KYC data checks confirm whether an identity exists, but they don't always prove that the person creating an account is the rightful owner of that identity.
As fraud tactics such as synthetic identity fraud and AI-enabled impersonation attacks become more sophisticated, you will likely need to go beyond data verification and add document authentication checks to your onboarding workflows.
Document authentication APIs, such as those provided by us, Jumio, Entrust and Veriff, allow you to embed document verification directly into existing customer onboarding journeys to confirm identity ownership and reduce fraud.
|
Provider |
Global document coverage |
Biometric identity proofing |
Identity verification integration |
|
GBG |
8,500+ government-issued IDs across 195 countries |
Face matching, liveness detection, presentation attack detection and deepfake injection detection |
Option to integrate with end-to-end KYC platform GBG Go |
|
Jumio |
Supports 5,000+ government-issued IDs across 200 countries |
Face matching, liveness detection and injection attack detection |
Document checks can be integrated into broader identity verification |
|
Entrust |
195+ countries and 2,500+ document types |
Biometric verification and liveness detection |
Solution includes document, biometric and data verification |
|
Veriff |
12,000+ ID documents across 230+ countries |
Face matching and passive liveness detection |
Built as part of a broader identity verification platform |
We're an identity technology company with more than 30 years of experience, used by companies like Santander and Coinbase to verify customer identities globally. Our document authentication solution uses automated APIs to provide high-assurance identity proofing in seconds. We help:
We'll cover our capabilities in more detail first before sharing a few alternatives to consider.
While a standard data check provides an initial layer of verification, it can't address the structural limitations of local databases, such as missing entries or outdated records.
We address this issue by allowing you to verify identities across 195 countries using a combination of trusted data sources and document verification capabilities. By authenticating documents against a global library that is continuously updated by experts, you can support onboarding across multiple regions and languages.
This depth of coverage helps improve overall approval rates because genuine customers who lack a deep digital footprint can still prove their identity using a physical ID.
Document authentication is only effective when you can prove the person holding the ID is its actual owner. What's more, the quality of the initial image can determine the success of the check.
That's why we use biometric verification to compare a user's live selfie against the photo on their identity document to confirm ownership and smart capture technology that automatically eliminates glare and blur to ensure accurate optical character recognition (OCR) and successful authentication.
"Document verification APIs work on the images submitted to them. What often gets overlooked is how much can be done on the front end to ensure the best-quality image reaches the backend," says David Thomas, Global Head of Product (Documents and Biometrics) at GBG.
"Capture SDKs are crucially important – they generate and quality-check images before anything is submitted for processing. That's a part of the conversation that doesn't come up enough."
Certified passive liveness testing further secures the journey by protecting against presentation attacks involving photos, videos or physical masks.
Relying on human staff to manually check every ID creates a bottleneck that leads to abandoned signups and mounting operational overhead.
We remove this constraint by unifying identity data, document authentication and biometrics into a single identity orchestration workflow. This allows you to move at the speed of your users rather than the speed of your backlog.
"We essentially have a fully automated process. That is about five seconds on average to complete the verification," notes Glenn Larson, CTO (Documents and Biometrics) at GBG.
"Some identity verification systems rely on manual processing to bridge coverage gaps, which means queuing, service level agreement delays and a finite number of human operators working through documents one by one. For us, 99.5% of journeys are handled by our backend APIs at the first pass."
This high level of automation lets you approve genuine customers in real time while maintaining strict compliance with regulations like GDPR.
A sports betting operator found that standard data verification was insufficient for certain demographics, such as younger players with thin credit files. They implemented a single workflow that combined data checks with document authentication and biometric verification.
By using this end-to-end approach to confirm applicants were the rightful owners of their identities, the operator increased auto-approval rates for these harder-to-identify segments by 80%. This reduced the need for manual reviews and delivered a 13:1 return on investment.
Jumio specializes in AI-driven document verification and is used extensively in high-volume industries like gaming and financial services. It focuses on using automation to provide clear pass/fail results for global users.
Key capabilities:
Entrust provides identity verification solutions with a focus on high-security environments and enterprise-level resilience. Their technology is designed to reduce image rejection rates through automated capture enhancements.
