पांच धोखाधड़ी संकेतों के साथ दावा धोखाधड़ी को पकड़ें। नुकसान की पहली सूचना पर एक वर्कफ़्लो।

You are integrating Didit into an insurance carrier's claim workflow at first notice of loss (motor, health, property, travel, business interruption). Goal: catch ghost claims, deepfake video evidence, forged supporting documents, sanctions hits on the claimant, and organised-injury rings before the payout enters the queue. One API call. One signed webhook. Five fraud signals.

WHY THIS SHAPE
  - The Coalition Against Insurance Fraud estimates fraud costs the US industry around $308 billion / year (2022 figures). Most of that walks in through claims with no identity check on the claimant and no document forensics on the evidence.
  - Five signals settle the question on most claims: (1) the claimant is the policyholder, (2) the claimant is alive and present (not a deepfake), (3) the supporting documents are not tampered or templated, (4) the claimant is not on a sanctions list, (5) the claimant has not already filed N near-identical claims across your portfolio.
  - One Didit /v3/session/ call bundles all five. $0.33 KYC + $0.20 AML = $0.53 per claim. Face Search 1:N is free per search. 500 verifications free every month.

PRE-REQUISITES
  - Production API key from https://business.didit.me (sandbox key in 60 seconds, no credit card).
  - A webhook endpoint with HMAC SHA-256 verification of the X-Signature-V2 header using your webhook secret.
  - A Workflow Builder workflow bundling ID Verification + Passive Liveness + Face Match 1:1 (with the policyholder portrait as comparison target) + AML Screening + Face Search 1:N (gallery scoped to prior claimants on your account).
  - Reference to the policy ID and policyholder portrait on file from your Policy Administration System (PAS) — passed as metadata on the session.

STEP 1 — Open the claim-verification session
  POST https://verification.didit.me/v3/session/
  Headers:
    x-api-key: <your api key>
    Content-Type: application/json
  Body:
    {
      "workflow_id": "<wf id bundling ID + Liveness + Face Match + AML + Face Search 1:N>",
      "vendor_data": "<your claim id, max 256 chars>",
      "callback": "https://<your-app>/claims/verify/callback",
      "metadata": {
        "policy_id": "<your policy id>",
        "line_of_business": "motor",
        "loss_date": "2026-04-12"
      }
    }

  Response: 201 Created with a hosted session URL. Send it to the claimant by email / Short Message Service (SMS) / inside the claims app. The claim stays in HOLD on your side until the signed webhook lands.

STEP 2 — Read the signed webhook
  Didit POSTs the verdict. Verify X-Signature-V2 (HMAC SHA-256 of the raw body) BEFORE reading the JSON.

  Payload (excerpted):
    {
      "session_id": "<uuid>",
      "vendor_data": "<your claim id>",
      "status": "In Review",
      "id_verification": { "status": "Approved" },
      "liveness": { "status": "Approved" },
      "face":     { "status": "Approved", "similarity_score": 0.92 },
      "aml":      { "status": "In Review", "hits": [{ "list": "PEP" }] },
      "face_search": {
        "matches": [
          { "session_id": "claim-7710", "similarity": 0.94, "vendor_data": "claim-7710" }
        ]
      }
    }

  Session status enum (exact case, Title Case With Spaces): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.

STEP 3 — Branch on the verdict
  Approved      → release the claim into the standard payout queue.
  In Review     → route to the Special Investigations Unit (SIU) with the per-module signals + face-search match list as the case file.
  Declined      → decline + open file. Block the payout. The decision payload is the audit pack.
  Not Finished  → resend the session link.

STEP 4 — Document forensics on supporting evidence (separate sub-flow)
  For each supporting PDF / image uploaded (police report, repair quote, medical invoice, photo of loss), run Didit Document Optical Character Recognition (OCR). The OCR response surfaces:
    - Field-level extracted text (claim amount, names, dates)
    - Tamper score per region (pixel-level edits)
    - Template match against prior submissions (reused PDF skeleton)
    - EXIF / metadata mismatch (date in photo vs date of loss)

  A high tamper score or a template match against a prior claim flips the case status to In Review.

STEP 5 — Pull the full decision for the case file
  GET https://verification.didit.me/v3/session/{session_id}/decision/
  Headers:
    x-api-key: <your api key>

  Returns the full decision payload — per-module signals, raw face-similarity scores, AML hit list with source list per match, face-search candidate list with scores. Use this as the audit pack for any dispute.

WEBHOOK EVENT NAMES
  - Sessions: standard session webhook. One endpoint, status field tells you the lifecycle.
  - Verify X-Signature-V2 (HMAC SHA-256) on every payload.

CONSTRAINTS
  - Session statuses use Title Case With Spaces. Never UPPER_SNAKE_CASE — that's the Transactions API.
  - The Face Match comparison target is the policyholder portrait from your Policy Administration System (PAS). A deepfake of the policyholder cannot pass when Passive Liveness is also in the workflow.
  - Face Search 1:N gallery is scoped to YOUR account — Didit does not search across carriers. To collaborate across an industry pool, use a shared workflow_id pointing at a multi-carrier gallery you own.
  - 200+ fraud signals are surfaced on every session at no extra cost — read them off the decision payload, don't re-query.
  - Default retention is the standard 5-year insurance horizon; adjust per workflow if your jurisdiction differs.

Read the docs:
  - https://docs.didit.me/sessions-api/create-session
  - https://docs.didit.me/core-technology/face-match/overview
  - https://docs.didit.me/core-technology/aml-screening/overview
  - https://docs.didit.me/core-technology/face-search/overview
  - https://docs.didit.me/integration/webhooks

Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.