Changelog

Platform Performance and Infrastructure Updates

QR Code delivery for desktop-to-mobile verification sessions: We’ve added a new delivery method that enables end users who are prompted to start an identity verification and threat detection challenge on a given device to quickly and easily transition to a different device to complete the challenge, without relying on SMS or email.

Expanded device & network risk signals for stronger passive checks

This release introduces a series of foundational enhancements that strengthen performance today while laying the groundwork for several upcoming capabilities. Together, these updates advance our broader focus on improving data visibility, workflow transparency, and policy configurability. These features will become generally available in the coming months as the new infrastructure takes shape.

This release includes a series of enhancements focused on improving data visibility, workflow transparency, and localization across identity verification experiences.

Expanded Telco Contact Info: We’ve enhanced one of our telco data sources to provide additional contact information for the accountholder of a given phone number, unlocking richer context for verification and investigation workflows. See documentation here.

Gateway to API: We’ve introduced full compatibility for flows that use both Gateway (our hosted end-user UI) and API. Historically, flows could only start in API and then transition to Gateway. With this update, flows can now start in either Gateway or API and move seamlessly between the two. This makes it easier to design hybrid flows where certain identity challenges are served through Gateway and others via API.

All new reporting framework + new Workflow Report

New Experian Assertions: We've added two high-precision assertions to further strengthen identity verification policies.

Configurable Expiration for Verification Links: You can now control how long verification links remain valid, setting either a specific date/time when links should expire, or the duration that the link is valid for. This enhancement reduces the risk of credential misuse and gives you more control over sensitive workflows.