Guides

NeuroID Implementation for Web

Suggest Edits

Welcome!

We are in the process of migrating our Web implementation instructions to this consolidated format. Please contact [email protected] to provide any feedback.

Introduction to Our Process

New Customers As you get started with Experian's NeuroID product for the first time, an Implementation Engineer (IE) will assist you through the process.

  1. Kick-off - To kick off the project, the Experian NeuroID team will request a "Form Walkthrough" meeting, where you will be asked to show us the webpages where you plan to integrate NeuroID.

  2. Solution Design - Your NeuroID IE will use information from the Form Walkthrough to create a NeuroID Solution Design for your use case. We will provide you with customized instructions to complete your JavaScript setup.

  3. Lower Level Environment Integration - You will install the NeuroID JavaScript on all pages where NeuroID must observe end-user behavior, device, and network information.

    1. For Account Opening use cases, NeuroID JS must be placed on all screens where the end-user interacts with an account opening form. This must include all the pages for all user funnels
    2. For Account Defense use cases, NeuroID JS must be placed on all screens related to users logging in or authenticating. This may include pages related to Login, Forgot Credentials, OTP or other MFA screens.
    3. For post-login use cases (such as observing a user complete a payment transaction or updating a saved address), NeuroID JS may be placed on additional screens. Your IE contact will provide recommendations on the scope of user data collection based on your desired outcomes.

  4. NeuroID Analytics API Integration - Depending on your use case, integrating with NeuroID's Analytics API may be required in order for the product to fully function.

    1. For Account Opening use cases: integrating with Analytics API is highly recommended.
    2. For Account Defense and post-login use cases: integrating with Analytics API is required.

  5. Data QA & Configuration - Once you have integrated NeuroID JS (and Analytics API, if required) in a lower-level-environment, your NeuroID IE must perform QA on your integration data and set up the scoring configuration that generates NeuroID behavioral signals. Your IE contact will work with you to generate testing sessions and testing API calls so that we can fully QA and configure your NeuroID JS integration.
    You must not use NeuroID signals for production decisioning until your IE has verified that Data QA & Configuration is complete.

  6. Go-live! -

    1. For Account Opening use cases: you can deploy the NeuroID JavaScript before you deploy your backend API integration.
      1. If you call Analytics API: real-time Account Opening results will be returned to you, and these real-time results will be shown in NeuroID dashboards.
      2. If you do not call Analyticsl API: Account Opening signals will be generated at the end of the user's sessions and these end-of-session results will be shown in the NeuroID dashboards.
    2. For Account Defense and post-login use cases: a connection to NeuroID Analytics API is required in order for Account Defense and post-login signals to be generated. Your NeuroID production deployment is not complete until you have integrated with the JS collection library and Analytics API.
Existing Customers

If you have already integrated with Experian's NeuroID and would like to expand your solution to more websites or additional pages, contact your Experian Customer Success representative or NeuroID Implementations Engineering ([email protected].) to confirm if you can use your existing JS snippets and how to expand your Analytics API integration. We will work with you to ensure your NeuroID scoring configuration accounts for all HTML fields throughout your web-based user journeys.

Integration Steps

The following steps will walk you through implementing the NeuroID JavaScript library.

1. Install NeuroID JS with your unique site_id

If this is the first time you are integrating with NeuroID JS, you must install a snippet of JavaScript in the <head> of your webpage. This JS snippet must load on all pages where NeuroID will observe end-user behavior.

You will be provided separate snippets for use in production and your lower-level environments: 

<!-- The following Snippet is for Non-Production Environments Only -->
<script type="text/javascript">
  (function(n,e,u,r,o,i,d){
       n.nid=n.nid||function(){(n.nid.q=n.nid.q||[]).push(arguments)};
       o=e.createElement(u);i=e.getElementsByTagName(u)[0];o.async=1;
       o.src=r;i.parentNode.insertBefore(o,i);
  })(window,document,'script','//scripts.neuro-id.com/c/nid-YOUR_SITEID_HERE-test.js');
</script>

<!-- The following Snippet is for use on your Production website -->
<script type="text/javascript">
  (function(n,e,u,r,o,i,d){
       n.nid=n.nid||function(){(n.nid.q=n.nid.q||[]).push(arguments)};
       o=e.createElement(u);i=e.getElementsByTagName(u)[0];o.async=1;
       o.src=r;i.parentNode.insertBefore(o,i);
  })(window,document,'script','//scripts.neuro-id.com/c/nid-YOUR_SITEID_HERE.js');
</script>

Embed this JavaScript snippet within the <head> section of your webpage, making sure to load the correct snippet in the appropriate environment. Your snippets will be provided to you by your NeuroID Implementations contact.

👍

Your JavaScript snippet URLs will look like this:

//scripts.neuro-id.com/c/nid-abcde123.js.

//scripts.neuro-id.com/c/nid-abcde123-test.js

If you copy the snippet from here, you must update your JavaScript snippet URL to include your unique site_id.

📘

A NeuroID site_id uniquely identifies the user journey where behavioral data is collected. The format consists five characters and then three numbers (e.g.,abcde123).

Your NeuroID Implementations contact will work with you to identify if you need more than one site_id for your integration.

