Device monitoring

Overview

Solaris has introduced device monitoring as an additional layer of fraud prevention. Partners are required to collect device fingerprints from their (potential) customers' devices using the Seon SDK and then submit them to Solaris when calling certain API endpoints. Solaris will analyze the provided fingerprints when performing Customer Due Diligence checks and notify you of any suspected fraud using the PERSON_CHANGED webhook.

This guide explains how to implement the Seon SDK in your solution (regardless of platform) to collect device fingerprints and when to provide them to Solaris.

note

New customers in the German, French, and Italian branches are required to consent to device monitoring. Customers in the Spanish branch may always opt out of device monitoring (i.e., customers are allowed to reject device monitoring).

Although customers may later withdraw their consent to device monitoring, this may have adverse effects on the business relationship (e.g., immediate account block, termination of the business relationship). See the section below for more information.

Please note the appendix regarding existing customers onboarded prior to the rollout of this feature.

Device monitoring flow

Here is the flow for integrating device monitoring into your solution:

  1. Implement a GDPR-compliant cookie consent and ensure that the Seon SDK is not initialized until the user gives their consent.
  2. Implement the Seon SDK in your solution such that it initializes whenever the customer starts the app.
  3. Prior to calling any of the Solaris API endpoints that require device monitoring, generate a device fingerprint on the customer's device using the Seon SDK as described below.
  4. When calling one of the Solaris API endpoints that requires device monitoring, provide the Base64-encoded fingerprint obtained from Seon as the device_data property in the API request body.
  5. Solaris will analyze the device fingerprint while conducting its Customer Due Diligence checks.
    • If Solaris detects any suspected fraud, you will receive a notification on the PERSON_CHANGED webhook. If you receive this webhook notification, call the GET Retrieve a person endpoint. Parse the response for the value of customer_vetting_status, which contains more information about the suspicious activity.

Follow these steps to integrate the Seon SDK into your solution:

Step 1: Install SDK of your choice

Depending on which platform(s) your solution is built on, follow the instructions below to set up the Seon SDK:

Step 2: Collect GDPR cookie consent

In accordance with the GDPR, you must display a disclaimer and collect your customer's consent to your GDPR cookie notice (that customers must accept) regarding the collection of their device data before you create any device fingerprints.

note
  • You may not create a device fingerprint without collecting your customer's consent first.
  • You must collect this consent before creating a person resource for the customer.
  • For customers in Germany, France, and Italy:
    • You must treat device monitoring as an essential cookie in your GDPR disclaimer (i.e., your customer cannot opt out of it if they wish to use your solution).
  • For customers in Spain:
    • You must treat device monitoring as a non-essential cookie. Customers in Spain must explicitly opt in to device monitoring and may always reject it.
Note

For existing customers onboarded prior to implementation of this feature, please check the appendix for instructions.

Display the following text to the customer in the modal:

"By clicking [Accept], you also consent to [insert Partner name] collecting information from your device on your browser, traffic data, location data and other device-related information, including the session ID, and transmitting such to Solaris along with your email address, name and phone number. Solaris may add additional data and use a service provider to perform fraud prevention and anti-money laundering checks. This is essential for a secure provision of the banking services that you are requesting by Solaris; therefore you cannot proceed without consent. You can withdraw your consent at any time by email to [insert Partner email], but without consent you will not be able to continue using Solaris' services. Please find further information in our privacy policy [add link to the privacy policy of Partner]."

"Mit Klick auf [Zustimmen] willigen Sie zugleich ein, dass wir Informationen von Ihrem Endgerät über Ihren Browser, Verkehrsdaten, Standortdaten und andere gerätebezogene Informationen, einschließlich der Session-ID, abrufen und diese zusammen mit Ihrer E-Mail-Adresse, Ihrem Namen und Ihrer Telefonnummer an Solaris übermitteln. Solaris wird diese Daten ggf. um weitere Daten anreichern und mithilfe eines Dienstleisters einer Überprüfung zur Betrugsprävention und Geldwäschebekämpfung unterziehen. Dies ist für eine sichere Bereitstellung der Bankdienstleistungen von Solaris zwingend erforderlich; ohne Ihre Einwilligung können Sie daher nicht fortfahren. Sie können Ihre Zustimmung jederzeit per E-Mail an [...] mit Wirkung für die Zukunft widerrufen, jedoch können Sie die Leistungen von Solaris ohne Einwilligung nicht weiter nutzen. Weitergehende Informationen finden Sie in unserer Datenschutzerklärung [Link zur Datenschutzerklärung hinzufügen]."

