High rate of DFA-flagged applications since approximately Feb 8th - 4PM AEDT

Summary

Between 8 February 4:00 PM AEDT (5:00 AM UTC) and 9 February 10:00 AM AEDT (11:00 PM UTC), transactions completed on Enterprise versions 4.8.0 to 4.10.91 returned a “high-risk” outcome for Document Fraud Analysis (DFA). This occurred due to missing IP-based geolocation data from a third-party service used during transaction processing. In line with our platform design, where external signal failures default to a conservative outcome, transactions were automatically returned as high-risk rather than allowing a potential false approval.
The issue has since been resolved. Product improvements have been released to reduce dependency sensitivity to this signal in future.

‌

Impact

All identity verification transactions during the affected period returned a DFA “high-risk” result, irrespective of whether the individual was genuine or fraudulent.

• There was no increase in fraud risk or exposure.
• No security compromise occurred.
• Other verification components (Data, Liveness, FaceMatch) operated as expected.

The impact was operational. Genuine users were unable to complete onboarding during the window, which may have resulted in customer friction, delayed onboarding, or the need for re-verification or re-processing after resolution.

Root Cause

A configuration issue within a third-party IP intelligence provider resulted in valid service availability but incomplete data being returned for geolocation and VPN detection.
The provider’s endpoint remained operational, which made automated detection difficult as the service did not fail at a network or availability level. The issue was identified following client feedback and subsequently confirmed through investigation.

Resolution

• The third-party configuration was corrected.
• Impacted transactions can be re-processed on request.
• Communication channels with the supplier have been reinforced to reduce the likelihood of delayed awareness in similar circumstances.

Future Improvements

• DFA decisioning has been updated in releases beyond 4.10.91 to reduce tight coupling to this external signal, so later versions are not impacted by similar provider behaviour. We follow a “fix-forward” model for platform updates, meaning improvements are incorporated into the next controlled release rather than applying retrospective patches to prior versions. This approach ensures consistency across environments, reduces regression risk, and aligns with our standard security and platform update practices.
• We are reviewing the ongoing use of the current IP intelligence provider in light of recent service instability. While redundancy exists within this component of the platform, we are assessing whether adjustments to the primary provider are warranted.