Glossary
share:

Document authentication APIs for businesses that require identity ownership confirmation

KYC data checks confirm whether an identity exists, but they don't always prove that the person creating an account is the rightful owner of that identity. 

As fraud tactics such as synthetic identity fraud and AI-enabled impersonation attacks become more sophisticated, you will likely need to go beyond data verification and add document authentication checks to your onboarding workflows. 

Document authentication APIs, such as those provided by us, Jumio, Entrust and Veriff, allow you to embed document verification directly into existing customer onboarding journeys to confirm identity ownership and reduce fraud.

Best document authentication APIs for confirming identity ownership: GBG, Jumio, Entrust, and Veriff*

Provider

Global document coverage

Biometric identity proofing

Identity verification integration

GBG

8,500+ government-issued IDs across 195 countries

Face matching, liveness detection, presentation attack detection and deepfake injection detection

Option to integrate with end-to-end KYC platform GBG Go

Jumio

Supports 5,000+ government-issued IDs across 200 countries

Face matching, liveness detection and injection attack detection

Document checks can be integrated into broader identity verification

Entrust

195+ countries and 2,500+ document types

Biometric verification and liveness detection

Solution includes document, biometric and data verification

Veriff

12,000+ ID documents across 230+ countries

Face matching and passive liveness detection

Built as part of a broader identity verification platform

GBG: Layered identity verification that combines data checks, document authentication and biometrics

We're an identity technology company with more than 30 years of experience, used by companies like Santander and Coinbase to verify customer identities globally. Our document authentication solution uses automated APIs to provide high-assurance identity proofing in seconds. We help:

  • Verify identities in 195 countries using 8,500+ ID types and hundreds of localized datasets
  • Detect sophisticated forgery with 50+ forensic tests and 98% effective protection against fraudulent document modifications
  • Confirm ownership through biometric face-matching that analyzes 68 facial landmarks and blocks deepfake injection attacks
  • Streamline onboarding with KYC orchestration that applies higher-assurance checks only when a risk threshold is triggered

We'll cover our capabilities in more detail first before sharing a few alternatives to consider. 

Verify more legitimate customers globally with broad identity and document coverage

While a standard data check provides an initial layer of verification, it can't address the structural limitations of local databases, such as missing entries or outdated records.

We address this issue by allowing you to verify identities across 195 countries using a combination of trusted data sources and document verification capabilities. By authenticating documents against a global library that is continuously updated by experts, you can support onboarding across multiple regions and languages. 

This depth of coverage helps improve overall approval rates because genuine customers who lack a deep digital footprint can still prove their identity using a physical ID.

Confirm identity ownership with biometric verification and liveness detection

Document authentication is only effective when you can prove the person holding the ID is its actual owner. What's more, the quality of the initial image can determine the success of the check. 

That's why we use biometric verification to compare a user's live selfie against the photo on their identity document to confirm ownership and smart capture technology that automatically eliminates glare and blur to ensure accurate optical character recognition (OCR) and successful authentication.

"Document verification APIs work on the images submitted to them. What often gets overlooked is how much can be done on the front end to ensure the best-quality image reaches the backend," says David Thomas, Global Head of Product (Documents and Biometrics) at GBG.

"Capture SDKs are crucially important – they generate and quality-check images before anything is submitted for processing. That's a part of the conversation that doesn't come up enough."

Certified passive liveness testing further secures the journey by protecting against presentation attacks involving photos, videos or physical masks.

Speed up onboarding with automated decisioning and identity orchestration

Relying on human staff to manually check every ID creates a bottleneck that leads to abandoned signups and mounting operational overhead.

We remove this constraint by unifying identity data, document authentication and biometrics into a single identity orchestration workflow. This allows you to move at the speed of your users rather than the speed of your backlog.

"We essentially have a fully automated process. That is about five seconds on average to complete the verification," notes Glenn Larson, CTO (Documents and Biometrics) at GBG.

"Some identity verification systems rely on manual processing to bridge coverage gaps, which means queuing, service level agreement delays and a finite number of human operators working through documents one by one. For us, 99.5% of journeys are handled by our backend APIs at the first pass."

This high level of automation lets you approve genuine customers in real time while maintaining strict compliance with regulations like GDPR.

How we helped a sports betting operator strengthened identity verification beyond KYC data checks

A sports betting operator found that standard data verification was insufficient for certain demographics, such as younger players with thin credit files. They implemented a single workflow that combined data checks with document authentication and biometric verification. 

By using this end-to-end approach to confirm applicants were the rightful owners of their identities, the operator increased auto-approval rates for these harder-to-identify segments by 80%. This reduced the need for manual reviews and delivered a 13:1 return on investment.

Read the full case study.

Jumio

Jumio specializes in AI-driven document verification and is used extensively in high-volume industries like gaming and financial services. It focuses on using automation to provide clear pass/fail results for global users.

Key capabilities:

  • Supports 5,000+ government-issued identity documents across 200 countries and territories
  • Offers biometric face matching and liveness verification to confirm the person presenting the document is its rightful owner
  • Reusable identity features link selfies to previously verified documents to monitor the identity over time

Entrust

Entrust provides identity verification solutions with a focus on high-security environments and enterprise-level resilience. Their technology is designed to reduce image rejection rates through automated capture enhancements.

Key capabilities:

  • Supports verification of more than 2,500 document types across 195+ countries
  • Includes government-issued documents such as passports, driver's licenses, national ID cards, and residence permits
  • Biometrics verification uses AI to score the similarity between an ID photo and a live selfie while running liveness checks for 2D and 3D masks
  • Image enhancement technology captures a burst of photos and selects the best one, reducing rejection due to blur or glare by up to 70%

Veriff

Veriff is an identity verification platform that focuses on speed and accuracy, including for businesses that need to handle a wide variety of non-Latin scripts.

