Join 4,000+ Subscribers

Get tips & tricks to optimize your ID verification flow

BlogGet Started

3 Reasons Why It’s Time To Upgrade Your IDV Solution

By Danica Kleint on June 27, 2019

2019 Identity Verification Trends

As humans, we are always longing for the latest and greatest; an upgraded car, the latest iPhone version or a first class upgrade on our next flight. We long for these upgrades because we know they offer enhancements that will ultimately make our lives easier and better. While it may not be as top of mind as a new phone, the same can be said for your company’s IDV solution. You, your CEO, investors, and your customers will all benefit from a state of the art, upgraded IDV solution.

You will have less headache working with a battle tested API, your management will be amazed by the increased user volume, investors will love increased profits from a cost effective solution and customers will be happy from the very beginning of your relationship because you made life easy.

Here a few more reasons your team will love the upgrade to Cognito:

Traditional solutions cannot scale - Solutions like Documentary ID Verification are not scalable. Companies providing documentary solutions often have difficulty hitting SLA’s and in many instances manual review has to take place. Yes, an actual person has to get involved - even in 2019!

Traditional solutions are not actually verifiable - when a person submits a passport photo or a copy of their driver’s license, the real work being done is simply checking for tampering evidence. Validating if it is a legit document - not actually verifying the person who submitted the ID is the actual person on the ID.

Traditional solutions are not user friendly - we all know (and if you don’t here is a previous blog post on it) that user experience is a huge priority for companies, users are demanding it. For documentary providers, 15 seconds is the absolute best case turnaround time for IDV. Often times it can take 5 minutes to receive a verification. 5 MINUTES! And, that does not include the time it takes for a person to find their ID, take a picture and upload it. Remember when Google came out with a stat in 2016 saying 53% of visits are likely to be abandoned if pages take longer than 3 seconds to load? How many lost customers will traditional IDV cost you in 2019?

Cognito is built for scale, fully verifiable, and designed for users so that results get delivered instantaneously.

Contact us today to see how you can upgrade!

Get Started with CognitoFrictionless, modern identity verification.

5 Trends in Identity Verification to Watch for in 2019

By Danica Kleint on March 22, 2019

2019 Identity Verification Trends

1.KBA is moving out

Identity verification that relies on the possession of data is no longer a sufficient solution. KBA and SSN verification are proving to be a weak and unsafe security method and the most recent data leak involving US Postal Service further validates this. The digital world needs a better way to validate your real-world identity and what better with which to do that than with the one thing you are never without: your phone.

A phone number-to-identity link allows a business to authenticate the user signing up is the owner of the identity, not a fraudster using leaked data.

2. User experience is everything

From your website’s color scheme to a dedicated customer support team, the experience a prospective customer has with your brand is critical to their lifetime value. In 2019, companies are going to have to put an even sharper focus on the experience they are creating, while artfully balancing security.

By structuring a signup flow with gradual information collection, you minimize the friction required without forcing all customers to through a single, complicated process. This decreases the number of fields you collect from your users on sign up and increases the security of onboarding users.

3. Small businesses will become an even bigger target

As mature businesses are tightening up their security, fraudsters are likely to shift their focus to smaller targets. Those targets are startups or high growth companies that have limited engineering resources to implement historically difficult, secure user onboarding programs.

Don’t let that be you in 2019. Cognito is simple API that takes much less time than your historical ID verification solution to integrate and maintain. If you need to adapt to certain trends in fraud you’re seeing on your platform, you can do so within minutes, not days. Plus, you will have a support team ready to assist (we are all about experience, too).

4. Automation will continue to be gold

The need to automate is not a new concept in the business world. Any element we can automate, we are all for it, like kids in a candy store. In 2019, continue to fuel your sugar cravings by automating parts of your customer compliance.

Cognito’s automated watchlist scans can ensure that your customers, whether that is thousands or millions, never change status. If they do, you will know it automatically through our extensive global databases. Automated daily, monthly or quarterly scans are available and ready for you.

5. Age verification will be in the headlines

Age verification is becoming a hot news topic as of late with companies like Tinder going under fire for allowing underage people to use their service. While the laws are still unclear in the US across many industries, proactive companies are finding ways to stay ahead of these negative headlines by using a frictionless age verification solution. If you are selling age-restricted content or goods, we are ready to help keep you out of the negative headlines in 2019and ensure that your customers are old enough to do business with you.

