What should an in-flow chatbot be allowed to do during identity verification?

It should only provide guidance, link to approved FAQs, and route to manual review or an alternate verification path. It must not approve bypasses or move candidates forward without a logged exception and approver identity.

How do you keep async support from becoming a compliance and fairness problem?

Standardize recovery paths, log which guidance was shown, and enforce the same SLAs and exception criteria across candidates. If guidance and exceptions are not logged, they are not defensible.

When should you use manual review instead of more retries?

When retries exceed a defined limit, when device constraints prevent completion, or when risk signals suggest step-up verification is required. Unlimited retries increase queue noise and can create a fraud cover channel.

Candidate-experience · Apr 4, 2026 · 10 minute read

Async Support Inside Identity Verification: Stop SLA Slips

Async support inside identity verification is not a CX nice-to-have. It is a control that protects time-to-offer, reduces manual escalations, and keeps decisions defensible.

Lisa Wu

Candidate Experience Lead

Lisa focuses on reducing friction and improving accessibility in verification flows.

Async support inside verification is a control. It prevents bypasses, reduces rework, and keeps identity gating compatible with hiring SLAs.

Back to all posts

What breaks when verification confusion becomes an SLA incident?

If your identity gate is the first control in the funnel, every minute of confusion at that step is unverified time sitting inside your hiring SLA. Here is the war-room scenario: a high-priority role hits offer stage, but three finalists are stuck in verification. One cannot get their camera permission to work on a managed laptop. One keeps failing document capture because the UI does not explain glare or cropping. The third asks whether biometric checks are stored and pauses. Recruiting opens tickets. Security insists identity gating cannot be bypassed. The hiring manager demands interviews proceed. Now you have an SLA breach forming in real time. This is not just cycle-time waste. It is a defensibility problem. If Legal asked you to prove who approved this candidate, can you retrieve it? If support told the candidate to "try again" without logging what failed and what guidance was given, you have an un-auditable exception path. Industry surveys routinely show identity risk is not theoretical. 31% of hiring managers say they have interviewed a candidate who later turned out to be using a false identity. When verification friction pushes teams to improvise, the typical workaround is a shadow workflow, exactly where fraud and audit gaps concentrate.

Speed: time-to-offer and offer-to-start fallout when candidates stall at the identity gate.
Cost: rework from manual escalations, rescheduling, and duplicate checks.
Legal exposure: undocumented exceptions and inconsistent treatment across candidates.
Fraud risk: pressure-driven bypasses and unlogged approvals.

Why legacy tools fail: support is outside the control plane

Most stacks treat verification as a vendor step and support as a separate channel. That separation is why the market failed to solve this. ATS workflows are often sequential checks that slow everything down. Background check and verification vendors return results, but not always as a unified evidence pack with a timestamped narrative you can audit. Coding and interview tools optimize their own completion rates, but do not anchor support interactions back to the hiring record as tamper-resistant feedback. The operational failure mode is predictable: no immutable event log that connects the candidate action, the system decision, the support prompt, and the eventual override. No review-bound SLAs, so tickets queue silently. No standardized rubric storage, so exceptions get decided in chat threads. Shadow workflows and data silos become the system of record, which is an integrity liability.

Candidates need answers at the exact point of failure, not 12 hours later in email.
Recruiting Ops needs standardized recovery paths so "help" does not become "bypass."
Security needs logged exception handling to keep identity gating intact.

Ownership and accountability matrix: who owns what, and what is the source of truth?

Assigning ownership is the difference between a controlled workflow and ad hoc escalation. Put names on the boxes and log the handoffs. Recommendation: make Recruiting Ops the workflow owner, Security the policy owner, and Hiring Managers the scoring owners. The ATS remains the source of truth for candidate stage, with verification and support events written back as audit anchors.

Recruiting Ops: owns verification flow UX, support content, routing rules, and SLA dashboards.
Security: owns identity policy (risk tiers, step-up triggers, exception criteria), access control, and audit policy.
Hiring Manager: owns evaluation rubric discipline and only consumes verified candidates unless an exception is logged and approved.
Analytics: owns time-to-event reporting, funnel leakage segmentation, and failure reason taxonomy.

Automated: liveness, face match, document authentication, deepfake and proxy signals, FAQ and chatbot responses, retry guidance.
Manual review: identity edge cases (name mismatch due to legal name change, document damage), repeated liveness failures with consistent device constraints, suspected fraud escalation.

ATS: candidate stage, offer decision, approvers.
Verification service: verification result objects, failure codes, evidence pack pointer.
Event log: immutable timeline across verification attempts, support invocations, and reviewer actions.

Modern operating model: how async support becomes part of identity gating

Recommendation: treat hiring like secure access management. Identity verification is the gate before privileged access to interviews, assessments, and offers. Async support is the guardrail that keeps the gate moving without creating bypass paths. Model it as an instrumented workflow:

Identity verification before access. Candidates do not enter high-trust steps until verified or explicitly exception-approved.
Event-based triggers. Fail states trigger the right support content immediately, plus step-up verification when risk signals appear.
Automated evidence capture. Every attempt produces timestamped artifacts and failure reasons for audit reconstruction.
Analytics dashboards. Track time-to-event: time-to-start verification, time-to-complete, time-in-manual-review, and drop-off by failure reason.
Standardized rubrics. Hiring decisions reference verified identity status and evidence-based scoring, not informal reassurance.

