Clarity in Every Step: What’s New in Mosaic This October

This month, we’re focused on helping you move faster: from investigation to resolution, from visibility to control. October’s updates bring smarter fraud analytics, deeper verification insights and streamlined orchestration tools designed to give your teams more clarity and momentum across every step of the identity journey.

Highlights

Zoom In on Fraud Patterns with Richer Analytics

We’ve expanded the Recommendations page with new capabilities to help analysts detect and investigate fraud faster:

• 20+ new filters — including OS name, ASN and additional session attributes for more granular filtering.

• Custom attribute support — apply filters based on your own business-specific attributes to tailor investigations.

• Timeline visualization — a new bar chart view shows recommendation trends over time, helping you spot spikes and patterns at a glance.

These updates streamline contextual analysis and help surface meaningful correlations across entities, behaviors and time.

* General availability

Enhanced Session Insights on the Verification Report Page

We’ve enhanced the Verification report page with new session-level metadata to help risk teams, support agents and compliance officers gain deeper visibility into user verification flows without jumping between tools or requesting logs.

Key enhancements include:

• Capture Attempt Details: View retry count, rejection reason, duration time and the number of selfie image samples (front and back).

• Submission & Re-submission Tracking: A new “Follow-up Submission: Status” section.

• Verification Decision Breakdown: A unified view of check results—face match, document validity, liveness—regardless of source system.

• Session Metadata & Activity Logs: Includes session ID, submission status and per-step timing/retry details for better traceability and fraud investigation.

• Portal Integration: All enhancements are embedded within the existing admin portal interface, ensuring a seamless experience for analysts and support teams.

* General availability

Orchestration

Delete PIN Code Step for Better Control Over Authenticator Cleanup

A new Delete PIN Code step is now available in Orchestration, giving journey builders more flexibility in managing user authenticators. This step lets you programmatically delete a registered PIN code, either from the current device or across all devices, depending on your configuration.

It supports use cases where PINs need to be revoked—whether as part of account recovery, user-initiated resets or security policy enforcement. The step supports error handling, conditional branching, and works seamlessly across platforms with Web, iOS and Android codegen.

* General availability

Customer Identity Management

Bring Your Own Key (BYOK) for Token Signing

Admins can now upload and manage their own token signing keys (BYOK) in addition to system-generated ones. Each app can have up to four keys, with one designated for signing and others for validation. All updates are audit-logged and changes to JWKS are saved atomically to ensure consistency and compliance.

* Available in sandbox