Overview
Warnings on the NFC report flag every condition Didit observed while reading and validating the chip. They land in the warnings[] array on each item of nfc_verifications[] (see NFC report), with feature set to "NFC". Each entry follows the shared warning object shape: feature, risk, additional_data, log_type, short_description, long_description, node_id.
Every warning has three layers:
- The
risk code — a stable identifier you can match on in your code (the codes listed below).
- The
log_type — one of information, warning, or error. It is derived from the action your workflow configures for that risk: No action → information, Review → warning, Decline → error.
- The decision impact — the same configured action also drives the NFC report’s
status: a Review action moves it to In Review, a Decline action to Declined.
Three NFC risks are configurable this way (SKIPPED_NFC_VALIDATION, NFC_CHIP_NOT_VERIFIED, NFC_AND_OCR_DATA_NOT_SAME). The two certificate risks (DSC_CERTIFICATE_REVOKED, DSC_CERTIFICATE_EXPIRED) are informational only: they always carry log_type: "information" and never change the NFC status by themselves.
The full set of risk codes the NFC module produces is below. No other NFC risk codes exist.
Warnings produced
risk | Cause | Severity (log_type) | Affects status? | Remediation |
|---|
SKIPPED_NFC_VALIDATION | The chip read was skipped — the workflow allows skipping (allow_nfc_skip) and the user tapped skip because the device did not support NFC or could not align the chip. | Follows the skip NFC action setting (skip_nfc_action): information / warning / error. | Configurable — No action, Review, or Decline. | If your policy requires NFC, set the skip action to Decline (or disallow skipping entirely) and instruct the user to retry from an NFC-capable device. Otherwise leave it at No action to fall back to OCR-only verification. |
NFC_CHIP_NOT_VERIFIED | The chip was read but failed cryptographic verification: dg_integrity or sod_integrity is false. This usually means the issuing country’s CSCA could not validate the SOD signature, the DSC is revoked or expired, or a Data Group hash did not match. | Follows the unverified chip action setting (unverified_chip_action). | Configurable — No action, Review, or Decline. | Older travel documents often trigger this without indicating fraud. Decide your tolerance per market; Review is a common setting. Inspect authenticity and certificate_summary.validation on the report to see which check failed. |
NFC_AND_OCR_DATA_NOT_SAME | The MRZ read from the chip does not match the MRZ OCR’d from the visible side of the document (compared after normalization, ignoring < filler). Strong tampering signal. | Follows the data inconsistency action setting (inconsistent_data_action) — the same setting that governs ID-verification data-consistency checks. | Configurable — No action, Review, or Decline. | Treat as tampering unless proven otherwise; Decline is the typical setting. The additional_data payload includes the OCR MRZ lines (ocr_mrz, array) and the chip MRZ (nfc_mrz, single string) for manual comparison. |
DSC_CERTIFICATE_REVOKED | The Document Signer Certificate that signed this chip appears in the issuing country’s Certificate Revocation List (CRL). | Always information. | No — never changes the NFC status by itself. | Strong signal that the signing key may have been compromised; route these sessions to manual review via your own logic if needed. Note the chip will usually also fire NFC_CHIP_NOT_VERIFIED, which is configurable. |
DSC_CERTIFICATE_EXPIRED | The DSC’s validity window has passed (certificate_summary.validation.dsc_expired is true). | Always information. | No — never changes the NFC status by itself. | Common with older documents. As with revocation, an expired DSC also fails full SOD validation, so NFC_CHIP_NOT_VERIFIED fires alongside it and carries your configured action. |
SKIPPED_NFC_VALIDATION and NFC_CHIP_NOT_VERIFIED are mutually exclusive: the unverified-chip warning is only evaluated when the chip read was not skipped.
Exact description strings
The API returns these exact short_description and long_description strings for each risk:
risk | short_description | long_description |
|---|
SKIPPED_NFC_VALIDATION | Skipped NFC Validation | The Near Field Communication (NFC) chip validation process was not completed, potentially due to technical issues or lack of NFC support. |
NFC_CHIP_NOT_VERIFIED | NFC chip not verified | The Near Field Communication (NFC) chip was not verified, potentially due to missing certificate to verify the signature of the chip, or the chip is designed to not be verified. |
NFC_AND_OCR_DATA_NOT_SAME | NFC and OCR data not same | The Near Field Communication (NFC) chip data and the OCR data don’t match, indicating potential document tampering or data inconsistency. |
DSC_CERTIFICATE_REVOKED | Document Signer Certificate revoked | The Document Signer Certificate (DSC) used to sign the ePassport chip data has been revoked by the issuing country’s Certificate Revocation List (CRL), indicating the signing key may have been compromised. |
DSC_CERTIFICATE_EXPIRED | Document Signer Certificate expired | The Document Signer Certificate (DSC) used to sign the ePassport chip data has expired, meaning the certificate’s validity period has passed. |
Configuration
Three workflow settings control how NFC warnings route. Each can be set to No action, Review, or Decline:
- Skip NFC action (
skip_nfc_action) — applies to SKIPPED_NFC_VALIDATION. Skipping is only offered to users when allow_nfc_skip is enabled.
- Unverified chip action (
unverified_chip_action) — applies to NFC_CHIP_NOT_VERIFIED.
- Data inconsistency action (
inconsistent_data_action) — applies to NFC_AND_OCR_DATA_NOT_SAME. This is the same data-inconsistency setting used by ID verification.
The two DSC_CERTIFICATE_* risks have no action setting — they are always informational.
Examples
In Review — chip could not be verified
{
"warnings": [
{
"feature": "NFC",
"risk": "NFC_CHIP_NOT_VERIFIED",
"additional_data": null,
"log_type": "warning",
"short_description": "NFC chip not verified",
"long_description": "The Near Field Communication (NFC) chip was not verified, potentially due to missing certificate to verify the signature of the chip, or the chip is designed to not be verified.",
"node_id": "nfc_primary"
},
{
"feature": "NFC",
"risk": "DSC_CERTIFICATE_EXPIRED",
"additional_data": null,
"log_type": "information",
"short_description": "Document Signer Certificate expired",
"long_description": "The Document Signer Certificate (DSC) used to sign the ePassport chip data has expired, meaning the certificate's validity period has passed.",
"node_id": "nfc_primary"
}
]
}
Here the unverified-chip action is set to Review, so NFC_CHIP_NOT_VERIFIED carries log_type: "warning" and the NFC report’s status is In Review. The expired-DSC entry is purely informational.
Declined — chip / OCR mismatch
{
"warnings": [
{
"feature": "NFC",
"risk": "NFC_AND_OCR_DATA_NOT_SAME",
"additional_data": {
"ocr_mrz": ["P<ESPDOE<<JOHN<<<<<<<<<<<<<<<<<<<<<<<<<<<<<", "AAB000123ESP9005154M3001017<<<<<<<<<<<<<<04"],
"nfc_mrz": "P<ESPDOE<<JOHN<<<<<<<<<<<<<<<<<<<<<<<<<<<<<AAB000254ESP9005154M3001017<<<<<<<<<<<<<<06"
},
"log_type": "error",
"short_description": "NFC and OCR data not same",
"long_description": "The Near Field Communication (NFC) chip data and the OCR data don't match, indicating potential document tampering or data inconsistency.",
"node_id": "nfc_primary"
}
]
}
Here the data-inconsistency action is set to Decline, so the warning carries log_type: "error" and the NFC report’s status is Declined. Note that ocr_mrz is an array of MRZ lines while nfc_mrz is the chip’s single concatenated MRZ string.
Warning types
Each risk is assigned a severity based on your application’s configuration. The three severities are: