IDV Audit Trail Structure

Hi All,

The Identity Verification solution contains an evidence pack that is created at the end of every transaction.  In order to access the evidence pack, an API is called and a PDF is generated and the download is started.  This post will describe what to expect in the current version of the evidence pack (also called the Audit Trail).

The Evidence Pack contains the following items:

• Cover Page
• About this Document
• Table of Contents
• Transaction Summary
• Event Timeline
• Sessions
• Attachments
• Screenshots

With in the Evidence Pack, there is a "visual" audit trail.  The "visual" audit trail puts a time stamp next to each action along with an attached image of exactly what the user was presented with when they were viewing that page at that time.  The "visual" audit trail makes it faster and less costly to prove your compliance and legal case.  The step-by-step capture allows for an accurate view of what was seen and experienced by the users.  All content, including the appearance of all web pages and documents presented to the user are captured.  All actions, including click-to-sign, initials, accept, and agree buttons, along with download and save actions are recorded.  Every thing is time stamped, such as when the user logged in, or logged out, how long they spent on each web page and document, and all other activities and actions.

In addition, the Evidence Pack also contains a number of embedded attachments.  Each Evidence Pack contains the Session ID, Name of the end-user for the session and the summary of the details and device that was used to complete the transaction.  The link in each "visual" audit trail will open a screen shot, or an agreement or a document in a new tab to make reviewing easier.  Each of these attachments can be viewed and listed in a separate space in the PDF, under the attachments pane of your PDF viewer.

The session timeline contains many detailed entries, showcasing the "visual" audit trail.  These entries include the verification services requests and response entries.  Additional detail regarding the requests and responses are attached to the timeline as well, allowing for a deeper dive into what the verification service was sent and received.  These verification service reports are in JSON format, which makes it easy to format.  This JSON response contains the same details you would find if a request was made to the verification summary REST API directly.  

The Evidence Pack is designed to be whitelabelled, and as such certain features can be customized, such as:

• Cover Page Background
• Cover Page Logo
• Table Header Row Background Color, Font Color, Font Face, Font Size
• Header 1 (Section) Font Color, Font Face, Font Size
• Header 2 (sub-section) descriptive text, and Background Color, Font Color, Font Face, Font Size
• Table Border color, size
• Table cell odd and even rows, background color
• Footer text, descriptive text, Font Color, Font Face, Font Size
• And many others, speak with a your sales person to get more information about whitelabelling

If you have any further questions regarding the Evidence Pack document, please speak with your OneSpan Sales Engineer and they can provide you with a sample or more detail.