Key capabilities:

  • Supports identity verification in 230+ countries and 12,000+ identity documents
  • Uses AI-powered document verification with biometric face matching and passive liveness detection
  • Features an average verification time of approximately 6 seconds with high decision accuracy
  • Supports identity documents across multiple scripts, including Arabic, Chinese, Japanese, Korean, Cyrillic and Hebrew
  • Analyzes more than 1,000 data points through device and network intelligence capabilities

Why KYC data checks alone aren't always enough to confirm identity ownership

Traditional data-only checks are no longer a complete defense against modern identity fraud. While these checks are a necessary part of the customer onboarding process, they leave gaps that fraudsters are quick to exploit.

Here’s why:

KYC data verification confirms identity attributes, but not necessarily the person behind them

Identity data verification typically validates that a specific set of attributes, such as a name, address, and date of birth, exists in authoritative databases like credit bureaus or electoral rolls. This is useful for confirming that "John Smith" is a real person who lives at a specific location. 

However, passing a data check doesn't prove that the person typing the information into your app is actually John Smith. Fraudsters can easily obtain these attributes from data breaches or social media to create accounts under someone else's name.

Modern fraud attacks exploit gaps in data-only verification workflows

Fraudsters have developed techniques that thrive in environments where only data is checked:

  • Synthetic identity fraud involves combining real and fake data to create entirely new personas that have no negative history but are fully "verifiable" in standard databases.
  • Stolen identity fraud uses legitimate PII to open accounts, which a document-less check can't distinguish.
  • AI-generated documents and deepfakes allow criminals to produce highly convincing fraudulent materials that can bypass simple verification steps.

Document authentication adds a higher level of identity assurance

By requiring a government-issued ID, you introduce a physical anchor to the digital identity. 

Document authentication APIs analyze the integrity of the ID itself, checking for tampering, photo substitution, or text modifications. Adding this step ensures the document is authentic before the customer can proceed. 

Key capabilities to look for in a document authentication API

Ideally, you want a solution that fits your specific risk appetite and technical requirements:

Comprehensive document authentication and forgery detection

The API must be able to analyze more than just the text on a document. It should review security features like holograms, Machine Readable Zone (MRZ) consistency and document integrity. 

This is vital for detecting counterfeit or manipulated IDs, especially as AI-generated fraud becomes more prevalent.

Global document coverage and ongoing document library updates

If your business operates internationally, you need an API with a document library that covers everything from German ID cards to Brazilian driving licenses, for example. 

The provider must continuously update this library as governments issue new document versions or Digital IDs, ensuring your onboarding process remains smooth.

Biometric face matching and liveness detection

Confirming that the applicant matches the document is the core of identity ownership. The solution should use automated face matching and liveness detection to prevent spoofing attacks using static photos, recorded videos or deepfake injections. 

For example, a digital bank might require a movement prompt or a blink test during sign-up to confirm a human is physically present and prevent fraud like a recorded video playback.

Risk-based workflow orchestration and decisioning

You shouldn't have to put every user through the most rigorous (and expensive) checks. 

Look for a solution that allows you to escalate verification only when needed. For instance, a low-dollar transaction might only require a data check, while a large loan application can automatically trigger document and biometric steps.

Read more: A complete guide to implementing an end-to-end KYC process

Fraud intelligence beyond document verification

A strong API integrates additional risk indicators. This includes device intelligence, which flags if a user is using a VPN or an emulator and behavioral signals that detect suspicious patterns. 

By using adaptive fraud prevention, you can block bad actors based on the overall risk score.

Flexible deployment options and API integrations

The technical fit is just as important as the fraud protection. Your provider should offer standalone APIs for specific needs or full platforms for end-to-end management. 

Low-code and no-code options are especially useful for compliance teams that need to adjust workflows quickly, without waiting for a developer.

Final thoughts

If your onboarding process relies solely on KYC data checks, you're only verifying that an identity exists, not necessarily that the applicant is its rightful owner. 

Document authentication APIs add an important layer of assurance, helping you detect fraud, confirm identity ownership and onboard more genuine customers. 

We, for example, can automate this entire journey through GBG Go, connecting you to global data and forensic-level document testing through one unified API.

FAQs

What is document authentication?

Document authentication is the process of verifying that a government-issued ID is genuine and has not been forged or altered. It involves checking security features like holograms, watermarks and micro-text, often using forensic tests and AI.

How does a document verification API improve KYC?

A document verification API allows you to automate the authentication of user IDs within your digital flow. This reduces manual workload, decreases the time it takes to onboard a customer and provides more reliable fraud protection than basic data-only checks.

What is the difference between identity verification and identity proofing?

Identity verification checks if the information provided matches a record in a database. Identity proofing goes further by confirming that the person providing the information is actually who they claim to be, typically through document authentication and biometric face matching.

Can document verification APIs detect deepfakes?

Modern document verification APIs that use smart capture technology and biometric facial analysis can detect deepfake injection attacks. They look for inconsistencies in facial landmarks and lighting that suggest a digital manipulation rather than a live human presence.

Sources

 

*Disclaimer: Information relating to third-party products and companies referenced in this article is based on publicly available sources and official publications at the time of writing. While reasonable efforts have been made to ensure accuracy, product features, positioning and company information may change and GBG does not guarantee that all information remains current or complete.

Nothing in this article constitutes an endorsement, recommendation or ranking of any third-party provider. Readers should consult each provider’s official website and conduct their own assessment before making any purchasing decisions.

To request an update or correction, please contact communications@gbg.com 

Get in touch with GBG

Request a demo