POST Create user consent for device monitoring

This endpoint records consent from the given person (specified in the request URL) to collect device fingerprints on their registered device. Each consent is tied to a specific device.

Request URL

Copy
Copied
POST /v1/persons/{person_id}/device_consents

Response example:

The API returns an id, which your solution must use as the device_consent_id as described below.

Copy
Copied
[
  {
    "id": "17a7389adaf83145770d8e6c00a398ddcon",
    "person_id": "e2bbc86268e9a4667861b73f31dba03bcper",
    "created_at": "2021-06-25T09:44:25.000Z"
  }
]

Click here to view the full API reference.

Cookie consent storage guidelines

  • The device_consent_id must not be stored on your backend, but rather on the user's device (i.e., as a cookie).
  • You must reuse the device_consent_id on the same device. Generating a new device_consent_id requires an explicit request for the user's consent.
  • When the user reinstalls the app, they must give their consent again, and you must create a new device_consent_id.
  • When the user gets a new device, they must give their consent again, and you must create a new device_consent_id.
  • The device_consent_id is not bound to a device from device binding, These occur independently of each other.

Step 3: Implement device activity endpoint

Below you can find a list of endpoints that require device monitoring. However, for events not covered by existing API endpoints, you must call an additional endpoint to pass a device fingerprint to Solaris.

You must call this method in each instance of the following events:

  • User starts the app
  • User requests a password reset
  • User provided consent to device monitoring

POST Create user activity for device monitoring

This endpoint sends a device fingerprint to Solaris for situations not covered by existing API endpoints.

Request URL:

Copy
Copied
POST /v1/persons/{person_id}/device_activities

Request example:

