Changelog
API ReferenceChangelogFAQDashboard
Back to All

April, 2026

25 days ago by Tim

In April 2026, we expanded our Transaction Monitoring solution with a new, Pix Fraud Monitoring bundle and improved duplicates detection logic with new settings. Sumsub Dashboard has been updated as well to display more accurate maps reflecting the actual confidence range of the IP geolocation data.

Find more updates below, and stay tuned.

April 6 -> April 10

SDK

Expanded document subtype names

From now on, in the WebSDK we display specific document subtype names or groups of subtypes instead of the generic default ID document types.

MobileSDK update

New MobileSDK plugin versions have been released – 1.42.

Change log:

Transaction Monitoring

New bundle – Pix Fraud Monitoring

The Pix Fraud Monitoring Bundle is now available for deployment – a purpose-built set of 39 transaction monitoring rules for Brazilian PIX instant payments.

What it covers:

  • Monitoring of PIX transfer transactions

  • Real-time anti-fraud monitoring for incoming and outgoing PIX flows

  • Rule-based detection logic combining transaction indicators, DICT-related information, and customer profile context to identify anomalous or profile-inconsistent transactions

  • Behavioral analysis (atypical frequency, volume, amount)
  • Complex typologies: structuring, viral mass scams, and money mule dispersion tracking
Discover more ready-to-use rule bundles ->

Dashboard

Smart mode: Enhanced POI document upload

We have released a new Smart Mode setting for Supported ID documents.

Select Smart mode if you want the system to automatically decide how many sides of a document need to be requested based on the configuration of a specific document.

IP geolocation on maps

We have improved the maps in Location widget with the following:

  • IP geolocation points across all maps now appear as radius circles rather than precise pins — reflecting the actual confidence range of the data.

  • We now filter out VPNs, proxies, and hosting providers.
Learn how Sumsub uses IP geolocation ->

User Verification

Restriction for creating actions with duplicate ID

We have implemented a restriction for creating applicant actions with duplicate externalActionId.

Now, if an action with an already existing externalActionId is created, you will see an error: Action with externalActionId 'NonUniqueld' already exists.

Duplicates detection logic update

From now on, we are using applicant.tin (TIN, PAN, or any other tax number) field for duplicate search.

If TIN and country match between two applicants on the same key, we will count the latest applicant as duplicate.

New duplicates detection logic setting

We have released a new Ignore not completed duplicates setting that allows you to exclude duplicate applicants whose verification has not been completed from duplicate detection.

To learn how to manage account duplicates, see this article.

New user verification webhook

We have added a new webhook to provide better visibility into Applicant Actions workflows: applicantActionLevelChanged.

This webhook allows you to track when a specific Applicant Action moves to a different verification level.

See the full list of user verification webhooks ->

April 13 -> April 17

Case Management

Analytics: root causes and your team performance

Analytics is now available in the paid version of Case Management 2.0.

With analytics, teams can not only manage cases but also understand trends and the overall picture. You can review data across officers, blueprints, and cases, and track key metrics such as Resolved – Potential Threat Rate (%) and Resolved – False Positive Rate (%). This helps you spot delays and improve your workflow.

Available breakdowns:

  • Case Management Officer: cases sorted by the assigned compliance officer.
  • Case Management Blueprint: cases sorted by blueprint.
  • Case Management Case Creation Source: cases sorted by creation source.
  • Case Management Total: Case stats sorted by case statuses.

You can find more details about analytics features in the documentation.

Case creation from applicant action levels

You can now create cases for review directly from actions in the Worflow Builder.

For example, set up an applicant actions verification level with a payment method step to create a case when a bank card is uploaded. Many other scenarios are available depending on your verification flow.

Explore Case Management ->

Fraud Prevention

New risk labels

We updated the list of risk labels that highlight risky behavior during verification and allow you to act on the risk via Worflow Builder or Applicant risk scoring.

