The Two-Score AML Model: Match Score vs Risk Score

Most AML screening tools collapse two completely different questions into a single number. Is this watchlist hit really my customer? and how dangerous is this customer? get blended into one "risk score," and the result is a queue full of namesakes alongside genuine sanctions matches, all looking the same to the analyst working them.

Didit's AML Screening engine refuses to make that mistake. It runs a two-score model: a Match Score that measures identity confidence, and a Risk Score that measures entity risk. They are computed and thresholded independently, which is the single biggest lever you have for cutting false positives without missing real hits. This post explains exactly how each score works.

Key takeaways

• Match Score (0–100) answers is this really the same person? — name similarity, date of birth, and country, weighted and configurable.
• Risk Score (0–100) answers how risky is a confirmed entity? — category, country risk, and criminal record.
• The two are independent. A perfect name match to a low-risk record and a weak match to a sanctioned entity are treated as the different situations they are.
• Configurable weights and thresholds let you tune to your own risk appetite; the match weights must sum to 100.
• A document-number match is the "Golden Key" — it overrides the Match Score to 100%.
• Both scores live on the standalone POST /v3/aml/ call and inside Didit verification workflows, at $0.20 per check.

What the two scores are

When you screen a subject, the engine surfaces every watchlist profile that plausibly matches. For each one it computes two things.

The Match Score is about identity. Given the name, date of birth, and country you submitted, how confident is the engine that this watchlist record describes the same person? A score of 96 means "almost certainly the same individual"; a score of 40 means "shares a name, probably a coincidence."

The Risk Score is about the entity itself, assuming the match is real. A confirmed PEP with adverse media in a high-risk jurisdiction scores high; a confirmed but minor regulatory-register entry scores low. The Risk Score never asks whether the match is correct — that's the Match Score's job — it asks how much you should worry if it is.

Why it matters

The reason this separation matters is operational, and it shows up directly in analyst workload. Imagine screening a customer named "Maria Gonzalez." Across 1,300+ lists there will be many people with that name, several of whom carry real risk. If you have one blended score, every one of those records lands in review looking equally important, and your analysts burn hours dismissing namesakes.

With two scores, the engine can quietly mark the weak identity matches as False Positive before they ever reach a human, regardless of how risky those records are — because if it isn't your customer, the risk is irrelevant. Only the records that clear the identity bar get evaluated for risk and routed for review. The result is a review queue that is small, relevant, and defensible.

Technical details

Both scores come back on the same /v3/aml/ response. The standalone call:

curl -X POST https://verification.didit.me/v3/aml/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "first_name": "Maria",
    "last_name": "Gonzalez",
    "date_of_birth": "1984-03-12",
    "country": "ES",
    "document_number": "X1234567Z"
  }'

Each surfaced profile carries its own Match Score and review status; the screening as a whole carries the Risk Score and overall status:

{
  "aml_status": "In Review",
  "risk_score": 71,
  "matches": [
    { "profile_id": "prf_5a91c2", "match_score": 96, "match_status": "Unreviewed", "categories": ["PEP 2"] },
    { "profile_id": "prf_77b0e1", "match_score": 48, "match_status": "False Positive", "categories": ["Adverse Media"] }
  ]
}

How the Match Score is built

The Match Score is a weighted blend of identity signals. The defaults:

Signal	Default weight
Name similarity	60%
Date of birth	25%
Country	15%

The weights are configurable and must sum to 100 — if you raise name similarity, you lower something else. The default decision threshold is 93: a profile scoring below 93 is auto-set to False Positive; a profile at or above 93 becomes Unreviewed and waits for an analyst.

The Golden Key. If you pass a document_number and it matches the watchlist record, the Match Score is overridden to 100% outright. A document-number match is the strongest possible identity signal, so it short-circuits the weighted blend — there is no ambiguity about whether it's the same person.

How the Risk Score is built

The Risk Score is a weighted blend of risk signals. The defaults:

Signal	Default weight
Category (sanctions, PEP level, adverse media, etc.)	50%
Country risk	30%
Criminal record	20%

It drives the overall AML status through two thresholds. By default the approve threshold is 80 and the review threshold is 100:

Risk Score	Status
Below 80	Approved
80 to 100	In Review
Above 100	Declined

Price. $0.20 per check — the two-score evaluation is included, not an add-on.

The review states an analyst works

Once a profile is surfaced, it moves through a small, auditable set of review states:

• False Positive — not your customer (often set automatically when the Match Score is below threshold).
• Unreviewed — cleared the match threshold, waiting for a human decision.
• Confirmed Match — an analyst verified it is your customer.
• Inconclusive — the evidence is genuinely ambiguous and the case is parked.

This is the paper trail. When a regulator asks why you onboarded someone who shared a name with a sanctioned individual, "the Match Score was 41, below our 93 threshold, auto-classified False Positive" is a complete, defensible answer.

Use cases

• Fintech. Keep onboarding fast by auto-suppressing low-confidence matches while never under-screening high-risk ones.
• Crypto / Web3. Use the document-number Golden Key for high-assurance KYC flows so confirmed identities skip the namesake guesswork.
• Lending. Set a conservative Risk Score review threshold for borrowers and guarantors where the downside of a missed PEP is large.
• Marketplaces. Lower the manual-review burden on high-volume seller onboarding by tuning the Match Score weights to your population.
• iGaming. Document the exact thresholds and weights you ran for each regulator, since both scores and their configuration are auditable.

How to integrate with Didit

1. Add screening as a workflow step or call POST /v3/aml/ directly.
2. Set your weights for the Match Score (summing to 100) and the Risk Score in the Console.
3. Set your thresholds — the match threshold (default 93) and the approve/review thresholds (default 80/100).
4. Pass a document number wherever you have one to trigger the Golden Key override.
5. Work the Unreviewed queue and let Approved/Declined decisions flow into your onboarding logic.

Frequently asked questions

What's the difference between the Match Score and the Risk Score?

The Match Score measures whether a watchlist hit is really your customer (identity confidence). The Risk Score measures how dangerous that entity is if the match is real. They are computed and thresholded independently.

What are the default weights?

Match Score: name 60%, date of birth 25%, country 15% (must sum to 100). Risk Score: category 50%, country risk 30%, criminal record 20%. All are configurable in the Console.

What is the Golden Key?

If you supply a document number and it matches the watchlist record, the Match Score is overridden to 100% — a document-number match is treated as definitive identity proof.

What happens below the match threshold?

A profile scoring below the match threshold (default 93) is automatically set to False Positive, so it never reaches an analyst regardless of how risky that record is.

How does the Risk Score become a decision?

Below the approve threshold (default 80) the status is Approved; between approve and review (80–100) it's In Review; above the review threshold (default 100) it's Declined.

Ready to get started?

Read the AML Screening overview in the docs, see the model in context on the AML Screening product page, and check transparent per-check pricing on the pricing page. When you're ready, start free — 500 free KYC checks every month, with AML screening at $0.20 per check.