Copy
Copied
{
  "device_data": "Web;7d2cf82ae5774e5293e4c020d2381217dcon;jVl14emA+OcyALb9F+CMFg==;NU7aFh0jdzM15wj8hQtqbA5LbzEFWDI1bUwZf/zbau0P2MIEUE+LsifBKvxjCYNUyz647bpSjnQ6Tu8IK22sxFlTGEFaHKBigzmP8Nc8FvVSWKzslmSWTFJM5AYc+EGTZLprlcdrLldsZLS5PpHfPMmvtqCXVTnGhYV7GvutI1w5/67yK7pCQDxDicKjqlMg1naMiwCuqP1U1lUtf+lTdmJ1T1lXMPARffTn4XAr66vUxN++sy7qytkdcOeCsaxZnLspUEvqu+2ILHF8pOJFG7gYC11rqWOyHG3Ns1E1dZ57ybrgGTKfctFOdx2IMXnz1/i/pDC5QokRr2BTIZZ/9Tj+xXzWpzNwHtRWWK5VEufyVRPyMXQdmry7UYKrouAzlLCYSMv7GcPwOZz+gDjCkrNia7/DGBBFLOvtlufDztPpvkH2jmN32/oJHl1Qu6zpxG3Lyl8RNdyukuNYfiPw0ECoXsXObwQc7Ja8R+V5S7QZeV1VV9aavlH1+Xl9v0OlOJ1XujO7izWESMIfzAuaL6ACYhdkmkC3kicjOWUjaY3OJYrrXxQ+MScnJOQ9neMRWij7YqNxP8F259zVjqqyaL6hN8EZU/pi+cZUVkfFvMYT5ugE9JXjkFfyy4UQeSmNRjDXRzu40LyweqUns8u3GOIFzfZ9eVOv+q7OV+RpVLOJLz1Za8RPIh3UKltCzOTmO8OpDz2aGoqNdL4zAaLl4EKRoarEiSG9K2/GoyHchi6xdHYA6DqQg5xQM4s50RUySGwWLxBB3ZlMpZpdZAVBrLSyl1SWqYTosdyURtiiX0So+kdik5XJ5Vsh0v75rNP5Yrv3t5/u94wx51zKlpDH8Uiap7kP0eibRmmN196kxMcOf8Q50JM1Yt8cJiawTWdGHzGRcNtEkpon5VLp/kwDU+4IPwlW976hKsom0PTB/EVxo5CWuL6kPiaEWUrWOL7BZ2jkuebHT2jBAJuFBaeac7IYnrAMoLgfY33Vs3EtVk8H12iDX3O9JmGsDGXP0/vBx0uFEgrTt6HjwabWGRHpPPPCorSrjfuySwKlnZtp1KkeNrOso8K8DBW6e+6j1YYaxTjBUZSLl1qgzd1dpz85vB/trWdyS3i+APHw/AsP/Y4cmu/CFZqpe1Sgye1+YNP3Hs3LpxJKM3prnAoaCmrHp5aUKo5KdicAnilBTzBAV2zGBWHrBwWLWHl+RDQpncyWD2/ZCswxtXbQAhlmVD7FvBXnT0Yyg5gaFo5GVBcURzBYtwbdl3+6sqKtR3XC22GBw0OOqZ9/QvMHmCO/K89rEjfLEaVX4eKhrdzjxOwOxmE5lXrLqfscV90Yo9Uj1awvpF5TL5vW85asT2iVHYjZ1JsQ5oLp3VUfIAqTNmpcjRk763hMsTUIrn3VfpLkGajZbtxD2FuNNMoRZQBfiOAxPUDFmspxWagNSbmUZ8FqPX/6asQIJIyvAk4cvzgV9OjzdkoEcFP2OGjFnddZtLmBh9BZDWtS3VOL98lp+cH/JAn8pDab2l6zIwHRccePbuBcGZZgU39FOVpI+sbHZJ6QEhiUA8SdT7SLcTf4P1tBbdN5+dpjaWfTph1cgZyW8EsAIFc81vR6tBqSSpxmS164ADWZW+PYz4b4SRVklT3Cs2tJ/TTMM240pnkNJUd3G/0PbBGVPea5+XUs1bF5cT0fiHWA032Dm87biMEU89fdPkvnSlIsN/MbLT2kj2tPZqhOrqTxCg26jimd+2kNdZ2fwvT8JQfO0hVidnPDPLXH5aA6T6+bKqfpvJE6USAif8fPQ0rW4+315LKH5wG8Qj0omO2Ynii0IE6cR0lAGrtoLsXMf3kDqFms+Z2h79pYQrnhUSntZ3tjt3pwgejJ8ZKXdN7kYWT8UiQnLnkfLJnh1e8a4UURe7GU9UwnqqFXeHrstb8XXxiIX7syFG5iLdN9IExi5BefYnAikCTU+ssMWnnhppX6jFV43u+KEaa1/7AqibMc3Kt+kUxHlQsAo2TCg+u/39rsgNs5eWym7YptvBCN6L4Q4QRoKNFo8CJerS4dTxksD2zeGL4BLIsvMbcm6rlHrKCR5PeWRiFpK8QwwaOyiTGL5NN2Xl6F0M4vf5gnWikZTrppv7bLUYZhrU1uGiv968ZGEq+A7w2oLvbZS7l+DZuN4rPF5SzPWq94jC1NiYjaPrGyTQIISRiBLXil5puqCobYHAIeVQzHBgki3/N+Pwk4iCrxf3pqnUSNmtrmvphmo9Vp3xAaPSFsUYfIyOPiO5gcNUoGQ1kHZ3Yoksqh6U1hRCzlkMSbX6kzDYUNEgc47t2AKxLM5IpYCWAv+uefNAAb/4+f7Qh4sMqtXHc5lGK3GN8ABTIVeFphtJg36Y6xg8OTrBR5ItS/tdy6zyfTLfZFocRbfjsLfoiCeHJO0sEZIWgHsu80FVZmo4G84N6zNZkdjnFDZkgRYP9OSqMbPCXyb5Xj1H6g67rNjtY67B3613uGJ0pHCQpl0Lmz2apUMq9EVRz5tZT+RA8sCRcK4mkBEWzdC7ngI5+dfX2dEqu157rsc0yU4OWNElLWC3F1TXOsB2/n1+LBHpjKLIMok2afui1H9+eof1zLAba4hrnYEFI4WjvEAvcsyPI/eONNdxk7liVNNaD7j6vvwYKOxTZoriKwvGxeNApC+Z8xQ8HpnEaRIUqb2Eh1SfpyDta8J1dXnRF1HTq2pOvfitomb701g0diB7+StEpCxiRLCx3TEJcroqBiCE3szXdc9VSVyfklkHmbJE33CY8tGm1YEvaXAY7a5yWLHWHzqQvNuZkQ1DNbJAkP9dt1t8Fv3njG2lXFmAOJkZwpvm9qEHZTmuUmflIMhu9nMsgZd5VMjalTmHqZdy7zmnAz8LhYiUDMbPDNOd4UTehvTanDEBBYTJB6CYv6QnBYwuAPsZwRnZdHbpl6lIXStmgsxV3DLtKAUy8eoqCdDOMyep9L4ArSWEJstEBNkZ5zgk7bOspvF1V8HrhFzJCiwR7WC+GHJTHLH1S8FfmHFTXJHecvq6tpMncaJFbo4jSfm9ozBAVAAN2mCn/yBbmX9tPmXdGEsTSpdp6vVWKEdHZ1rjCqmgDENxh75H5uT9DeZ0mAKwkP5Ai+bN3hT0y1XGE44b/aJ7PEObogYAioej/Z690zKx+fHxP50juTgt+UIQ+l/mpcYnbcYe4lkXrqGpwxFU8OrRzzfJX/s90VVlzrQVAPNW/mvYkt+MqSVwI1EP62faXlXnDqbmVFUmMGeoquP58cwqSBaNL/oi2Rg7GVvdvus+i2Qpm1SHtnPVUhTwWFigiWw/T2ZZeUs4nk+Q/xOFa/",
  "activity_type": "APP_START"
}

