Changelog
incode.com
Back to All

Platform: [version number (April 6)]

April 14th, 2026 by Shannon Culp

This post covers all the new features, enhancements, and bug fixes to the Incode Platform for the April 6 SaaS release.

Demo: 30 March 2026 | Production: 6 April 2026

Release Highlights

Updates to Expired ID Handling

📘

Currently available for Web implementations only.

Starting in this release, expired documents are always detected, classified, and flagged. This impacts the clarity and accuracy of reporting and downstream workflows, especially for compliance and audit use cases. The Document Expiration Detected test determines the expiration status of the document as a fact, but does not impact the score or the result.

You still control whether an expired document should block the user. When a document is determined to be expired, the Document Expired test evaluates it against your configurations to determine if the session should pass or fail. By default, expired IDs are not accepted. If you want to specify a different policy, you need to configure the Disable Expiration Date Check and expiration tolerance settings in the ID Validation module.

With the changes in this release, even if you choose to allows expired IDs, reviewers still have full visibility that the ID was expired in the session results for compliance and audit needs.

If you choose to not accept expired IDs, users get clear and immediate feedback in the Onboarding flow and will be prompted to try a different ID. This helps reduce cases where users complete the full flow only to fail at the end due to using expired ID.

Dashboard

Enhancements

General:

  • Updated the UI and behavior for fields in the Integrations section to align with the look and feel of the rest of Dashboard.
  • When creating or editing a user with the “Executive with custom permissions” role, you can now assign them permissions related to Directory Information, Integrations, Helpdesk verification, and Candidate verification.

Single Session View:

  • The Government Verification tab in the single session view has been updated with the following improvements:

    • Updated terminology: "Gov Verification" has replaced "Gov Validation" to align with the official naming convention for the feature.
    • Streamlined section titles: "Data Match" and "Face Match" have replaced redundant "score" labels.
    • Clarified comparison labels: "Document Data vs Government DB Data" and "Selfie vs Government DB Portrait"
    • Reordered layout: Data Match is placed before Face Match to reflect the actual verification workflow. These enhancements unify the look and feel of the Gov Verification tab with other areas of Dashboard to deliver a more intuitive experience that helps teams quickly understand and act on identity verification results.

  • Added a new field to the ID OCR section of the single session view called Credentials Provider. When the ID submission method is Imported credential (as opposed to camera capture or manual entry) this field displays whether the import came from Apple, Google, or Digilocker.

  • Improved the Government Verification results in single session view to align the design system used elsewhere in Dashboard.

Workflows & Flows:

  • There is a new setting in Workflow and Flow settings called Enable new user experience. This setting allows administrators to enable UXv2 at the Workflow/Flow level, which helps control when and how you roll out enhanced interface improvements to their end users. UXv2 must be enabled on the backend by your Incode representative before this setting is visible.
  • Implemented multiple WCAG accessibility improvements in the Workflow builder and settings. Improvements include new aria-labels for several fields and more descriptive labels for option buttons on nodes. These improvements ensure a quality experience for users that rely on assistive technologies.
  • Implemented multiple WCAG accessibility improvements in the Flow builder and settings. Improvements include ensuring links are focusable and indicated as links, adding missing heading labels, correctly assigning aria-labels to buttons, and improving the usability of the search filters. These improvements ensure a quality experience for users that rely on assistive technologies.

Modules:

