Dynamic Risk Scoring with Didit Webhooks & Serverless

Real-time Data ProcessingLeverage Didit's webhooks (v3 recommended) to receive instant notifications of verification session outcomes, enabling immediate processing and dynamic risk assessment in a serverless environment.

Adaptive Verification FlowsUtilize dynamic risk scores to tailor user journeys, applying additional verification steps like NFC Verification or Phone Verification for high-risk profiles, or fast-tracking low-risk users.

Enhanced Fraud PreventionCombine Didit's comprehensive verification results, including Passive & Active Liveness and ID Verification, with custom risk models to detect and prevent sophisticated fraud attempts more effectively.

Simplified Infrastructure & ScalabilityDidit's modular, API-first approach integrates seamlessly with serverless architectures, offering unparalleled scalability and reducing operational overhead for implementing complex risk scoring.

The Power of Real-time Identity Verification Data

In today's fast-paced digital world, static identity verification processes are no longer sufficient. Businesses need to adapt quickly to emerging threats and user behaviors. This requires a dynamic approach to risk scoring, one that can process verification outcomes in real-time and adjust security measures accordingly. Didit, as an AI-native identity platform, provides the perfect foundation for this, offering not just robust verification products but also the tools to integrate them seamlessly into your dynamic risk management strategy.

The key to dynamic risk scoring lies in immediate access to verification results. Instead of polling APIs, which introduces latency and complexity, the most efficient method is to use webhooks. Didit's webhook functionality allows you to receive instant, push-based notifications whenever a verification session is completed or its status changes. This real-time data stream is crucial for building responsive and adaptive security protocols.

Imagine a scenario where a user attempts to create an account. Didit's ID Verification and Passive & Active Liveness checks are performed. As soon as these checks are finalized, Didit sends a webhook notification containing all the relevant data. Your serverless backend can then immediately ingest this data, run it through your custom risk engine, and make an informed decision on the next steps—all within milliseconds.

Building Your Dynamic Risk Engine with Serverless Functions

A serverless architecture is ideally suited for processing Didit's webhook data and implementing dynamic risk scoring. Serverless functions (like AWS Lambda, Google Cloud Functions, or Azure Functions) are event-driven, scalable, and cost-effective, making them perfect for handling unpredictable loads generated by webhook events. When a Didit webhook is triggered, it invokes your serverless function, which then processes the payload.

Here's a conceptual flow:

1. Didit Verification Session Completes: A user completes an ID Verification, Liveness check, or Phone Verification via Didit.
2. Webhook Triggered: Didit sends a secure webhook notification (we recommend webhook version v3 for the most comprehensive payload) to your configured endpoint.
3. Serverless Function Invoked: Your serverless function is automatically triggered by the incoming webhook.
4. Data Ingestion & Validation: The function receives the webhook payload, which includes detailed results from Didit's various checks. Crucially, you should validate the webhook signature using the secret_shared_key provided in your Didit webhook configuration to ensure the request originates from Didit and hasn't been tampered with.
5. Risk Scoring Logic: Based on the data received (e.g., Liveness score, ID document authenticity, AML screening results, Phone Verification outcomes), your custom risk scoring logic assigns a risk score to the user. This logic can be as simple or complex as needed, incorporating machine learning models, rule-based systems, or third-party data. For instance, a low Liveness score combined with a suspicious ID document might trigger a high-risk flag.
6. Adaptive Action: Based on the calculated risk score, your system can take immediate action. This might involve:
   • Approving the user for low-risk scenarios.
   • Requesting additional verification steps like NFC Verification for ePassports, or a manual review for medium-risk cases.
   • Blocking the user for high-risk profiles, potentially involving Didit's Face Search to check against known fraud databases.

Didit's modular architecture means you can easily plug in additional verification steps as needed, and the results will be seamlessly delivered via the same webhook mechanism.

Ensuring Data Security and Compliance

When dealing with sensitive identity verification data, security and compliance are paramount. Didit acts as a data processor, ensuring that all data handling adheres to strict security standards. When you configure your webhooks, you receive a secret_shared_key which is essential for verifying the authenticity of incoming webhook requests. This prevents malicious actors from spoofing Didit events and injecting false data into your risk engine.

Furthermore, Didit offers flexible data retention controls. In your Business Console under App Settings → Data, you can configure how long Didit stores verification data, from 1 month to 10 years, or even unlimited. This allows you to meet your specific compliance obligations, such as GDPR, by minimizing the storage of personal identifiable information (PII) on Didit's side. For privacy-first patterns, you can set short retention periods and rely on webhooks to push data to your own secure, compliant storage. Enterprise accounts can also benefit from in-country processing for local data residency.

Optimizing Workflows with Didit's Orchestration Engine

Beyond simply receiving data, Didit's no-code orchestration engine allows you to define complex verification workflows tailored to different risk levels or user segments. You can set up rules to automatically trigger specific Didit products based on initial verification results. For example, if an initial ID Verification shows a potential discrepancy, you could automatically trigger a Phone Verification or even an AML Screening check before the session completes and the webhook fires. This pre-processing within Didit's platform streamlines your serverless function's logic, making your dynamic risk scoring even more efficient and robust.

Consider a use case for age verification: if Didit's Age Estimation product indicates a user is close to a legal age limit, your orchestration workflow could automatically prompt for additional ID Verification with NFC Verification to ensure the highest level of assurance, all before sending the final result to your serverless risk engine. This layered approach, orchestrated by Didit, significantly strengthens your fraud prevention capabilities.

How Didit Helps

Didit is the AI-native, developer-first identity platform that empowers businesses to implement dynamic risk scoring with unprecedented ease and flexibility. Our modular architecture provides a comprehensive suite of identity verification primitives, including ID Verification (OCR, MRZ, barcodes), Passive & Active Liveness, 1:1 Face Match, AML Screening & Monitoring, Proof of Address, Age Estimation, Phone & Email Verification, and NFC Verification. These products are designed to deliver rich, actionable data directly to your serverless backend via secure webhooks, enabling real-time risk assessment.

With Didit, you benefit from Free Core KYC, allowing you to get started without upfront costs. Our AI-native technology ensures highly accurate and fast verification results, while our no-code Business Console lets you orchestrate complex workflows effortlessly. There are no setup fees, and our pay-per-successful-check model aligns costs with your business success. By integrating Didit's robust verification capabilities with your serverless dynamic risk scoring engine, you can create a highly adaptive, secure, and scalable identity verification solution that continuously protects your business from evolving threats.

Ready to Get Started?

Ready to see Didit in action? Get a free demo today.

Start verifying identities for free with Didit's free tier.