Validates that a real person is performing the registration by combining Liveness with Behavioral Alert — no document capture or government identifier required.
What this use case solves
Risk Level Detection addresses the challenge of validating that a real person is performing the registration, without requiring document capture or identity validation through a government identifier — all within a single process.
By combining Liveness with Behavioral Alert, the pipeline confirms the presence of a real person in front of the camera and, simultaneously, checks whether that face carries risk signals in the Unico network. The result is an onboarding decision based on behavioral trust, not just documentary data.
Use this use case when:
- Your operation suffers from fraud where the identity is legitimate but the intention is criminal.
- You need to identify and block identity fraud attempts where users open accounts with synthetic identities.
- You need to identify and block Mule Account attacks, where users open multiple accounts across different institutions to launder money.
- You want to mitigate Bust-out Fraud by detecting users who generate sudden hyperactivity in the network.
- Your business model requires that each individual holds at most one active account per operator (or per country).
Do not use this use case when:
- You only need to validate the static integrity of a document against a government database → use Onboarding.
- You only need to know if this face is the same one that completed onboarding → use 1:1 Validation.
Capabilities involved
Pipeline executed within a single process:
| Capability | Role in the flow |
|---|---|
| Liveness (Optional) | Confirms that the selfie belongs to a living person, mitigating deepfake or injection attacks. Ensures input integrity before behavioral analysis. |
| Risk Fraud Classification | Cross-references transaction data (face, code, history) with the global network history. Applies statistical models to generate the final risk level for that transaction. |
Prerequisites
- Bearer token — OAuth2 authentication via Client Credentials. See Authentication.
- APIKEY enabled — Key configured for V3 with behavioral analysis permission. See Environments.
- Primary key (
subject.code) — The identifier performing the transaction: document number, email, or phone number.
It is highly recommended to send metadata and context alongside the request. This includes registration data (name, date of birth, gender, and other information), email, phone, and clientReference. Using our Liveness solution also enriches the analysis with device risk, location, and additional behavioral signals.
Step-by-step implementation
- API
Direct API integration — capture the selfie using the Unico SDK or your own UI following the Capture Standard, then send the image directly to the Unico API.
- Capture the selfie — use the Unico SDK for your platform, or build your own UI following the Capture Standard, to obtain a selfie image that meets liveness requirements.
- Create a process — call Create Process with the user's identifier and the selfie as
imagebase64. - Query the result — call Get Process to retrieve the capability results.
- Apply business rules — evaluate the response fields to approve, deny or escalate.
Interpreting the Result (Risk Level)
In Risk Fraud Classification, the behavioral assessment returns a progressive scale with currently 4 return levels.
If status = 3 (Completed), check the field idCloud.result:
| Risk Level | Meaning / What the engine found | Recommended action |
|---|---|---|
| Not Approved | Maximum evidence of fraud and risk. There is a very high probability that this transaction will result in financial loss, due to strong association with identity theft or recurring use of third-party identities. | Automatic block or rejection. |
| Critical Risk | High fraud risk. Indicates critical inconsistencies, such as a severe mismatch between registration data (age/gender) and facial biometrics, pointing to a high risk associated with fraud. | Automatic rejection or strict credit policy adjustment. |
| High Risk | Potential fraud. This signal frequently reflects unusual recent activity or network hyperactivity. | Manual review by the analysis desk (back-office). |
| Inconclusive | There is not enough information mapped in our network to determine that the transaction carries risk. | Proceed with the standard approval flow. |
Error Handling
| Code | Description |
|---|---|
20807 | Image outside HD standard (minimum 640×480). |
20506 | Base64 file exceeds the maximum supported limit (800 KB). |
20507 | The subject.code field is invalid. |
20510 | The clientReference field is invalid. |
10201 | The APIKEY header is invalid or the credential does not have permission for the Risk layer. |