Get Started with CognitoFrictionless, modern identity verification.

New Feature: Screen Digital Currency Addresses on OFAC Lists

By Alain Meier on January 24, 2019

SDN Digital Currency Addresses

In late November 2018, the U.S. Department of the Treasury’s Office of Foreign Assets Control added two virtual currency (Bitcoin) addresses to their SDN lists for the first time since the program’s inception. This change ushered in a new era of law enforcement and mandated that any companies transacting with cryptocurrency screen for potentially incoming and outgoing funds associated with sanctioned addresses.

We’re pleased to announce the addition of virtual currency addresses to the BlockScore watch list screening product. This is a free addition for all customers and is available today in your BlockScore account.

Digital currency addresses will now be listed among other documents such as ssn or passport using the type digital_currency_address for any potential watch list hits returned. Alternatively, BlockScore customers can enter a cryptocurrency address as a search term when creating a Candidate.

You can read more about how to upgrade your integration to take advantage of these new screening features in our documentation.

If you have any questions about how to take advantage of these new changes, please contact and we would be happy to assist you.

Get Started with CognitoFrictionless, modern identity verification.

Product Updates: Faster Responses, Drivers Licenses, and More

By Alain Meier on September 7, 2018

Product updates for September 2018

We’ve been hard at work improving your Cognito experience, and today we are highlighting 5 upgrades that we have made recently:

Faster responses: The speed of our responses is always a priority for us to ensure that your customers’ experience is as seamless as possible. Over the past few months we have improved response times by as much as 30% and doubled the speed of accessing the dashboard for high volume customers.

Drivers license data: Approved customers can now opt to receive drivers license numbers and issuance states where the data is available. Please contact our sales team if you are interested in receiving this data.

API keys on the dashboard: You no longer need to contact our support to view your account’s API keys. All you need to do is log into your dashboard and you can find it in your account settings.

Strong phone link indicator: You are now able to tell which phones are most strongly associated with an individual using the dashboard. This is particularly helpful for anti-fraud review.

Address timeline: Combing through someone’s address history can be difficult, so we’ve added the ability to visualize where someone has lived on a timeline by clicking “View Timeline” on any identity search on the dashboard.

Get Started with CognitoFrictionless, modern identity verification.

How Identity Verification Works in a Post-SSN World

By Beau Martino on October 2, 2017

140M leaked identities

SSNs are dead. The most recent Equifax hack confirms that.

In a post-SSN world, using one for authenticating an identity is a recklessly insecure business practice that will leave you susceptible to fraud.

For years, we at Cognito have been trying to find ways to move past the old world of identity verification that relies on possession of data. Not only are the industry-standard methods of KBA and SSN verification insecure, but they are also onerous for your customers. The Social Security Number was never supposed to be the private key to your life as it is used today. It emerged as one because it was purported to be secret; the act of knowing a Social Security Number was considered sufficient proof that you are who you claim to be. Thanks to Equifax, that narrative no longer holds any merit.

Beyond the secrecy issue, the primary issue with a Social Security Number is that it is not an authenticatable number, meaning that if your SSN is leaked, anyone is able to use it. When we created Cognito, we needed a number that uniquely identifies a person while also being authenticatable. A phone number fits this description perfectly.

The Post-SSN Solution

Using the phone number as a person’s primary identifier is advantageous for a few reasons:

Phone numbers are ubiquitous. 95% of adults in the US have one and tend to keep the same one for life. This means that there is a very high likelihood that your user has a phone number.

Possession can be proven. Verifying possession of a phone number creates a link between the actual person and their number. Using Cognito creates a link between that phone number and the identity.

Higher barriers to attack. Basing the verification around a phone number creates a much higher barrier to fraudulent activity. Relying on an old verification system would allow a fraudster to commit fraud simply by buying stolen identities on the black market. A company using Cognito removes that possibility and would require a fraudster to try to gain access to a user’s phone, which is much more difficult.

What is the future of SSNs?