The new risk labels that have been added recently:

  • Gibberish email address. The email address does not look like a human-readable address and may be generated automatically (for example, [email protected]). This may indicate fake or synthetic identities, multi-accounting, accounts created for third-party usage, or verification scams.
  • Quick session completion. The applicant completes complex steps (selfie, ID document capture) unusually fast. This can suggest multiple verifications being performed using the same script or automation.
  • Activity during night hours. The verification session occurs between 00:00 and 06:00 based on the applicant's local timezone. This may indicate fake or synthetic identities or accounts created for third-party usage.
  • Many applicants using the same device. Many unique applicants use the same device: more than 1 within 5 minutes, more than 2 in an hour, more than 5 in a day, more than 10 in a month. This may indicate multi-accounting, accounts created for third-party usage, or verification scams.
  • IP location timezone differs from browser timezone. The IP location timezone differs from the device timezone. This may indicate tampering with geolocation data, the use of VPNs, or other tools to preserve anonymity.
  • Browser language does not match IP or document country. The browser language does not match the IP or document country. This may indicate fake or synthetic identities or accounts created for third-party usage.
  • Email domain country does not match applicant country. The email domain country does not match the applicant’s country. This may indicate fake or synthetic identities or accounts created for third-party usage.
  • Phone number country does not match applicant country. The phone number country does not match the applicant’s country. This may indicate fake or synthetic identities, accounts created for third-party usage, multi-accounting, or SMS pumping.

Device page filters

The new filters have been added to the Device page to help you quickly find applicants who used a specific device. You can now filter by:

  • Applicant review status
  • Level name
  • Applicant document type
  • Id document country
  • Level's required steps
  • Applicant reject labels
  • Applicant risk labels
Detect threats earlier with Sumsub Fraud Prevention solutions ->

Dashboard

Dashboard design update: full-screen pages

We have updated the layout and navigation for full-screen pages across the Dashboard.

What’s changed:

  • Breadcrumb navigation replaces the close button — use them or the browser back button to go back
  • The collapsed sidebar is now always visible for better orientation
  • The page subtitle is now under a “?” tooltip to keep the header clean
  • The heading size is smaller to fit the more compact header layout

Affected pages:

  • Applicant page
  • Create/edit level
  • Transaction view

Lock icon for read-only applicant flag

Read-only access is now easier to spot with a lock icon next to the applicant status. The icon appears on the following tabs on the applicant page when the setting is enabled:

  • Verifications
  • Payment Methods
Perform verification from a single Dashboard ->

Travel Rule

Launch: guided Travel Rule onboarding

We have launched a guided onboarding flow for Travel Rule that takes you from setup to ready for transactions.

The onboarding is available right in the Dashboard:

  1. Go to Transactions and Travel Rule.
  2. Navigate to Settings and select the Set up Travel Rule section.

How it works:

Instead of setting things up across different pages, the product guides you step by step through the full onboarding process.

  1. VASP creation.
    1. Create a VASP profile (name, type, logo).
    2. The VASP becomes visible to other VASPs.
  2. Verification. Fill in the verification form in the product.
  3. Due diligence (optional). Pass checks to meet regulatory requirements and confirm your business is legitimate.
  4. Customization. Define the following settings:
    1. Regulatory scope (EU, UK, and so on)
    2. Data requirements
    3. Risk and exception handling
    4. Wallet ownership logic
  5. Integration. Follow the checklist to complete setup:
    1. Generate app tokens
    2. Set up webhooks
    3. Integrate outbound/inbound flows
    4. Connect SDK (if needed)
    5. Run sandbox test transaction
Set up Travel Rule ->

User Verification

Improved Sumsub ID experience on welcome screen

Several improvements have been made to the welcome screen to make it easier for applicants to take advantage of Sumsub ID.

What’s new:

  • The checkbox has been replaced with a toggle to align with the rest of the page design.
  • The toggle is now enabled by default to improve reuse and increase verification conversion.
  • The copy has been shortened and improved, with a new “Learn more” option added to provide clear, accessible information about Sumsub ID across devices.
  • Beautified on/off transitions and error handling to ensure a smoother overall experience.