2. Label Your HTML Fields

NeuroID JS must be able to recognize the fields in your HTML where users will interact. Depending on how your existing HTML is structured and labeled, existing properties on your HTML inputs can often be used so that you do not have to add any tags in your HTML.

a. Implicit Field Labeling (no HTML changes required)

If your HTML fields already have a static, constant property on them such as the #id, name, aria-label, NeuroID can be configured to utilize these existing HTML properties for behavioral scoring. Your NeuroID Implementation Engineering contact will work with you during our Form Walkthrough process to identify which properties on your fields can be used in the NeuroID behavioral scoring configuration.

Whichever property from your HTML fields is configured must stay static over time to ensure that your user's sessions are continually scored.

b. Explicit Field Labeling (add tags to your HTML)

If you do not have a static property on your fields that can be mapped for NeuroID behavioral scoring, we recommend incorporating HTML5 data-* attributes that are unique, stable, and descriptive. To add NeuroID-specific attributes to your fields, put an attribute named data-nid-target on your input fields, e.g., data-nid-target="firstName" if the input field is a first name field.

Generally, you do not need to label every input, button and link on your webpage. Your NeuroID contact will recommend which fields need to be labeled.

Please refer to our HTML Tags documentation for more information.

3. Manage the NeuroID identity_id

Each web session must be assigned a unique identity_id so that you can retrieve the NeuroID results for that session later.

a. Option 1: NeuroID will "autoIdentify" the session

Using this option, NeuroID JS will be configured to automatically generate an identity_idas soon as data collection starts. This value acts as a web session identifier, and it will be stored as a cookie named nid_sid. Optionally, this value can be stored in browser session storage for additional persistence. (Your NeuroID contact will recommend the appropriate setting for your use case.)

You can retrieve the NeuroID identity_id programmatically using the following command:

  nid.getIdentityId();

❗️

You must store the NeuroID identity_idin your backend

The NeuroID APIs, dashboard and alerts use the identity_id as the primary key for retrieving user results.

If you use this autoIdentify pattern, you MUST persist the value of NeuroID's identity_id to your backend so that it can be associated with your sessions, applicants, or user accounts. You will use the NeuroID identity_id to retrieve NeuroID API results.

If you have an alternative ID available such as an Application ID, you can pass that identifier to NeuroID when you connect to the Analytics API. You will pass that as the parameter alias_id.

b. Option 2: Set a unique persistent identity_id

Use the identify command to set a unique persistent identifier:

  nid('identify', 'identity_id');

❗️

identity_id validation criteria

If you provide the value of identity_idit must meet all the following requirements:

  • Must be a string value
  • Must consist of only alphanumeric characters, dashes, underscores, or periods
  • A minimum length of 3-characters
  • A maximum length of 100-characters
  • Must not contain any PII

If this identifier is created in front-end code (e.g. in the user's browser), you must persist the value to your backend after creation and before calling the NeuroID Analytics API. You will use this value to call the NeuroID API for signals about the applicant.


4. Connect to NeuroID's Analytics APIs for real-time insights:

a. API Patterns For Account Opening

  1. Retrieving Actionable Signals: NeuroID's Account Opening signals are generated progressively as the user interacts with the page. You can retrieve NeuroID AO signals at multiple points in the user's journey if desired. Examples:
    1. To retrieve NeuroID's Account Opening signals when the form is submitted, integrate with Analytics API v6: https://neuro-id.readme.io/reference/analytics-api-v6?product=account_opening
    2. To retrieve AO signals when the user has completed the first of several application pages, integrate additional calls to Analytics API v6.
  2. Improving Signal Accuracy: Examples:
    1. "New User Account Intelligence" - If the onboarding form was submitted successfully and you created a new account for the user, you can include the Registered User ID (e.g. your Account ID) in your NeuroID's Analytics API v6 requests. This will populate our "Multiple Users Per Device" signal. Knowing your user's Registered User ID also helps NeuroID join together a user's account creation session and subsequent login sessions. More info: https://neuro-id.readme.io/reference/analytics-api-v6#query-params
    2. "Application Alias ID" - Each session will have a unique identity_id. If you also maintain an Application ID for every account opening application that is submitted, you can pass this to NeuroID's Analytics API v6 endpoint as the alias_id parameter. This is particularly useful if your Fraud and Risk teams prefer to look up NeuroID results using an Application ID instead of a Session ID! More info: https://neuro-id.readme.io/reference/analytics-api-v6#query-params
    3. Application Submitted Intelligence" - To add even more intelligence to NeuroID's Account Opening signals, integrate an API connection to NeuroID's "submission status" endpoint to flag which sessions resulted in an application that you accepted: (coming soon!)

b. API Patterns For Account Defense

  1. Retrieving Actionable Signals: To retrieve NeuroID Account Defense signals in real-time, integrate with NeuroID Analytics API v6 and request the account_defense signal set. More info: https://neuro-id.readme.io/reference/analytics-api-v6?product=account_defense
  2. Improving Signal Accuracy: Examples:
    1. "Login Success Intelligence" - To add even more intelligence to NeuroID's Account Defense signals, integrate a connection to NeuroID's "login success" endpoint to flag which sessions resulted in a login attempt that you allowed to successfully login: (coming soon!)