  • The Image Quality check in Face Capture and Face Authentication modules is now enabled by default and cannot be turned off. This ensures the minimum necessary quality is maintained for downstream product performance (like Deepsight or Face Match). The threshold drop-down is still editable and is set to Ultra Low by default. No existing thresholds for this check are impacted by this update.
  • Added US TELCO 5 as a new data source for phone-based identity verification in the US eKYC module. The Onboarding user must enter phone number as a required input, with optional name, address, date of birth, SSN, and email fields. Session results include granular match signals for individual name components (first, middle, and last name), address components, and phone activity data.
  • Added India PAN as a new data source for PAN-based identity verification in the eKYC module. The Onboarding user must enter name and PAN number as required inputs. Session results include match signals for PAN number and name, along with additional PAN details such as status, status description, holder type, and last updated date.
  • Removed the option for Third ID configuration support from the ID Capture module. You should use the Document Capture module instead.
  • Update You can add Phone Number Risk and Advanced Phone Number Risk checks to any eKYC source. When these checks are added, the phone number field becomes required in the onboarding flow. For eKYC sources that don’t include phone number by default, including these checks adds the required phone number field to the onboarding flow.
  • Update You can add the Email Risk check to any eKYC source. When this check is added, the email field becomes required in the onboarding flow. For eKYC sources that don’t include email by default, including this check adds the required email field to the onboarding flow.

Fixes

  • Country-specific document capture settings now save reliably and display correctly in exception views. Admins can configure options for a specific document type without those changes incorrectly applying to other document types. These fixes give administrators complete visibility and control over custom configurations across all workflows and document types.
  • Fixed an issue with the Sessions list filter where applying certain date filters would switch to a different filter type.
  • Fixed an issue where the City input from eKYB was not shown in the single session view.
  • Fixed an issue where Helpdesk and Candidate Verification Sessions were not loaded and displayed in the proper order. Now, these Session lists are sorted in ascending order, with the newest at the top.

Web App (Onboarding)

Enhancements

  • The qualified electronic signature (QES) consent flow now includes comprehensive checkboxes to ensure full regulatory compliance with EU eIDAS standards.
  • The biometric consent experience now includes enhanced accessibility features with properly labeled headings, titles, and checkboxes. This makes it easier for all users, including those using assistive technologies, to understand and navigate the consent process with confidence.
  • Update The OTP entry field has been redesigned from six separate digit inputs into a single unified input field. This update improves compatibility with native device autofill, allowing verification codes received via SMS or email to populate automatically. Users can also paste a code directly into the field, and verification triggers automatically once all six digits are present.
  • Update Enhanced the security of data transmission during the verification flow by migrating to a more secure and performant implementation. This change provides stronger protection for user data without any change to the onboarding experience.

Fixes

  • The eKYB form now includes improved error handling when users change country selections, ensuring validation messages only appear when users interact with fields.
  • Reordered the input fields in the KYB onboarding form so the mandatory fields are listed first.
  • Phone numbers captured in earlier steps now automatically populate the eKYC module including the country code, ensuring seamless data transfer and reducing user errors during identity verification.
  • The biometric consent workflow now seamlessly transitions users from ID capture to the next step.
  • The document capture experience now flows seamlessly without repeating tutorials, ensuring users can complete their verification journey smoothly, especially on devices with varying performance levels.
  • Fixed an issue with the UXv2 ID Capture and Face Capture modules on Web where manual review was not triggered after a user failed all selfie capture attempts. Manual Review now reliably triggers as expected when configured in these modules, ensuring sessions are properly routed for review when needed.
  • Fixed a UI issue in the UXv2 CURP verification step on Web where a “Try again” button could appear even though users couldn’t actually retry. The screen now only shows the appropriate next actions (for example, “Continue” or “Verify manually”), reducing confusion and keeping the onboarding flow consistent.
  • Fixed an issue that caused a configured custom subtitle to be replaced by the generic “Demo app” subtitle.
  • Fixed an issue for specific Android devices that caused the touchscreen function to stop working during the Face Capture step of Onboarding.
  • Update Fixed an issue that caused a flow to not start on devices running iOS 14.
  • Update Fixed an issue in the Forms and Data Entry module that caused the Done button to be unavailable even after all fields were filled out.
  • Update Fixed an issue where postal codes in incorrect formats were accepted without error during UK voter registration. Users who enter an invalid UK postal code will now see a validation error prompting them to enter a correctly formatted value.
  • Update Fixed a layout issue on desktop where verification flow pages were aligned to the top of the screen instead of the center. Pages now display centered on desktop as intended.
  • Update Fixed an issue where users were prompted to capture the second page of a document twice during the document capture step. The flow now proceeds correctly after the second page is captured and validated.
  • Update Resolved a performance issue that started after a prior release that caused a significant increase in onboarding session time. Model loading now completes in the expected timeframe, reducing overall session duration.
  • Update Fixed an issue on Android where the selfie tutorial was briefly displayed again after a user tapped "Try Again" following a failed selfie capture. The flow now proceeds directly to the selfie camera without replaying the tutorial.
  • Update Resolved an issue where the Deepsight liveness physical check was failing for legitimate users during onboarding in the Android Web View. The physical check now passes correctly under normal onboarding conditions.