Lead with clarity: explain what is being checked, what is stored, and what is not.
Optimize perceived speed: progress indicators, clear "step 2 of 3" labels, and realistic timers reduce abandonment.
Recovery paths: allow retries with guidance, and provide an accessible alternate route when device constraints block completion.

Where IntegrityLens fits

IntegrityLens AI functions as the control plane for this model by keeping verification, support events, and hiring stage changes anchored to ATS-anchored audit trails. It enables:

Biometric identity verification with liveness detection, document authentication, and face matching as a first-class identity gate before access.
Fraud prevention signals including deepfake detection, proxy interview detection, and behavioral signals so step-up verification is targeted, not blanket friction.
Immutable evidence packs with timestamped logs and reviewer notes so exceptions remain defensible.
Zero-retention biometrics architecture so you can explain data handling clearly in-flow without creating a new retention liability.
Parallelized checks instead of waterfall workflows, with write-backs into the ATS to avoid shadow workflows.

Anti-patterns that make fraud worse

Do not "help" candidates in ways that remove controls or erase evidence. Three anti-patterns show up in post-incident reviews:

Bypass-on-ticket: allowing interviews to proceed when verification fails, without a logged exception and approver identity.
Support over DM: resolving identity issues in email or chat threads that are not linked to the candidate record and immutable event log.
Unlimited retries without step-up: letting repeated failures loop forever without triggering manual review or higher-assurance checks.

Implementation runbook: embed async support without weakening the identity gate

Instrument events (Day 0). SLA: same day. Owner: Analytics with Recruiting Ops. Evidence: immutable events for verification_started, permission_denied, doc_capture_failed, liveness_failed, support_opened, support_answer_served, retry_started, verification_passed, verification_failed, manual_review_queued, manual_review_decision.

Add an FAQ drawer on every failure state. SLA: 48 hours. Owner: Recruiting Ops. Evidence: content version ID logged when shown. Include: camera permissions, lighting guidance, accepted documents, name mismatch policy, and data handling (zero-retention biometrics explanation).

Add chatbot escalation routing. SLA: 1 week. Owner: Recruiting Ops. Security approves policy prompts. Evidence: chat topic tags and recommended action logged. Do not allow chatbot to authorize bypass. It can only route: retry guidance, alternate method, or manual review request.

Define review-bound SLAs for exceptions. SLA: 1 week. Owner: Security for policy, Recruiting Ops for queue operations. Evidence: manual_review_queued timestamp, reviewer ID, decision timestamp, rationale notes stored as tamper-resistant feedback.

Implement step-up verification triggers. SLA: 2 weeks. Owner: Security. Evidence: trigger reason logged (example: repeated liveness failures plus device anomaly) and step-up outcome included in evidence pack.

Dashboard and weekly ops review. SLA: weekly. Owner: Analytics. Evidence: time-to-event percentiles, drop-off by failure reason, support invocation rate, manual review aging, and exception approval counts by approver.

Automated verification decision: immediate upon completion of capture steps.
In-flow FAQ and chatbot response: immediate.
Manual review queue: first response within 4 business hours, final decision within 1 business day.
Escalation: any manual review aging beyond 1 business day alerts Recruiting Ops and Security.

Which guidance was shown (FAQ entry ID, chatbot intent tag, content version).
All verification attempts with timestamps and failure codes.
Any exception: approver identity, rationale, and expiration of the exception by default.

Sources

Checkr, Hiring Hoax (Manager Survey, 2025): 31% of hiring managers reported interviewing a candidate who later turned out to be using a false identity. Pindrop: 1 in 6 applicants to remote roles showed signs of fraud in one real-world hiring pipeline. SHRM: replacement cost estimates of 50-200% of annual salary (role-dependent).

Close: If you want to implement this tomorrow, start here

Recommendation: ship the smallest version that reduces stalls at the identity gate while increasing auditability. Business outcomes to target: reduced time-to-hire through fewer stalled verifications, defensible decisions via logged guidance and approvals, lower fraud exposure by preventing bypasses, and standardized scoring because only verified candidates progress without documented exceptions.

Add an in-flow FAQ drawer to every verification failure state and permission prompt.
Log support_opened and support_answer_served events tied to candidate ID and verification attempt ID.
Set manual review SLAs and publish the escalation path (Recruiting Ops owns the queue, Security owns the policy).
Create three approved recovery paths: retry with guidance, alternate verification route, or manual review. No other outcomes.
Write back verification status and evidence pack pointer into the ATS so the ATS stays the system of record.
Review weekly: time-to-start verification, time-to-complete, drop-off by failure reason, and manual review aging.

