We’ve made it easier than ever to stay up to date with what’s new at Alloy. The new Product Updates section brings our changelog right onto the Alloy dashboard, giving you instant access to information about the latest features, enhancements, and improvements—without leaving the platform.

You’ll now see a dedicated feed of recent releases in the dashboard navigation under the Resources section. Each update includes a clear summary, helpful visuals, and direct links to supporting resources. To explore everything we’ve released, click View Entire Update Collection at the bottom of the preview modal, or head straight to the new Product Updates section on the Alloy website.

Clients can now view all entities that were evaluated, were processed through a portfolio evaluation, or were not evaluated but may have been passed on through the Events API or legacy Entities API (for example: if the entity was onboarded outside of your Alloy instance and/or there has been no associated activity that has since triggered an alert, that entity would be considered ‘unevaluated’). Previously, the Entities page only displayed entities that had undergone a real-time evaluation.

Additionally, for clients using portfolio workflows, the Entity Detail page now displays a list of portfolio evaluations that the entity has been shortlisted in. These updates enable Alloy to serve as the single source of truth, providing teams with complete visibility into all the entities in their portfolio and allows them to take action on these entities in the future (e.g. create an investigation on that entity).

Clients on the Alloy SDK can use the Prove Mobile Auth SDK Plugin to automatically verify a customer's device on page load if the device is connected to mobile carrier data and on a supported mobile carrier network. Prove Mobile Auth provides the same level of verification as Prove Instant Link.

Users that have access to multiple Alloy accounts (e.g. Sandbox vs. Production) will now see a warning in the top right of their screen alerting them to the account they’ve switched to.

Clients on the Alloy SDK can use the new IDnow SDK Plugin for document verification and liveness check. IDnow’s Identity Proofing Service (IPS) verifies a customer’s identity based on the live capture of an Identity Document and the customer’s face. IPS is a global service that returns a verdict (success, failure), an analysis of the verdict, data about the individual being verified & submitted documents, as well as a PDF report containing the result of the identity verification.

This system is composed of two elements:

• A REST API for the creation, deletion, and retrieval of the Identity Proofing context and results.
• A WEB SDK that will capture the document and the face of the customer.

Use cases:

• Document verification to validate more than 3,000 identity documents from 195 countries.
• Biometric verification to confirm the existence of an identity and that the person is physically present during the verification process.

Clients now have the ability to link separate transactions using a unique identifier. Common examples of disparate but related transactions that clients may want to link include chargebacks, refunds, and disputes.

This can be used by any client utilizing Alloy for transaction monitoring via the Events API.

With this dedicated field in the Alloy platform, we will be able to build more functionality on top of this unique identifier related to alerts and decisioning capabilities.

To set up transaction linking, please reference our API documentation.

US clients using the AI-powered Fraud Attack Radar (FAR) can now benefit from more improvements to the FAR dashboard and will better allow them to autonomously and quickly triage following a suspected fraud attack. Clients will now be able to:

• View a summary of all attacks for the filtered time period
• View the top 4 indicators for an attack in the collapsible drown down
• Mark the status of an attack using the following options: Under Review, Confirmed Attack, Not Fraud Attack

To set up Fraud Attack Radar, navigate to the Workflows page and click the ellipses menu for your chosen workflow. Select ‘Fraud Attack Radar’ to open up the set up configuration. Please note: the model requires a minimum of 2 months of historical data to accurately work and will take roughly 2 weeks to train. The model can only be configured for person-type workflows and may not yield the best results for low volume use cases.

When a webhook fails to deliver 100 times (inclusive of retry attempts), with no successful deliveries within those attempts, Alloy will automatically disable that webhook endpoint for your account. 

This will typically happen when (1) a temporary delivery service like http://webhook.site is being used for testing, (2) platform or server configuration updates are not carried over to Alloy webhook settings, or (3) Alloy is not kept up to date with API key rotations.

Agent users in the default Admin role are notified via email of a webhook auto-disablement. (The default Admin role includes a new permission to receive updates when webhooks fail.)

With this feature: 

- Clients will receive an email to inform them that webhooks have been disabled.

- Clients will see which webhooks were automatically disabled in Webhook Settings. From there, clients can review settings and re-enable webhooks.