CPR Purpose & Use Case

Problem Statement

User drop-offs during onboarding are a big challenge. In a 10-step onboarding journey — if a user reaches step 5 but gets interrupted (closes the browser, switches devices, or reinstalls the app), they lose all progress. When they return, they have to start over from step 1, leading to frustration and making them more likely to abandon the process.

To solve this, a local resume feature was introduced. It stores progress in the browser cache or app storage, allowing users to continue where they left off. However, this solution has major limitations:

• Does not work across devices or browsers — Users cannot switch between mobile and desktop or different browsers.
• Does not work on app reinstallations — If users delete and reinstall the app, they lose all progress.

Since resuming is an important step in user acquisition, any friction should be reduced to improve the business.

Why This Problem Needs to Be Solved

1. Fewer User Drop-Offs — Users dropping off mid-journey and having to restart is a major reason for abandoned onboarding. A cross-platform resume feature ensures users can pick up where they left off, increasing completion rates.

2. Meeting Client Expectations — Many enterprise clients already offer this feature. Not having it can be a deal-breaker for them.

3. Smoother Experience for Complex Workflows — Onboarding is no longer just a quick KYC process — many users go through long, multi-step flows. Losing progress mid-way and not being able to resume can be frustrating and lead to poor user experience.

Solution Overview

HyperVerge solves this problem with Cross-Platform Resume (CPR), a backend-based state management system. Here's how it works:

1. Saving Progress — After each step, the SDK stores user progress against appId, transactionId, and workflowId in the backend by calling a PUT Transaction State API.

2. Resuming Progress — When users return, SDK retrieves their saved progress from the backend using a GET Transaction State API, allowing them to continue exactly where they left off.

3. Works Across Devices — Since the progress is stored on the backend, users can switch devices and resume, use different browsers, or reinstall the app without losing their data.

4. Secure Authentication with CPR Auth — When users resume their journey, CPR Auth ensures authentication before granting access to their saved progress. This prevents unauthorized access, safeguards PII data, and protects against fraud by requiring OTP-based verification before resuming the process.

5. Minimal to No Effort Required from the Client — The CPR solution is designed to be seamlessly integrated with minimal changes on the client's end. HyperVerge handles session management, authentication flows, and data security in the backend, ensuring clients can enable CPR without major changes.

What is CPR Auth?

While Cross-Platform Resume (CPR) allows users to seamlessly resume their onboarding journey, it introduces a significant security risk — unauthorized access to a user's session and exposure of personally identifiable information (PII), especially when clients integrate CPR without any authentication on their end.

Example scenario: If a KYC user completes steps 1-5 and drops off, the journey data including PII data is stored in HyperVerge's backend. Later, if someone gains access to the onboarding link and opens it, the system fetches the saved PII data from the HV backend in order to resume the flow, exposing sensitive details such as name, phone number, or ID information to a potential attacker.

To address this, HyperVerge provides CPR Authentication, which ensures secure session resumption and protects user PII. The solution includes:

• Mini Authentication Workflow: When a user drops off and resumes later, they are prompted for authentication before accessing their session.
• Multiple Authentication Methods: Supports mobile OTP and email OTP for verifying user identity.
• Strict Access Control: Users cannot proceed further in the journey until authentication is successfully completed, ensuring that PII data remains protected from unauthorized access, fraudsters, and attackers.
• Customizable Authentication Flow: Clients can choose how authentication is applied — they can use HyperVerge's authentication on specific platforms while implementing their own authentication on others, ensuring flexibility without compromising security.