Server

Enhancements

General:

  • Added support for including personally identifiable information (PII) fields when exporting session data to CSV. This setting is OFF by default, but organizations that already have this capability through another method retain current behavior. Contact your Incode representative if you are interested in this feature.

  • Updated backend services to operate in FIPS-compliant mode. None of these changes affect external-facing functionality or service behavior.

  • Improved the accuracy of backside document recognition for US IDs. The system now considers a broader set of possible document types when identifying the back of a document and selects the best match based on what was captured on the front. This results in more reliable classification results.

  • Updated the Apple Wallet integration to follow security best practices for preventing replay attacks. The integration now generates a unique, single-use request token for each session, and both the native and web Apple Wallet flows now support requesting the same specific set of user data fields, ensuring a consistent experience across integration types.

  • Three new NFC-related rules are now available in the Rules Engine (Flows) and as Conditions (Workflows) under a dedicated NFC section:

    • NFC Step Skipped (Yes/No): indicates whether the user skipped the NFC scanning step
    • NFC Data Present (Yes/No): indicates whether NFC data was successfully captured
    • NFC Data Integrity Check (OK/Fail): indicates whether the NFC chip data passed integrity validation These can be used to enforce NFC requirements. For example, you can use these rules to automatically fail a session when NFC scanning was skipped or when a chip was expected but no data was captured.

  • Added a new configuration option, alwaysCaptureBackId, to the omni/onboarding/flow API response. This allows the frontend to control whether the back of an ID is always captured, even when front ID classification is unsuccessful. The option defaults to off to maintain existing behavior. API documentation has been updated to reflect this addition.

  • Improved Deepsight's ability to detect AI-generated and synthetic media through enhanced content provenance checks. Contact your Incode representative if you are interested in this feature.

  • The POST omni/b2b/onboarding/request-new endpoint now includes interviewId in its response, allowing downstream integrations to correlate the onboarding request with the corresponding onboarding completion webhook.

  • The Microsoft Entra ID SCIM integration now supports the incodeDashboardRole attribute, allowing organizations to provision and manage Incode Dashboard user roles directly through their Entra ID directory sync.

  • Improved address match logic for US KYB to handle cases where only partial address fields are provided. When a postal code is submitted without a city, cityMatch is no longer returned and postalCodeMatch reflects the verification result. When a city is submitted without a postal code, postalCodeMatch returns as Unverified and cityMatch reflects the verification result. In both cases, addressMatch returns as Approximate Match.

  • The OAuth Secured Sessions authorize call now accepts a language parameter, supporting the same ISO language tags as the standard session start endpoint. This allows the onboarding language to be specified when initiating OAuth-secured sessions.

  • Fixed an issue where certain session-related records were not fully removed when a session was deleted, including workflow execution tracking, verification results, external integration session data, capture attempts, and other associated data.

