What Are RiskOS™ Workflows?
Understand how RiskOS™ workflows automate risk assessment and fraud detection from data intake through enrichments to a final decision.
A RiskOS™ workflow is a configurable sequence of steps that evaluates incoming events and produces a decision. Once published, it orchestrates how RiskOS™ processes an event—from initial data intake through enrichments and conditions to a final outcome.
flowchart TD
A["Create Evaluation"]
B["Validate Input"]
C["Run Enrichments"]
D["Evaluate Rules"]
E{"Decision"}
F["Approve"]
G["Deny"]
H["Manual Review"]
A --> B --> C --> D --> E
E -->|Accept| F
E -->|Reject| G
E -->|Review| H
How it works
-
Build your workflow
Use the Workflow Editor in RiskOS™ to visually build and customize workflows by adding steps—the core building blocks that determine how evaluations are processed.
Each step represents an action or logic that moves an event closer to a decision. You can chain steps to collect, enrich, transform, and analyze data before producing an outcome.
Step types:
Step type What it does Input Validates required fields in the evaluation payload Enrichment Calls Socure products or third-party APIs for additional signals — scores, match results, and risk flags Condition Evaluates expressions to true or false and branches the workflow accordingly (supports AND/OR grouping) Transformation Computes derived values from inputs and enrichment signals Rule Scorecard Assigns numeric risk scores (−100 to 100) when specified conditions are met Decision Assigns a terminal outcome — Accept, Reject, or Review Decision Rules Combines conditions with outcome assignments in a single step Manual Review Routes the evaluation to Case Management for human determination Wait Pauses evaluation for asynchronous operations (e.g., Document Verification or OTP) Tag Conditionally assigns metadata labels to the evaluation
You can mix and match step types to fit your use case. See Workflow Steps for the full reference and Create and Edit a Workflow to get started building.
-
Evaluate an event
When a workflow is published, it evaluates incoming events in real time. Your app submits user attributes via the
/api/evaluationAPI, and RiskOS™ executes each step sequentially:
- The Input step validates the payload against required fields.
- Enrichment steps call Socure products and third-party data services, returning signals — scores, match results, and risk flags.
- Condition steps branch the workflow based on signal values. Rule Scorecards compute aggregate risk scores.
- A Decision or Decision Rules step assigns the final outcome: Accept, Reject, or Review.
The API response includes the decision, enrichment data, reason codes, tags, and computed values. Events can also enter an On Hold state when asynchronous input is required (e.g., pending Document Verification or OTP).
Evaluation outcomes are visible in the Cases section of the RiskOS™ Dashboard.
-
Manual review
If a workflow cannot clearly accept or reject an event, it routes the evaluation to Case Management, where a human reviewer makes the final determination.
- Reviewers open cases in the Case Management view.
- A case remains Open or On Hold until the reviewer completes the decision.
- Reviewers can accept, reject, or override the workflow's recommendation.
- RiskOS™ communicates review decisions via the
decision\_updatewebhook event or API polling.
See Case Management for details on reviewer tools and workflows.
Next steps
Updated 2 days ago