Obtaining the SSN of a user will still be necessary for KYC compliance, which means SSNs won’t disappear completely until new regulations are adopted or guidance is given. To help with this requirement, Cognito retrieves the full SSN of a user so that businesses can remain in compliance.

Additionally, despite the massive leak, SSNs have not lost all functionality in an identity verification process. Having some form of unique identifier to associate with an person is still highly valuable for identity verification. Similarly to dates of birth or other non-secretive identifying data, SSNs can help filter through results to locate an identity. With gradual verifications, Cognito can use SSNs in this manner to improve match results.

Any company relying on SSNs to authenticate an identity should be concerned with the release of 143 million SSNs. Cognito is the solution to secure your business and ensure a reliable KYC process in a post-SSN world.

Get Started with CognitoFrictionless, modern identity verification.

6 Tips to Maximize Identity Verification UX

By Alain Meier on August 16, 2017

Users love reduced friction

We’ve helped hundreds of companies optimize their ID verification flows to ensure the best possible user experience. As part of this work, we’ve learned what works - and doesn’t - when onboarding customers and we’ve compiled a list of actionable tips to help keep your users happy.

1. Use text inputs, not dropdowns for date of birth

Despite what you may expect, on average users fill out 3 separate text inputs asking for the day, month and year of their birth faster than they can fill out 3 dropdowns. When coupled with strong data validations, text input date of birth entry increases conversion rates.

2. Autofill state and city information

Use a service like Zippopotamus or SmartyStreets to autofill a user’s state and city information using their entered postal code. Not only will it reduce potential typos but it will also speed up their experience if you collect addresses from your customers.

3. Use gradual verification

We have already covered this extensively in our post about how gradual verification reduces sign up abandonment, but in summary: by using our product, Cognito, you can reduce the number of fields you need to collect on signup making it a lower friction experience.

4. Collect last 4, not full 9 SSN

If your identity verification provider supports it, opt for collecting only the last 4 digits of your user’s SSN and not the full 9 digits. This change can increase conversion rates on the order of 5% depending on the application.

5. Have a fallback flow

A small percentage of your customers will fail electronic ID verification - some of them will be fraudulent, but some will also likely be legitimate. This is why it’s important to still maintain some kind of fallback flow in the event that a user doesn’t pass electronic ID verification such as collecting their physical identification documents like passport or driver’s license.

Though Cognito has support for nickname comparison, not all ID verification providers do. If your user’s first name is Richard and they enter Rich, that can cause unnecessary failures and frustration. Test your ID verification provider to see how they handle nicknames and be clear with your users that they should enter their legal name and not a nickname if nicknames aren’t supported.

If you adhere to as many of these tips as possible when verifying your customers, you should see ID verification conversion rates improve considerably. We’re always happy to give you an individual consultation so do not hesitate to reach out.

Get Started with CognitoFrictionless, modern identity verification.

How Gradual Verification Reduces Sign Up Abandonment

By Alain Meier on August 8, 2017

Reduced conversions with identity verification

If you’re currently running identity verification on your users, you are probably leaving money on the table. Any person who begins the sign up process and leaves before becoming a user is lost revenue. In any relationship between a business and a customer, sign up abandonment can be thought of in the following terms:

If the perceived benefit that your customer will get from your product is less than the effort required to sign up, then they will abandon you.

The traditional method of identity verification whereby a company asks for, at a minimum, a customer’s name, date of birth and address - and frequently also their Social Security Number - is onerous and time consuming for users and raises the cost of sign up considerably.

Companies with strict regulatory or anti-fraud requirements are at a disadvantage to other web-facing companies because of the inherent need to increase the required effort to sign up in order to be compliant. They have two levers they can pull: either increase perceived value or reduce effort required to sign up.

How do I reverse ID verification abandonment?

One method of decreasing the effort required to sign up is to reduce the number of form fields required for the user to fill out. But how can you decrease the number of fields collected if they are usually required to run identity verification? Instead of collecting all of the required information at once, Cognito allows you to gradually collect additional customer information as you see fit and pull back the rest of the data that your business needs to onboard the customer. For instance, if your sign up flow only collects name, phone and email, then Cognito can verify your customer’s identity with just a name and phone number.