Key capabilities:
Veriff is an identity verification platform that focuses on speed and accuracy, including for businesses that need to handle a wide variety of non-Latin scripts.
Key capabilities:
Traditional data-only checks are no longer a complete defense against modern identity fraud. While these checks are a necessary part of the customer onboarding process, they leave gaps that fraudsters are quick to exploit.
Here’s why:
Identity data verification typically validates that a specific set of attributes, such as a name, address, and date of birth, exists in authoritative databases like credit bureaus or electoral rolls. This is useful for confirming that "John Smith" is a real person who lives at a specific location.
However, passing a data check doesn't prove that the person typing the information into your app is actually John Smith. Fraudsters can easily obtain these attributes from data breaches or social media to create accounts under someone else's name.
Fraudsters have developed techniques that thrive in environments where only data is checked:
By requiring a government-issued ID, you introduce a physical anchor to the digital identity.
Document authentication APIs analyze the integrity of the ID itself, checking for tampering, photo substitution, or text modifications. Adding this step ensures the document is authentic before the customer can proceed.
Ideally, you want a solution that fits your specific risk appetite and technical requirements:
The API must be able to analyze more than just the text on a document. It should review security features like holograms, Machine Readable Zone (MRZ) consistency and document integrity.
This is vital for detecting counterfeit or manipulated IDs, especially as AI-generated fraud becomes more prevalent.
If your business operates internationally, you need an API with a document library that covers everything from German ID cards to Brazilian driving licenses, for example.
The provider must continuously update this library as governments issue new document versions or Digital IDs, ensuring your onboarding process remains smooth.
Confirming that the applicant matches the document is the core of identity ownership. The solution should use automated face matching and liveness detection to prevent spoofing attacks using static photos, recorded videos or deepfake injections.
For example, a digital bank might require a movement prompt or a blink test during sign-up to confirm a human is physically present and prevent fraud like a recorded video playback.
You shouldn't have to put every user through the most rigorous (and expensive) checks.
Look for a solution that allows you to escalate verification only when needed. For instance, a low-dollar transaction might only require a data check, while a large loan application can automatically trigger document and biometric steps.
Read more: A complete guide to implementing an end-to-end KYC process
A strong API integrates additional risk indicators. This includes device intelligence, which flags if a user is using a VPN or an emulator and behavioral signals that detect suspicious patterns.
By using adaptive fraud prevention, you can block bad actors based on the overall risk score.
The technical fit is just as important as the fraud protection. Your provider should offer standalone APIs for specific needs or full platforms for end-to-end management.
Low-code and no-code options are especially useful for compliance teams that need to adjust workflows quickly, without waiting for a developer.
If your onboarding process relies solely on KYC data checks, you're only verifying that an identity exists, not necessarily that the applicant is its rightful owner.
Document authentication APIs add an important layer of assurance, helping you detect fraud, confirm identity ownership and onboard more genuine customers.
We, for example, can automate this entire journey through GBG Go, connecting you to global data and forensic-level document testing through one unified API.
Document authentication is the process of verifying that a government-issued ID is genuine and has not been forged or altered. It involves checking security features like holograms, watermarks and micro-text, often using forensic tests and AI.
A document verification API allows you to automate the authentication of user IDs within your digital flow. This reduces manual workload, decreases the time it takes to onboard a customer and provides more reliable fraud protection than basic data-only checks.
Identity verification checks if the information provided matches a record in a database. Identity proofing goes further by confirming that the person providing the information is actually who they claim to be, typically through document authentication and biometric face matching.
Modern document verification APIs that use smart capture technology and biometric facial analysis can detect deepfake injection attacks. They look for inconsistencies in facial landmarks and lighting that suggest a digital manipulation rather than a live human presence.
*Disclaimer: Information relating to third-party products and companies referenced in this article is based on publicly available sources and official publications at the time of writing. While reasonable efforts have been made to ensure accuracy, product features, positioning and company information may change and GBG does not guarantee that all information remains current or complete.
Nothing in this article constitutes an endorsement, recommendation or ranking of any third-party provider. Readers should consult each provider’s official website and conduct their own assessment before making any purchasing decisions.
To request an update or correction, please contact communications@gbg.com