Our testing of this new experience shows positive results, so we are confident to roll out this change more broadly.

Rate limits for applicant actions

We are introducing rate limits on rescore/check attempts within applicant actions to prevent abuse (for example, thousands of rescoring attempts for the same crypto wallet).

What’s changing:

  • Max 200 recheck attempts per applicant action
  • Requests sent more than once per second will be blocked

Behavior:

  • If the limit is exceeded, the system returns: Max number of review attempts reached
  • If requests are sent too quickly, the system returns: Too frequent actions pending

Applicant Event timeline update

New events have been added to the timeline on the applicant page:

  • Questionnaire completion
  • Applicant data step completion
  • Step resets

These events are shown only for new activity on applicants.

Configure full-cycle verification and scale globally ->

Transaction Monitoring

Transactions and applicant scoring

We have improved how you review, filter, and audit transactions and applicants:

  • Audit log for Transaction notes has been added to the Events & Transactions page to improve auditability.
  • Filter by applicant score is now available in the Applicants table to make it easier to find relevant records.
  • Transactions now display the timezone (same as on the applicant page), making it easier to understand why some records may be excluded by time filters.

April 20 -> April 24

SDK

Mobile Device Intelligence

From now on, Device Intelligence is supported for MobileSDK verification sessions. It includes the following:

  • Detects multi-accounting and fraud risks for users who pass verification on MobileSDK.

  • Accurate Device Identification, persistent to app resets.

  • Identified connections between applicants build fraud networks in real-time.

  • 10 mobile-specific risk signals: Recent Factory Reset, Emulator Detection, Jailbroken and Rooted devices, etc. Detects hackers and those who try to avoid identification and leave traces.

  • Easy one-line Integration – add a module to your MobileSDK and enable device collection on the verification level.

Get started with Device Intelligence ->

Reusable KYC screen update

We have redesigned the Reusable KYC screen on WebSDK. It is now more clear and transparent which data is being shared and between which companies.

Video Fragment redesign

The flow of video fragment on the Selfie step in WebSDK has been redesigned. Now it has a clearer interface and better communication.

WebSDK customization

We have released a new feature for WebSDK customization – Eyedropper tool. It allows users to quickly and easily select the required color for WebSDK UI elements.

Consent screen - Agreements and their translations

We have enabled translations of Privacy Notice and Notification to Processing of Personal Data for both WebSDK and MobileSDK.

Supported languages:

  • Privacy Notice – Spanish, French, Portuguese, Portuguese Brazilian, German, Italian, Polish, Greek, Serbian and Latvian.

  • Notification to Processing of Personal Data – Polish and Serbian.

The user will see a translated version of a corresponding document, when trying to open it with corresponding language selected on SDK.

Automation

Summy AI modes

Now you can pick the mode in which Summy AI operates for better navigation and less errors:

  • Custom analytics

  • Documentation search

  • Smart filters

  • Regulatory assistant

  • Transaction rule builder

Learn more about Summy AI Copilot ->

Dashboard

Lock editing for custom fields

The lock-editing option is now available for custom fields in the Verification steps UI.

What’s new:

  • A lock icon now appears next to each custom field in the Applicant data step.

  • When enabled, the pre-filled value is shown to the applicant but cannot be changed.

  • Works together with the existing Pre-fill known data option for full control over what applicants can and cannot edit.

Case Management updates

We have released two small but nice updates in the Case Management section:

  1. Related cases and assignees are now shown for a specific transaction. This helps teams understand the transaction context faster and immediately see which cases and assignees are already linked to it.

  2. A visual distinction between False positives and Valid threat cases has been added to the All Cases page and on the case page itself.

New permission: Download summary report

We have introduced a new permission – Download summary report.

This permission allows users to download summary reports for both KYC and KYB applicants.

Access limitations update

The behavior of the Allowed IPs to sign in for Dashboard field in Roles has been updated. Previously, you had to add a list of IP addresses manually.

