumer doesn't complete document capture within a reasonable window, route them to a fallback flow rather than leaving the evaluation indefinitely paused.
• Monitor escalation rates. If a disproportionate number of evaluations route to step-up or review, revisit your workflow configuration — threshold tuning or enrichment ordering may reduce unnecessary escalations.
• Log all routing signals. Persist tags, review_queues, reason codes, and eval_status transitions for audit and analytics.

Common issues

FAQs

Related concepts

• Predictive Document Verification
• DocV SDKs
• Hosted Flows
• One-Time Passcode (OTP)
• eCBSV
• Webhooks
• Evaluations
• Decisions
• Synchronous vs Asynchronous Evaluations
• Signals & Attributes
• Rules & Conditions