If Cognito is unable to verify your customer with just a name and phone number, you can prompt the user for any one of: 1. date of birth, 2. full Social Security Number, 3. last 4 of Social Security Number, or 4. their address. In most cases, for no extra cost, Cognito can verify your customer using one or more of these additional data points.

Example gradual verification breakdown

Let’s take a look at a realistic gradual verification flow that starts with collecting just name and phone, followed by date of birth and last 4 of SSN. The table below outlines a realistic match rate at each stage of the gradual verification process.

Verified with Total % of customers verified
Name, Phone 75%
Name, Phone, Date of Birth 85%
Name, Phone, Date of Birth, Last 4 SSN 95%

The key point to remember is that by structuring your verification flow with gradual information collection, you minimize the friction required for the maximum number of users. Using this example, 75% of customers would never need to provide more than just their name and phone number in order to verify their identity.

Gradual verifications are a powerful way to both decrease the number of fields you collect from your users on sign up and increase the security of onboarding users by connecting them with their mobile phone number.

Get Started with CognitoFrictionless, modern identity verification.

SSN From a Phone Number?!

By Alain Meier on July 11, 2017

SSN from a phone number

It’s true - Cognito can return a Social Security Number from a phone number. As crazy as this may seem at first, our ability to link phone numbers with real-world identity is a huge benefit to both consumers and the businesses.

In order to understand why, we need to dive into how fraudsters currently steal your identity to defraud online businesses.

How fraudsters bypass identity verification

The industry standard, knowledge-based authentication - sometimes also called “out of wallet questions”, uses information like your address history, your car loans or mortgage data to ask questions that supposedly only the person to whom this data pertains would be able to answer. For instance, “what color was your 2001 Toyota Corolla?”.

In theory, this is a great idea. It allows you to verify that the person is in fact who they claim to be. But in reality, fraudsters can visit darknet markets and buy bulk data sets containing exactly this data on tens of thousands of consumers and even targeted individuals. Due to the ubiquity of leaked personally identifiable information, the market price for lists of hundreds or even thousands of identities is on the order of hundreds of dollars - a small price to pay for a fraudster.

We are entering an era where simply knowing information is not enough proof that you are who you claim to be. There needs to be something more.

How Cognito blocks fraudsters

Cognito protects your identity by linking your phone number with your real-world identity. This phone to identity link allows us to authenticate that you and you alone are signing up for a service.

Imagine signing up for a new bank account with Acme Bank and during the onboarding process you receive a text message with a 6-digit authentication code that says “Did you just sign up for Acme Bank? Enter this code during signup: 1234”. Behind the scenes, we tell Acme bank that, yes, this phone number is associated with you and once you enter the authentication code, you verify that you meant to share your identity information with Acme Bank.

This raises the bar to steal your identity by an order of magnitude. No longer can the fraudster just buy your identity and pretend to be you. They need to either steal your phone or engage in a phone number porting attack - both of which require significant effort and have lower success rates when compared to logging into the darknet and buying new fraud opportunities in bulk.

Knowledge-based authentication (KBA) should be a last resort, not the frontlines, when defending businesses from stolen identities. Not only is Cognito lower friction than KBA, no longer requiring your users to furrow their brows deciding whether their Toyota Corolla from 2001 was purple or magenta, but it also increases the attack barrier to entry and in turn reducing the amount of fraud that businesses have to deal with.

Get Started with CognitoFrictionless, modern identity verification.

5 Pry Features Every Ruby Developer Should Know

By John Backus on May 20, 2017

Pry Features

Pry is a great tool for Ruby. You have probably used it by setting binding.pry in the middle of your code like so:

From: lib/dry/types/hash/schema.rb @ line 58 Dry::Types::Hash::Schema#try:

    40: def try(hash, &block)
    41:   success = true
    42:   output  = {}
    44:   begin
    45:     result = try_coerce(hash) do |key, member_result|
    46:       success &&= member_result.success?
    47:       output[key] = member_result.input
    49:       member_result
    50:     end
    51:   rescue ConstraintError, UnknownKeysError, SchemaError => e
    52:     success = false
    53:     result = e
    54:   end
    56:   binding.pry
 => 58:   if success
    59:     success(output)
    60:   else
    61:     failure = failure(output, result)
    62:     block ? yield(failure) : failure
    63:   end
    64: end

> (#<Dry::Types::Hash::Weak>)

Pry is much more than a tool for setting a breakpoint though. It is a great tool for exploring code interactively.