Now, you can paste a full list of addresses into the field, using multiple separator formats. When you click outside the field, we automatically validate everything inside it:

  • Duplicate addresses: no worries about pasting new lists on top of existing ones, we will clean things up and keep everything tidy.

  • Invalid formats: each issue will be highlighted with a red underline, and users will see guidance on the correct format to use.

User Verification

Cross-check AI mode

We have introduced a new AI-powered standard for name cross-checking. The system leverages the power of advanced language models to analyze names. We now understand context much like a human does:

  • Typo Flexibility: Differences such as Ё vs Е or minor transliteration errors will no longer be a reason for rejection.

  • Complex Structures: The AI understands when a customer swaps their first and last names or adds a middle name that might be missing from the database but belongs to the same person.

  • Enhanced Security: Despite its flexibility, the AI accurately identifies actual surname mismatches or attempts to use someone else’s data.

Client-initiated re-OCR

You can now perform re-OCR on documents of previously verified applicants.

A new reOCR button is now available in the Dashboard:

  1. Navigate to the Applicant page and open the three-dot menu in the upper right.

  2. Select Re-OCR documents option.

You can also use a dedicated API method.

New webhook: Applicant verification link opened

A new webhook applicantVerificationLinkOpened will be sent to you when an applicant opens a SDK verification link.

Note the following:

  • Bots will not trigger the webhook.

  • Repeated page opens within 1 minute are treated as a single event.

Transaction Monitoring

TM Rules crafting with Summy AI

We are thrilled to announce that you can now build full rules, including applicant actions, tags, scoring, cases, and more, simply by chatting with SummyAI.

Select Transaction rule builder mode, describe the logic, and Summy will create the rule. All the functionality remains the same as in manual mode.

Detect all suspicious transaction activities with Transaction Monitoring ->

April 27 -> May 1

AML Screening

AML Resolution Rule Chain

You can now flexibly set automatic resolution for AML Screening matches by building a chain of rules that run against every new screening and translate your internal risk policy directly into the screening system.

What’s new:

  • AML rules library. A bundle of preset rules curated from the most common requests. Pick a ready-to-use rule and edit it to fit your flow.
  • Custom rules. If nothing in the library meets your needs, build fully custom rules based on yown logic.
  • Multiple rules sequency. The first matched rule triggers the resolution and takes priority. Rules define the if (conditions on input or match data) and the then (match state / risk level).
  • Draft-to-publish workflow with version history. Clear workflow management with auditable reasoning for every resolution.

Why it matters:

  • Significantly reduces manual AML match review and allows you to encode custom AML screening instead of relying on default system resolution logic.
  • Provides the highest level of screening flexibility, catering to different industries and regulatory/jurisdictional requirements.

Documentation:

Discover AML Screening ->

Business Verification

Custom fields for Company Data

You can now add custom fields to the Company Data step, which will appear on the corresponding screen. This allows you to exclude questionnaires when only a few data points are required.

Company check fields in Workflow Builder

A set of commonly used attributes is now available in Workflow Builder conditions under: checks.company.info.

For example: status, type, legalForm, industryCodes, employeesNumber, registeredCapitalAmount, incorporatedOn, startDate, licenseInfo.issuedDate, licenseInfo.validUntil.

Company-zero editing restrictions

To prevent unauthorized changes to the pre-created company-zero level, it is now non-editable, similar to SDK 1.0 levels.

To use custom intermediate company levels, you can clone this level and configure a custom one in Global settings for Business Verification.

Pre-fill Associated Parties based on documents

The Associated Parties step can now be pre-filled based on documents. Currently, only the GEWA (Gewerbeanmeldung) document is supported, with more document types to be added over time due to format variability.

If needed, additional document types can be requested for support.

Appointment and resignation dates for beneficiaries

You can now specify appointment and resignation dates for company officials in the Company structure editor.

Verify businesses ->

Fraud Prevention

Improved consistency for Device Intelligence

We have enhanced the reliability and consistency of Device Intelligence across data collection, processing, and transaction handling.