Government Verification:

  • Improved the accuracy and interpretability of error codes returned by the US Government Verification API. Error codes now reflect the highest-signal result based on available information, distinguishing between input validation failures, connection errors, and provider-level results. Validation and configuration errors that prevent a provider call from being made now return UNKNOWN status rather than FAIL, ensuring results accurately reflect what the system was and was not able to determine. Refer to the developer documentation for detailed information on what’s changing and the actions you need to take. For questions about how these changes may affect your implementation, contact your Incode representative.
  • Removed raw provider response data from the US Government Verification API fetch/scores response. The API response now only contains fields defined for customer consumption, improving clarity and ensuring customers are not exposed to unprocessed or potentially misleading provider-specific data.
  • Updated provider labels in the US Government Verification Dashboard tab to align with current product naming. AAMVA DLDV provider displays "DMV DATA MATCH".
  • Improved the interpretability of US Government Verification session results in the Omni Dashboard. Error codes are now correctly mapped to Data Match and Government Verification summary section scores, making it easier to understand what passed or failed in a given session without additional assistance.
  • Updated the Data Match response for US Government Verification to improve consistency and completeness across providers.
  • Update Added support for a new 451 response code introduced by the government validation service used for Brazil buyer verification. The platform now correctly maps and handles this response code, ensuring accurate verification outcomes and metrics.

ID support requests:

  • Added extraction of the Mother's Maiden Name field from the back of the Hungary Identification Card.
  • Improved classification accuracy for the back side of the Mexico City (CDMX) 2025 Driver's License.
  • Added support for the new Nicaragua CĂ©dula de IdentificaciĂłn issued beginning February 2026.

Fixes

  • Fixed an issue where the NFC Personal Number crosscheck was consistently failing for Chilean IDs, causing an incorrect deduction to the ID Validation score. The fix addresses two encoding patterns specific to Chilean IDs:

    • Non-EXTRANJERO IDs: The NFC chip encodes the Personal Number with a three-character MRZ prefix not present in the OCR value. The crosscheck now strips this prefix before comparison.
    • EXTRANJERO IDs: When the NFC chip stores only a three-character stub, the crosscheck now returns Irrelevant rather than a failure, since a full comparison cannot be made. In both cases, formatting characters (. and -) are stripped from the OCR value prior to comparison to prevent false mismatches.

  • Resolved an issue where OCR fields containing special characters caused an exception during the redaction process. The redaction logic now handles and processes special characters in OCR fields correctly.

  • Fixed an issue where deleting a Microsoft Entra directory integration returned a 500 Internal Server Error. The directory now deletes successfully without errors.

  • Fixed an issue where submitting a verification ID retrieved from a webhook to GET omni/incode-id/verification/<verificationId> returned an "Invalid mongo ID format" error. The endpoint now returns the expected verification data.

  • Fixed an issue where Okta directory sync could become blocked when a sync process that obtained a lock failed to release it, preventing subsequent sync attempts until the lock expired or the service restarted.

  • Fixed an issue where ML fraud checks (paper, screen, and ID alternation) produced inconsistent results depending on whether redaction or Age Assurance was enabled in the flow. These checks now behave consistently regardless of other features enabled in the flow configuration.

  • Fixed a response format mismatch in the Mexico KYB Lite API. The name and tin fields now return Verified or Unverified instead of true or false, the registrationStatus field now returns title-case values (Active, Inactive, Unknown) instead of all-caps, and the entityType field response structure has been updated to be consistent with other KYB country responses.

  • Update Resolved an issue where logout requests were failing with a 403 error on Demo and SaaS environments due to incorrect CORS filtering behavior. The connect/logout endpoint is now correctly allowlisted, and logout functions as expected across all environments.

  • Update Fixed an issue where the /omni/fetch-identities endpoint returned a 400 error instead of the expected identity list. The endpoint now returns results successfully.

  • Update Fixed an issue where the logo in Incode Verify and Workforce welcome emails was not loading due to an access error. Logos now display correctly in all outbound verification emails.

ID Support Requests:

  • Fixed an issue where the "Full name (OCR)" field for the Honduras Identification Card was extracted with the extraneous label "FORENAME" included in the value.
  • Fixed an issue where the "Full name (OCR)" field for the Great Britain Passport was extracted incorrectly.
  • Fixed an issue where the "Full name (OCR)" field for the Rwanda Identification Card was returned in last name, first name order. The field now returns names in first name, last name order to match standard extraction conventions.