Response example:

Copy
Copied
201 Created

Click here to view the full API reference.

Step 4: Initialize Seon SDK

Your solution must launch the Seon SDK whenever a user accesses your solution, and it must set a session ID (UUID format) that identifies the beginning and end of a user session for the SDK.

Use the device_consent_id returned by the POST Create user consent for device monitoring endpoint as the session ID.

See the code samples below for each platform:

KotlinSwiftWeb (Typescript)
Copy
Copied
val deviceConsentId = "ID from the consent for this device"
val seon = SeonBuilder()
    .withContext(applicationContext)
    .withSessionId(deviceConsentId)
    .build()
Copy
Copied
let deviceConsentId = "ID from the consent for this device"
let seon = SeonFingerprint()
seon.sessionId = deviceConsentId
Copy
Copied
const deviceConsentId = "ID from the consent for this device"
seon.config({
    host: "deviceinf.com",
    session_id: deviceConsentId,
    audio_fingerprint: true,
    canvas_fingerprint: true,
    webgl_fingerprint: true
})

Step 5: Get device fingerprint and send it to Solaris

Prior to calling any API endpoint that sends device data to Solaris, you must generate a device fingerprint on the user's device.

Code samples:

KotlinSwiftWeb (Typescript)
Copy
Copied
val deviceData = seon.fingerprintBase64
Copy
Copied
let deviceData = seon.fingerprintBase64()
Copy
Copied
const deviceData = seon.getBase64Session()

You will receive a Base64-encoded string from the SDK:

