Skip to main content

Setup and configuration

Setup

Follow these steps to set up a workflow using a KYC template.

  1. In the Settings menu, select Workflows. The Workflows page is displayed.

  2. Select the Workflow templates tab.

  3. Click one of the KYC workflow templates (Basic identity verification , Proof of humanity, and Extensive identity verification). The workflow creation modal is displayed.

    This modal lists the provider types used and shows an overview of the flow.

  4. In the Name field, enter the name of the workflow.

  5. In Flow overview, select which providers the steps use. Not all steps require a provider and you can connect new providers if necessary.

    tip

    If you connect a new provider, a pane opens on the right side of the screen where you enter the provider details. Connection instructions for each provider are in Providers.

  6. Click Create workflow. The workflow configuration page is displayed.

    The workflow ID is displayed below the workflow name. You will need this value when using the ComPilot SDKs.

  7. On the workflow configuration screen, you can configure, add, and delete workflow steps.

    • To configure a step, click the gear icon on the right-hand side of the screen, next to the step. Steps that need configuration are marked with an orange icon.
    • To add a step, click the + Add step button at the top right of the screen. If you add a step, it is automatically added in the correct place in the workflow.
    • To delete a step, click the trashcan icon on the right-hand side of the screen, next to the step.

    Some steps can be expanded so that sub-steps can be configured.

    Most steps can trigger a customer.updated webhook event. Some steps can trigger other events. For details of the webhook events triggered by each step type, see Webhook events.

Configuration

Identity verification

For the identity verification step, there are two things that have to be configured:

  • appearance and security settings.
  • identity verification steps.

Appearance and security settings

Appearance

Fill out the Setup the appearance form as described below.

FieldDescription
Name & websiteThe name of your application that uses the ComPilot Identity Widget.
LogoUpload a logo to use with the widget.
Cover imageUpload a cover image. You can toggle the use of the image with the checkbox.
BrandingSelect two colors for the widget that match your brand. You can also toggle the cover image on and off, and toggle the dark theme
Bottom contentEnter text, a website, and a link title for the bottom of the widget.
Security settings

In the Secure your integration form, enter the URL of the host of your application. You can enter multiple URLS by clicking the + Add another URL button.

In live mode, the widget will only work with the hosts specified here (and localhost). This helps prevent unauthorised use of your ComPilot account.

Identity verification steps

ID Scan

The ID scan step requests a copy of the customer's ID for verification.

Under ID scan you can select which documents and issuing countries are accepted as proof of ID.

Filter mode determines which issuing countries are allowed.

  • In Include mode, only the selected countries are allowed.
  • In Exclude mode, all countries are allowed, except the selected countries.

Select the countries list to edit it.

Under Allowed documents, select the documents that you want to allow as proof of ID.

Face scan

The Face scan step takes a live selfie of the customer's face so that it can be compared with the photo in their ID, and confirm that they are a live human.

There are no configuration options for this step.

Proof of residence

The Proof of residence step requests proof that the customer is resident where they claim to be. It allows for document upload, which you need to manually check.

If document request is selected, you can select which documents are requested. You can also toggle manual address input.

Contact information

Under Contact information you can select which contact information is requested. You can use this contact information to contact the user. It can also be used during Fraud detection.

AML screening

AML screening screens the customers names and address against a database of sanctioned individuals and other individuals who may represent a risk. The AML screening step is performed by one of the following providers:

There are three things that have to be configured: the API key, automation triggers, and other configuration.

API Key

The API Key pane only appears if you are using the ComplyAdvantage provider. It is not needed for ComPilot AML. It contains the ComplyAdvantage API key that you entered when you connected the provider. You can view the key by clicking Show and copy it to your clipboard by clicking Copy.

Automation Triggers

On the Automation Triggers pane you can:

  • Toggle whether user data is screened every time a record is added.
  • Toggle whether users are monitored in an ongoing manner.