Related Resources

Key takeaways

Put async support inside the verification flow because the highest delays cluster where identity is unverified and access is blocked.
Treat support interactions as logged workflow events so you can prove what the candidate saw, did, and was instructed to do.
Use risk-tiered routing: self-serve for low-risk confusion, step-up verification for anomalies, and SLA-bound manual review for exceptions.
Design for perceived speed and accessibility: clear progress, retry paths, and WCAG 2.1-aligned microcopy reduce unnecessary escalations without weakening controls.

In-Flow Async Support and Exception Handling Policy (v1)YAML policy

Use this as a baseline policy for embedding FAQ and chatbot support directly inside the verification step.

It enforces approved recovery paths, review SLAs, and audit logging requirements so support does not become a bypass channel.

policy:
  name: in_flow_async_support_v1
  scope: identity_verification
  objectives:
    - reduce_time_to_complete_verification
    - prevent_bypass_of_identity_gate
    - preserve_audit_readiness

  events_required:
    - verification_started
    - verification_step_presented
    - permission_prompt_shown
    - doc_capture_failed
    - liveness_failed
    - face_match_failed
    - support_opened
    - support_answer_served
    - retry_started
    - manual_review_queued
    - manual_review_decision
    - verification_passed
    - verification_failed

  support_in_flow:
    faq_drawer:
      enabled: true
      show_on_states:
        - permission_prompt_shown
        - doc_capture_failed
        - liveness_failed
        - face_match_failed
      logging:
        log_content_version_id: true
        log_article_id: true
    chatbot:
      enabled: true
      allowed_actions:
        - provide_retry_guidance
        - link_faq_article
        - request_manual_review
        - offer_alternate_verification_route
      prohibited_actions:
        - approve_bypass
        - instruct_unlogged_email_exchange
      logging:
        log_intent_tag: true
        log_recommended_action: true

  recovery_paths:
    approved:
      - name: guided_retry
        max_retries: 2
        on_exceed: queue_manual_review
      - name: alternate_route
        criteria:
          - accessibility_need
          - managed_device_constraints
        requirement:
          - log_alternate_route_reason
      - name: manual_review
        criteria:
          - repeated_failure
          - name_mismatch
          - suspected_fraud_signal

  manual_review_sla:
    first_response_hours: 4
    final_decision_business_days: 1
    escalation:
      trigger: manual_review_age_gt_final_sla
      notify_roles:
        - recruiting_ops_oncall
        - security_policy_owner

  exception_controls:
    access_expiration_by_default:
      enabled: true
      exception_duration_hours: 24
    require_approver_identity: true
    require_rationale_note: true
    require_evidence_pack_pointer: true

  ats_writeback:
    enabled: true
    fields:
      - verification_status
      - verification_completed_at
      - evidence_pack_url
      - exception_approved_by
      - exception_expires_at

Outcome proof: What changes

Before

Verification stalls were handled through email back-and-forth and occasional interview scheduling before verification completion, creating unlogged exceptions and recruiting queue congestion.

After

Async support was embedded inside the verification flow with approved recovery paths, SLAs for manual review, and ATS write-backs for evidence pack pointers and exception metadata.

Governance Notes: Security and Legal signed off because the model prohibits bypass via support, requires approver identity and rationale for any exception, and retains only audit artifacts and decision logs while using zero-retention biometrics. The result is an ATS-anchored audit trail that can reconstruct what happened, when, and who approved it.

Implementation checklist

Instrument verification with timestamped events for start, completion, failure reason, retries, and support invocation.
Embed an FAQ drawer and chatbot entry point on every failure state and permission prompt.
Define SLAs for automated checks and manual review queues with explicit owners and escalation paths.
Standardize copy patterns for top failure modes (document glare, name mismatch, liveness retries, microphone permissions).
Ensure accessibility and recovery paths (keyboard navigation, captions, readable error states, alternative verification route).
Write back completion status and evidence pack pointer into the ATS as the source of truth.

Questions we hear from teams

What should an in-flow chatbot be allowed to do during identity verification?: It should only provide guidance, link to approved FAQs, and route to manual review or an alternate verification path. It must not approve bypasses or move candidates forward without a logged exception and approver identity.
How do you keep async support from becoming a compliance and fairness problem?: Standardize recovery paths, log which guidance was shown, and enforce the same SLAs and exception criteria across candidates. If guidance and exceptions are not logged, they are not defensible.
What metrics should a CPO review weekly?: Time-to-start verification, time-to-complete verification, drop-off by failure reason, support invocation rate, manual review aging against SLA, and count of exceptions by approver.
When should you use manual review instead of more retries?: When retries exceed a defined limit, when device constraints prevent completion, or when risk signals suggest step-up verification is required. Unlimited retries increase queue noise and can create a fraud cover channel.

Ready to secure your hiring pipeline?

Let IntegrityLens help you verify identity, stop proxy interviews, and standardize screening from first touch to final offer.

Try it free Book a demo

Watch IntegrityLens in action

See how IntegrityLens verifies identity, detects proxy interviewing, and standardizes screening with AI interviews and coding assessments.