FAQ

Products

Dashboard

  • What are the password requirements?

    A character string with the following requirements:

    • A minimum of 8 characters
    • At least one lowercase letter
    • At least one uppercase letter
    • At least one number
    • At least one non-alphanumeric character (such as one of the following: !, @, #)
    • Is not the same as the username
  • How many invitees can an account have?

    Unlimited

  • How does provisioning and unprovisioning access work?

    The master account can invite three types of users: Administrators, Agents, and Read-Only.
    Admins have the privileges as the master, which includes creating, deleting and changing settings inside experiences, analyze and update verification results, and invite additional users.
    Agents can review verification data and update results.
    Read Only users cannot make changes, but can analyze data and take notes. This type of access is recommended for auditors.

  • Does the system offer audit logs and/or user access reports?

    Yes, audit logs are available per verification to check who's altered a record.

  • What is the difference between a Rejected Validation and a Manual Review?

    "Rejected Validation" results if a user is underage or if a fraud attempt is detected by failing any of the validations.
    "Manual Review" results if the mistake is probably user error rather than deliberate fraud. Commmon mistakes might inlcude blank data, and missing documents

Country Restrictions

  • Can a merchant identify a document's country of origin using the webhooks data?

    Yes.

Detecting Duplicate Users

  • How does MetaMap detect duplicates?

    Duplicate user detection is a toggle inside the Document Verification merit. We use the full name and date of birth (DOB) to compare with existing records within experiences. This means that if users verify themselves using the same Experience flow, on which the toggle is on, they will be flagged as Manual Review. Biometric data is not analyzed at this point.

  • Can MetaMap detect the same person using different documents?

    Yes, as long as the name and DOB matches our records.

  • What is the scope of duplicate detection?

    We detect duplicates at the metmap level.

Customizing Verification Flows

  • Can I customize the metmap to have my own brand and style?

    Yes. You can change the color of the graphical elements (using the exact RGB or hex color code of your brand) as well as set you company logo on top of the screen.

  • What if I need a more customized UX?

    You can use our APIs to tailor your UX with MetaMap behind it. This approach may take more time than using a pre-built UX as you need to develop the UX.

  • Is there a sandbox environment for testing?

    Not yet.

  • How many metmaps can be created?

    The default limit in the Dashboard is 100.
    Contact support if you need more.

  • Is there an easy way where the I can redirect customers to the validation page using the SDK without the button?

    You can always use the direct link or invoke the verification process through a custom UI element in your web UX (HTML and JavaScript).

  • When using SDK, are both the Client ID and the Flow ID exposed in the browser?

    Yes, however they can be encapsulated using JavaScript.

  • Can a merchant that uses PHP for their front end use the MetaMap SDK?

    Yes, they can print the Web SDK entirely with echo.

  • Do verifications expire?

    Yes, users have a 30-minute window to complete the verification.
    On the API it's basically the time window occurs between verification_started and verification_inputs_completed.

Document Verification

  • How does MetaMap process Proof of Residence?

    We extract owner's Full Name, Address and Emission Date.
    We check that the document is no older than 3 months.

  • What kind of documents do we ask for as Proof of Residence?

    Bank statement and utility bills.

  • Can we correlate the names extracted from IDs with the names in Proof of Residence (PoR)?

    Yes. Using the extracted data delivered through the Document Reading webhooks, you can compare National ID/Passport/Driver Licence with the data extracted from the PoR. All Document Reading results contain full names.

  • Does MetaMap accept citizenship documents?

    Yes. Formas Migratorias (Mexico) and Permiso Especial de Permanencia (Venezuela) are examples of special IDs that can be processed.

Integration

Metadata

  • What is metadata used for?

    Metadata helps you correlate a user you already know with a MetaMap verification process.

  • How can I correlate a user with a verification?

    You send metadata as unique value(s) related to the user (internal ID, email, doc number, etc.). Those values are attached to the verification data.

  • How do I send metadata in the Web SDK?

    Here is a sample in JavaScript:

        
     <script src="https://web-button.getmati.com/button.js"></script> 
     <mati-button 
     	clientid="600af624c1d31c001bf46d80" 
    	flowId="600af624c1d31c001bf46d7f" 
    	metadata='{
    		"u_id": "193589035809",
    		"date": "05Oct2020",
    		"u_email": "[email protected]"}' 
    />
    
    
  • I sent metadata through the API, how am I getting it back?

    Added metadata comes back in the verification_completed Webhook.

  • Are metadata arrays accepted?

    No, only a single-level hierarchy.

Compatibility

Saas Specifications

  • What OS does MetaMap use?

    CentOS through AWS virtual instances.

  • What is the stack of technologies used in your solution?

    NodeJS, Python, Kubernetes.

  • Regarding integration with Web and Mobile channels, is omnichannel supported?

    Yes. Pre-built experience for web, native mobile apps, and API.

  • Does MetaMap encrypt data communication?

    Yes. All data is encrypted in transit using cipher suites: MetaMap sends data to merchants over HTTPS, and merchants must have a TLS certificate installed.

  • How is customer data encrypted?

    We use AES-256 to encrypt customer data. This includes user selfies, videos, document images, and any verification data.

  • Does MetaMap use static or dynamic IPs?

    The only exposed IP (webhooks) is static: 52.55.16.54.

  • What are the Endpoint Security policies for user devices and servers?

    Each session is tokenized, and locked in a secure connection. Every session is opened and closed for each user process.

  • Can merchants manage MetaMap under their own domains and subdomains?

    Our extensibility through API integration allows our endpoints to be used in back-end mechanisms, allowing the process to be transparent from merchants' domains and subdomains.

  • Given that MetaMap is a cloud solution, is it managed individually or on a shared tenant?

    By default, the solution is managed in a shared way. If required, individual instances can be created.

  • Is it possible to integrate MetaMap with Instant Messaging apps such as WhatsApp?

    Yes, the direct link can be used to reach instant messaging communication channels. It is also possible to use the API to make a personalized integration via WhatsApp.

  • How does MetaMap extract document details?

    Document details are extracted using Optical Character Recognition (OCR). However, it is limited to Latin characters only.

  • What file types are accepted through API?

    For still images we accept JPEG, PNG and JPG, with a minimum resolution of 600×600px and maximum file size of 50MB.
    Selfie videos can be 3GPP, MP4, QT, WEBM, or MKV, with a maximum size of 50MB.

  • What files are sent back through webhooks?
    • A selfie photo either taken from user's phone or extracted from the selfie video.
    • MP4 selfie videos as well as 4 frame sequences or sprites taken from the videos themselves.