If users are monitored in an ongoing manner, then users are re-screened every day. If new relevant hits are found:

  • The customer status will be set to To be reviewed.
  • Already opened alerts will be updated with the content of the new hit and the update will be displayed in the alert's activity log.
  • If no open alert is found, then a new alert will be generated.
  • On the Customer Screening tab of the customer detail page, the Is monitored field will be updated with the customer's state.

Other configuration

On the ComplyAdvantage Configuration pane you can select the lists that you want to use to screen the user. By default all the lists are selected. This provides the maximum breadth of screening.

You can also set the Fuzziness level. Fuzziness is a matching technique that allows for variation in the spelling of a search term and the entities returned in the search results. A higher fuzziness level will mean more typos or variations will be caught, but it also means that there will be more false positives. The default value is 0.5. For a full explanation of fuzziness, see What is Fuzziness?

Duplicate detection

When turned on, ComPilot detects possible duplicate users by comparing information such as name, date of birth, provided documentation, and selfies. If a duplicate is detected in your workspace, an alert is generated.

Wallet screening

Wallet screening screens the customers Web3 wallet to help ensure security and compliance. The wallet screening step is performed by one of the following providers:

There are three things that have to be configured: the API key, automation triggers, and other configuration.

API Key

The API Key pane only appears if you are using the Scorechain provider. It is not needed for ComPilot KYT. It contains the Scorechain API key that you entered when you connected the provider. You can view the key by clicking Show and copy it to your clipboard by clicking Copy.

Automation Triggers

On the Automation Triggers pane you can toggle whether user data is screened every time a record is added.

Other configuration

On the Scorechain configuration pane, click the Add button add a new configuration. Fill out the fields as described in the following table.

FieldDescription
Analysis TypeSelect the analysis type.
Object TypeSelect the object type.
BlockchainSelect the blockchain.

For the proper scoring of an account, Analysis type should be set to FULL, Object Type should be set to ADDRESS, and Blockchain should be set to ETHEREUM or TEZOS.

For more information about Scorechain configuration, see the full Scorechain documentation.

note

You can add multiple configurations, and edit existing configurations.

Fraud detection

Fraud detection screens data captured during KYC (the users IP address, email address, and phone number) to determine the risk of them being associated with fraudulent activity. The fraud detection step is performed by ComPilot Fraud Analytics or the IPQualityScore provider.

There are three things that have to be configured: the API key, automation triggers, and other configuration.

API Key

The API Key pane only appears if you are using the IPQualityScore provider. It is not needed for ComPilot Fraud Analytics. It contains the IPQualityScore API key that you entered when you connected the provider. You can view the key by clicking Show and copy it to your clipboard by clicking Copy.

Automation Triggers

On the Automation Triggers pane you can toggle whether user data is screened every time a record is added.

Other configuration

On the IPQualityScore configuration pane, select the checks that you want to be performed.

CheckDescription
Ip VerificationSelect this to enable IPQualityScore checks on the user's IP address.
Email VerificationSelect this to enable IPQualityScore checks on the user's email address.
Phone VerificationSelect this to enable IPQualityScore checks on the user's phone number.

Rules engine

The ComPilot Rules Engine allows you to define the compliance checks that a customer must pass before interacting with your application. A set of compliance checks is called a scenario

The ComPilot Rules Engine receives verifiable credentials (VCs) or zero-knowledge proofs (ZKPs) and checks them against the scenario. The application receives the rule execution result, allowing the application to allow or deny access to the customer.

This step allows you to choose which scenarios are active in this workflow. For a customer to successfully pass the workflow, they must pass each active scenario.

You can add a new scenario by clicking Add new scenario button. See Adding a scenario.

Testing

When you have completed configuration, click the Test the flow button at the top right of the screen.

Next to the workflow ID, you can toggle between Regular mode and Web3 mode. For more information, see Regular and Web3 modes.

note

When testing the flow, it should be in sandbox mode.

Live mode

When you are satisfied that the workflow is working correctly, make sure it is in live mode.