Web;7d2cf82ae5774e5293e4c020d2381217dcon;jVl14emA+OcyALb9F+CMFg==;NU7aFh0jdzM15wj8hQtqbA5LbzEFWDI1bUwZf/zbau0P2MIEUE+LsifBKvxjCYNUyz647bpSjnQ6Tu8IK22sxFlTGEFaHKBigzmP8Nc8FvVSWKzslmSWTFJM5AYc+EGTZLprlcdrLldsZLS5PpHfPMmvtqCXVTnGhYV7GvutI1w5/67yK7pCQDxDicKjqlMg1naMiwCuqP1U1lUtf+lTdmJ1T1lXMPARffTn4XAr66vUxN++sy7qytkdcOeCsaxZnLspUEvqu+2ILHF8pOJFG7gYC11rqWOyHG3Ns1E1dZ57ybrgGTKfctFOdx2IMXnz1/i/pDC5QokRr2BTIZZ/9Tj+xXzWpzNwHtRWWK5VEufyVRPyMXQdmry7UYKrouAzlLCYSMv7GcPwOZz+gDjCkrNia7/DGBBFLOvtlufDztPpvkH2jmN32/oJHl1Qu6zpxG3Lyl8RNdyukuNYfiPw0ECoXsXObwQc7Ja8R+V5S7QZeV1VV9aavlH1+Xl9v0OlOJ1XujO7izWESMIfzAuaL6ACYhdkmkC3kicjOWUjaY3OJYrrXxQ+MScnJOQ9neMRWij7YqNxP8F259zVjqqyaL6hN8EZU/pi+cZUVkfFvMYT5ugE9JXjkFfyy4UQeSmNRjDXRzu40LyweqUns8u3GOIFzfZ9eVOv+q7OV+RpVLOJLz1Za8RPIh3UKltCzOTmO8OpDz2aGoqNdL4zAaLl4EKRoarEiSG9K2/GoyHchi6xdHYA6DqQg5xQM4s50RUySGwWLxBB3ZlMpZpdZAVBrLSyl1SWqYTosdyURtiiX0So+kdik5XJ5Vsh0v75rNP5Yrv3t5/u94wx51zKlpDH8Uiap7kP0eibRmmN196kxMcOf8Q50JM1Yt8cJiawTWdGHzGRcNtEkpon5VLp/kwDU+4IPwlW976hKsom0PTB/EVxo5CWuL6kPiaEWUrWOL7BZ2jkuebHT2jBAJuFBaeac7IYnrAMoLgfY33Vs3EtVk8H12iDX3O9JmGsDGXP0/vBx0uFEgrTt6HjwabWGRHpPPPCorSrjfuySwKlnZtp1KkeNrOso8K8DBW6e+6j1YYaxTjBUZSLl1qgzd1dpz85vB/trWdyS3i+APHw/AsP/Y4cmu/CFZqpe1Sgye1+YNP3Hs3LpxJKM3prnAoaCmrHp5aUKo5KdicAnilBTzBAV2zGBWHrBwWLWHl+RDQpncyWD2/ZCswxtXbQAhlmVD7FvBXnT0Yyg5gaFo5GVBcURzBYtwbdl3+6sqKtR3XC22GBw0OOqZ9/QvMHmCO/K89rEjfLEaVX4eKhrdzjxOwOxmE5lXrLqfscV90Yo9Uj1awvpF5TL5vW85asT2iVHYjZ1JsQ5oLp3VUfIAqTNmpcjRk763hMsTUIrn3VfpLkGajZbtxD2FuNNMoRZQBfiOAxPUDFmspxWagNSbmUZ8FqPX/6asQIJIyvAk4cvzgV9OjzdkoEcFP2OGjFnddZtLmBh9BZDWtS3VOL98lp+cH/JAn8pDab2l6zIwHRccePbuBcGZZgU39FOVpI+sbHZJ6QEhiUA8SdT7SLcTf4P1tBbdN5+dpjaWfTph1cgZyW8EsAIFc81vR6tBqSSpxmS164ADWZW+PYz4b4SRVklT3Cs2tJ/TTMM240pnkNJUd3G/0PbBGVPea5+XUs1bF5cT0fiHWA032Dm87biMEU89fdPkvnSlIsN/MbLT2kj2tPZqhOrqTxCg26jimd+2kNdZ2fwvT8JQfO0hVidnPDPLXH5aA6T6+bKqfpvJE6USAif8fPQ0rW4+315LKH5wG8Qj0omO2Ynii0IE6cR0lAGrtoLsXMf3kDqFms+Z2h79pYQrnhUSntZ3tjt3pwgejJ8ZKXdN7kYWT8UiQnLnkfLJnh1e8a4UURe7GU9UwnqqFXeHrstb8XXxiIX7syFG5iLdN9IExi5BefYnAikCTU+ssMWnnhppX6jFV43u+KEaa1/7AqibMc3Kt+kUxHlQsAo2TCg+u/39rsgNs5eWym7YptvBCN6L4Q4QRoKNFo8CJerS4dTxksD2zeGL4BLIsvMbcm6rlHrKCR5PeWRiFpK8QwwaOyiTGL5NN2Xl6F0M4vf5gnWikZTrppv7bLUYZhrU1uGiv968ZGEq+A7w2oLvbZS7l+DZuN4rPF5SzPWq94jC1NiYjaPrGyTQIISRiBLXil5puqCobYHAIeVQzHBgki3/N+Pwk4iCrxf3pqnUSNmtrmvphmo9Vp3xAaPSFsUYfIyOPiO5gcNUoGQ1kHZ3Yoksqh6U1hRCzlkMSbX6kzDYUNEgc47t2AKxLM5IpYCWAv+uefNAAb/4+f7Qh4sMqtXHc5lGK3GN8ABTIVeFphtJg36Y6xg8OTrBR5ItS/tdy6zyfTLfZFocRbfjsLfoiCeHJO0sEZIWgHsu80FVZmo4G84N6zNZkdjnFDZkgRYP9OSqMbPCXyb5Xj1H6g67rNjtY67B3613uGJ0pHCQpl0Lmz2apUMq9EVRz5tZT+RA8sCRcK4mkBEWzdC7ngI5+dfX2dEqu157rsc0yU4OWNElLWC3F1TXOsB2/n1+LBHpjKLIMok2afui1H9+eof1zLAba4hrnYEFI4WjvEAvcsyPI/eONNdxk7liVNNaD7j6vvwYKOxTZoriKwvGxeNApC+Z8xQ8HpnEaRIUqb2Eh1SfpyDta8J1dXnRF1HTq2pOvfitomb701g0diB7+StEpCxiRLCx3TEJcroqBiCE3szXdc9VSVyfklkHmbJE33CY8tGm1YEvaXAY7a5yWLHWHzqQvNuZkQ1DNbJAkP9dt1t8Fv3njG2lXFmAOJkZwpvm9qEHZTmuUmflIMhu9nMsgZd5VMjalTmHqZdy7zmnAz8LhYiUDMbPDNOd4UTehvTanDEBBYTJB6CYv6QnBYwuAPsZwRnZdHbpl6lIXStmgsxV3DLtKAUy8eoqCdDOMyep9L4ArSWEJstEBNkZ5zgk7bOspvF1V8HrhFzJCiwR7WC+GHJTHLH1S8FfmHFTXJHecvq6tpMncaJFbo4jSfm9ozBAVAAN2mCn/yBbmX9tPmXdGEsTSpdp6vVWKEdHZ1rjCqmgDENxh75H5uT9DeZ0mAKwkP5Ai+bN3hT0y1XGE44b/aJ7PEObogYAioej/Z690zKx+fHxP50juTgt+UIQ+l/mpcYnbcYe4lkXrqGpwxFU8OrRzzfJX/s90VVlzrQVAPNW/mvYkt+MqSVwI1EP62faXlXnDqbmVFUmMGeoquP58cwqSBaNL/oi2Rg7GVvdvus+i2Qpm1SHtnPVUhTwWFigiWw/T2ZZeUs4nk+Q/xOFa/