What’s new:

  • Devices are now created immediately at collection time, so you are not charged for incomplete collections caused by technical issues.
  • Transaction rescoring no longer loses the device — the original device is retained even after hours, days, or weeks.
  • Browser caching persists across tab closures (moved from sessionStorage to localStorage).
  • Improved handling of device creation, de-duplication, and linking under load.
  • Additional edge cases supported (for example, when the first verification level does not collect devices but a later one does).

Important (Standalone Device Intelligence / Fisherman clients only):

A new mandatory field, deviceBindingId, must now be passed when collecting device information after updating to version 2.0.x. See details in the updated documentation.

Strengthen risk-based decision-making ->

User Verification

SummyAI level builder

Describe your verification flow in plain language, and Level Builder generates a ready-to-review level in the Dashboard with a direct Edit level link.

How to enable:

  1. Open SummyAI and click the + button.
  2. Select Verification level builder.

Limitations:

  • Cannot create or edit Action levels
  • Cannot edit levels older than 24 hours
  • Not supported in Local Data Processing setups
  • AI-generated levels may contain mistakes and require human review
Boost your verification with Sumsub AI assistant ->

Case Management

FIU CTR Report for the Philippines

The CTR report for the Philippines is now available and can be generated in CSV format directly from Case Management.

Streamline reports generation with Case Management ->

Transaction Monitoring

Updating applicant assessment without re-score

You can now update applicant assessment after changes to the risk scoring matrix — without re-scoring transactions.

How it works

A new button on the Risk score breakdown card (Transactions tab) allows you to:

  • Clean up removed tags
  • Update weights according to the current matrix
  • Add a new entry to the applicant’s status log to record the recalculation

Important: This does not add new tags. To apply new tags, you still need to add transactions or run a full re-score.

SummyAI: Rule builder product tour

Whenever you open the editor in Rules Manager, you will be offered SummyAI assistance for configuring rules using SumScript and the AI condition generator. The tour provides real-time explanations, highlighting key features and capabilities.

Get started with Sumsub Transaction Monitoring ->

Dashboard

Applicant page: empty states glow-up

We have introduced a new look for the empty states on the following applicant tabs:

  • Payment Methods
  • Cases
  • Devices
  • Actions

What’s new:

  • Consistent appearance across tabs
  • Profile data and notes are no longer shown

Personal info block: UI update and data clarity

The Personal info block has been updated with a more consistent style and clearer data.

What’s new:

  • New empty state when no data has been extracted yet
  • Applicant data tag next to the Provided information
  • See all fields toggle in Provided data to hide empty fields
  • Consistent styling for names and addresses across Extracted and Provided data
  • Awaiting applicant response placeholder for requested but unfilled fields
  • Updated GPS as PoA tooltip with clearer indication in the edit drawer

Step completion status colors in Actions table

Step icons are now color-coded based on the review result, consistent with the Applicants table.

Color legend:

  • Green — step approved (reviewAnswer GREEN)
  • Red — step rejected or resubmission requested (reviewAnswer: RED, reviewAnswer: ERROR)
  • Yellow — step pending or status not recognized (reviewAnswer: YELLOW)
  • Grey — step not yet submitted / no status data (reviewAnswer absent)

If an action has multiple steps, each icon is colored independently based on its own status.

Important:

  • The color logic is identical to the Applicants table: both tables now behave consistently.
  • If a step's status cannot be retrieved, the icon falls back to grey without showing an error.

Solutions page: service status update

While we are working on a full redesign of the Solutions page to improve the self-purchase experience, we have released a small but helpful update to service statuses.

New statuses:

  • Setup required — displayed after purchase to guide you through completing setup before using the service.
  • Active — displayed once setup is complete; the service is ready to use.
Explore Dashboard fundamentals ->

Payment Methods Check

Additional blockchain analytics providers: payment methods

We have expanded support for blockchain analytics providers. You can now use Crystal, Merkle Science, Elliptic, Chainalysis, and TRM Labs.

By default, you can choose between the native providers — Crystal and Merkle Science. Other providers will become available in the drop-down after activation.

Learn more about Payment Method Check Advanced ->