Discovering available methods

Pry provides a command called ls that lists methods and variables available in the current scope. In the code snippet above, the ls command would print out the following:

> (#<Dry::Types::Hash::Weak>) ls








instance variables:


This is a breakdown of all the methods available in the current scope, grouped by the class or module that owns that method. It also lists the available instance variables and local variables. This is a very powerful tool for quickly understanding the role and responsibility of the code you are debugging.

The ls command also lets you drill down into different parts of the current scope. We can use ls --locals to view the names of local variables alongside their current values:

> (#<Dry::Types::Hash::Weak>) ls -l
result = {
  :name=> #<Dry::Types::Result::Failure
hash = {:name=>nil}
output = {:name=>nil}
success = false
block = nil
e = nil
failure = nil

Learning without documentation

Pry makes it easy to search for methods under a namespace. For example, if we wanted to find methods for handling xpaths with Nokogiri, we can use find-method:

> find-method xpath Nokogiri


We learn some interesting features from this list:

  1. We can convert CSS selectors into XPaths
  2. We can search XML documents with #xpath and #xpath_at

If we want to learn more about how to precisely use one of these methods we can use the stat command:

> stat Nokogiri::CSS.xpath_for
Method Information:
Name: xpath_for
Alias: None.
Owner: #<Class:Nokogiri::CSS>
Visibility: public
Type: Bound
Arity: -2
Method Signature: xpath_for(selector, options=?)
Source Location: /dev/gems/ruby/2.4.1/gems/nokogiri-1.7.2/lib/nokogiri/css.rb:22

If we wanted to learn how the method works, we can use show-source:

> show-source Nokogiri::CSS.xpath_for

From: /dev/gems/ruby/2.4.1/gems/nokogiri-1.7.2/lib/nokogiri/css.rb @ line 22:
Owner: #<Class:Nokogiri::CSS>
Visibility: public
Number of lines: 3

def xpath_for(selector, options={})[:ns] || {}).xpath_for selector, options

We can also see nice, syntax highlighted code examples using show-doc:


These handful of commands are a great daily resource for debugging and exploring new gems. Give it a try!

Say Hello to Cognito

By Alain Meier on May 3, 2017

Hello Cognito

We founded BlockScore in 2014 with the goal of making verifying your users as easy as Stripe made billing your users. Over the past 3 years, we’ve learned a tremendous amount about the identity data industry while helping our customers onboard millions of users and wanted to make a change to reflect that.

Starting today, we are renaming from BlockScore to Cognito. Along with this name change, we are also announcing our completely re-imagined identity verification product. The most common feedback we get with our traditional product is that it requires too much intrusive information to verify a user and that knowledge-based authentication is too high friction while not providing enough security benefit. Our new product directly addresses these two concerns:

Cognito is dramatically lower friction

All Cognito needs to verify a user is a phone number. Using this input, we return your user’s real-world identity including their name, date of birth, address, and SSN. If a user can’t be verified using just a phone number, you can send us another request using their name, date of birth, address, SSN or any combination of the above as inputs and we will attempt to verify them again.

Our gradual approach allows you to give the majority of your users the best signup experience possible while maximizing verification match rates. This means that our built-in fallback is still a better user experience than our competitors’ best case scenario. Cognito adapts to your signup flow rather than defining it.

Cognito improves user authentication

Because we are able to link a phone number with a real-world identity, all you have to do is confirm that a user is in possession of her phone using a one-time passcode and you have a much stronger level of identity assurance that she is who she claims to be. Not only is this a lower friction experience than KBA, but it is also a significantly more secure solution. Cognito ends buying black market data to bypass questions about address history or car loans.

What happens to our current products?

To our current customers, all of our traditional products will remain fully supported and maintained. Some of our customers, big and small, will not want to switch to Cognito and we won’t force you to. We will, however, offer current customers special deals if you would like to switch over.

The team has worked incredibly hard to bring this product to you and we look forward to hearing what you think.

Alain Meier - CEO, Cognito

Get Started with CognitoFrictionless, modern identity verification.