For iOS, the prefix will be iOS; and for Android, the prefix will be Android;.

You must generate and supply this string as the value of device_data for all of the API endpoints that require device monitoring (listed in the sections below).

Step 6: Customer withdraws consent

Customers may withdraw their GDPR cookie consent for specific devices after they provided it. However, you must clearly indicate to the customer in your frontend that this action will likely result in severe consequences, such as an immediate account block and termination of the business relationship. You must also inform the customer that this security feature is in place to protect them, e.g., from account takeovers.

If the customer still wishes to withdraw their consent, call the following endpoint to inform Solaris:

PATCH Update user consent for device monitoring

This endpoint allows you to update a user's consent to device monitoring for a specific device (e.g., if they withdraw the consent).

Request URL:

Copy
Copied
PATCH /v1/persons/{person_id}/device_consents/{device_consent_id}

Request example:

Copy
Copied
{
  "event_type": "REJECTED",
  "confirmed_at": "2021-06-25T09:44:25.000Z"
}

Response example:

Copy
Copied
[
  {
    "id": "17a7389adaf83145770d8e6c00a398ddcon",
    "person_id": "e2bbc86268e9a4667861b73f31dba03bcper",
    "event_type": "REJECTED",
    "confirmed_at": "2021-06-25T09:44:25.000Z",
    "created_at": "2021-06-25T09:44:25.000Z"
  }
]

Click here to view the full API reference.

Actions that require device monitoring

Prior to calling any of the following API endpoints, you must generate a device fingerprint on the customer's device:

How to test device monitoring

You can use the following mock session IDs on testing environments to initialize the Seon SDK and trigger suspicious or non-suspicious behavior responses.

Session IDMocked behaviorcustomer_vetting_status value
179ac83968ab42f79e960c1753a4078fdconNo suspicious behavior detectedNO_MATCH
8ed57aeb750a4b44a4186e0d29826a04dconSuspicious behavior detectedPOTENTIAL_MATCH

Further reading: Seon SDK documentation

If you'd like to read more about the Seon SDK and how it works, check the following links:

Appendix I: Handling consent for customers onboarded prior to device monitoring rollout

Customers who were onboarded prior to the introduction of device monitoring may reject it. However, existing customers who reject device monitoring may be subject to stricter Enhanced Due Diligence measures sooner than customers who consent to it.