ML

  • Deployed an updated cropping model with several improvements across document types:
    • Better alignment for pre-cropped images
    • Improvements for passports, foldable documents, and IDs in general
    • A slight improvement in barcode detection for US and Canadian documents
  • Updated the face occlusion detection model to version 0.2 for web-based onboarding sessions, improving detection of partially obscured faces during identity verification.
  • Update Improved MRZ parsing accuracy for Russian passports. The givenNameMrz and lastNameMrz fields now return only valid Latin alphabet characters, excluding numeric characters that were previously being included incorrectly.

Deepsight:

Deepsight requires additional licensing. Contact your Incode representative for more information.

  • The Deepsight liveness service now returns an explanation object in API responses when an attack is detected. The object includes a human-readable description of the rejection reason and a keywords block containing the attack category (e.g., paper, replay, 2D mask, 3D mask, face swap, synthetic face, face animation), as well as indicators for flat depth and video corruption. This makes it easier to understand and act on liveness rejection results without additional interpretation.
  • Improved the tamper-resistance of Deepsight liveness checks for web onboarding sessions. The backend now validates the Deepsight configuration against the flow settings at processing time, ensuring liveness checks cannot be bypassed through client-side modifications.

ID Templates

New supported templates

NEW CLASSIFICATION SUPPORT

Ethiopia

  • Oromia
    • IdentificationCard / IDENTIFICATION_CARD / 2023

Indonesia

  • IdentificationCard / IDENTIFICATION_CARD / 2021

Laos

  • IdentificationCard / IDENTIFICATION_CARD / 2023

Nicaragua

  • IdentificationCard / IDENTIFICATION_CARD / 2026

Peru

  • DriversLicense / DRIVERS_LICENSE / 1882

South Sudan

  • IdentificationCard / REFUGEE_IDENTIFICATION_CARD / 2023

United States of America

  • Louisiana
    • IdentificationCard / IDENTIFICATION_CARD / 2001
  • Tribal Indentification
    • TribalIdentification / TRIBAL_IDENTIFICATION_CARD_UNDER21 / 2020
    • TribalIdentification / TRIBAL_IDENTIFICATION_CARD_UNDER21 / 2024
    • TribalIdentification / TRIBAL_IDENTIFICATION_CARD / 1843

NEW ID SUPPORT

Liberia

  • VoterIdentification / VOTER_IDENTIFICATION_CARD / 2020

Sudan

  • DriversLicense / DRIVERS_LICENSE / 2022

Somalia

  • Somaliland
    • VoterIdentification / VOTER_IDENTIFICATION_CARD / 2021

United States of America

  • Montana
    • IdentificationCard / IDENTIFICATION_CARD_UNDER21 / 2025
  • Wyoming
    • DriversLicense / DRIVERS_LICENSE / 2024
  • Tribal Identification
    • TribalIdentification / TRIBAL_IDENTIFICATION_CARD / 1968

Changes to current templates

ID OCR EXTRACTION IMPROVEMENT

France

  • Passport / NATIONAL_PASSPORT / 2008 r3 - Incode MRZ

Honduras

  • IdentificationCard / IDENTIFICATION_CARD / 2020 r3

Hungary

  • IdentificationCard / IDENTIFICATION_CARD_FOR_FOREIGNERS / 2016 r1
  • IdentificationCard / IDENTIFICATION_CARD / 2012 r1
  • IdentificationCard / IDENTIFICATION_CARD / 2016 r2
  • IdentificationCard / IDENTIFICATION_CARD / 2022 r1

Mexico

  • CDMX
    • DriversLicense / DIGITAL_DRIVER_LICENSE_APP / 2023 r1

Rwanda

  • IdentificationCard / IDENTIFICATION_CARD / 2019 r1

United States of America

  • Montana
    • DriversLicense / DRIVERS_LICENSE / 2025 r1

SENSITIVE PII REDACTION

United States of America

  • Montana
    • IdentificationCard / IDENTIFICATION_CARD_UNDER21 / 2025 r1 - Age assurance