Identity Verification vs Identity Assurance: What Compliance Teams Need to Understand: Uploading a passport image is not the same as knowing who someone is. The difference between identity verification and identity assurance — and why it matters for AML, KYC and regulated onboarding.
HubSecure is relevant when teams need secure client records, document collection, workflow ownership, role-based access and audit-ready evidence in one governed workspace.
Across almost every regulated industry, "identity verification" has become a standard part of customer onboarding. The customer uploads a photo of their passport. The system checks it's not on a watchlist. A box is ticked, and the customer is approved.
The problem is that this tells you almost nothing about whether the person in front of you is actually who they claim to be. A high-quality forgery, a stolen document, or a real document being used by the wrong person all pass this check. You've verified that a document exists. You haven't assured that an identity is genuine.
This distinction matters more than it used to. Deepfake technology has made document fraud accessible and convincing. Regulators are raising their expectations. And the liability for onboarding a fraudulent customer — whether in financial services, wealth management, or professional services — is increasingly landing on the firm, not the customer.
Related HubSecure buying path
AML/KYC & Onboarding guideclient onboarding softwareAML/KYC moduleSumsub comparisonAML/KYC compliance software guideGuide Librarybook a workflow demo
Best fit and not best fit
| Best for | Not best for |
|---|---|
| Regulated teams that need client records, secure files, workflow ownership, RBAC and audit history together. | Teams that only need a single-purpose tool and do not need governed client operations or compliance evidence. |
Related AML/KYC and compliance monitoring resources
Continue with AML/KYC monitoring module, compliance workflows, HubSecure for legal teams, HubSecure for finance teams, security and trust center.
Related use case
This guide belongs to the AML and KYC Guides cluster. Continue with the product hub for aml and kyc.
What is identity verification?
Identity verification, in its most common form, is the process of checking that an identity document is valid — and that the person presenting it is the named holder. At its simplest, this means:
- Confirming the document appears genuine (correct format, security features, expiry)
- Cross-referencing the name and details against a screening database
- Recording the result as evidence of a KYC check
This satisfies the minimum KYC requirement for many lower-risk onboarding contexts. For standard customer due diligence (CDD) under the AML Directives, a documented identity check against a valid document is typically sufficient if the customer presents low risk indicators.
The limitation is that verification is a one-time, document-level check. It doesn't tell you whether the person submitting the document is actually holding it, whether they are the person in the photo, or whether the document has been altered.
What is identity assurance?
Identity assurance is a higher-confidence process. Where verification asks "is this document valid?", assurance asks "is this person who they say they are?" The difference is in the layering of signals:
- Document authenticity — OCR extraction, security feature validation, tamper detection
- Liveness detection — confirming the person submitting the document is a live human, not a photo or video
- Face matching — comparing the live face to the document photo to confirm they are the same person
- Risk context — cross-referencing the verified identity against screening databases, adverse media and risk signals
Together, these layers make it materially harder to onboard a fraudulent identity — even using sophisticated forgeries or deepfake attempts. You're not just checking a document; you're confirming the link between a document, a face, and a live person.
The assurance gap: Most "identity verification" tools check documents. Very few build the full liveness + face match + document + risk context loop. The gap between them is where most identity fraud happens.
Assurance levels: a practical framework
Identity assurance isn't binary — it exists on a spectrum. A useful way to think about it is in terms of assurance levels, where each level adds a layer of confidence:
Unverified
Self-declared only. Name and email supplied by the customer, no checks run.
Basic
Form data submitted and sanctions/PEP screening passed. No document check.
Document
Identity document uploaded and manually reviewed. Matches screening result.
Verified
Document + automated liveness check + face match to document photo.
eID
Electronic identity (BankID, eIDAS-compliant eID) + document + ongoing monitoring.
Enterprise
Level 4 + EDD completed, UBO verified, senior approval recorded, continuous monitoring active.
Most retail onboarding sits at Level 2. Regulated financial services typically require Level 3 at minimum. High-risk clients, PEPs, or relationships above certain value thresholds may require Level 4 or 5.
When does assurance matter most?
Enhanced due diligence (EDD) cases
When a customer triggers EDD — because they are a PEP, operate in a high-risk jurisdiction, or present elevated risk indicators — the standard document-upload approach is not adequate. Regulators expect proportionately stronger identity evidence for higher-risk relationships. Assurance-level identity (liveness + face match + eID where available) meets this expectation in a documented, auditable way.
High-value transactions
For real estate transactions, large wealth management relationships, or high-value corporate onboarding, the risk of accepting a fraudulent identity is severe enough that Level 2 verification is difficult to defend. A forged passport that passes a manual review is not a compliance defence — it's a liability.
Remote onboarding
When a customer never physically appears in your office — which is increasingly common — the in-person identity check that used to anchor the process is absent. Remote onboarding without robust assurance is a significant vulnerability. Liveness detection and face matching are the remote equivalents of having someone verify a physical document in person.
Age-restricted services
For services with legal age requirements — financial products, certain insurance categories, or gambling-adjacent services — a document check alone is not sufficient evidence that the person using the service is the document holder. Assurance provides that link.
Verification vs assurance: what each one gives you
| Capability | Identity verification | Identity assurance |
|---|---|---|
| Document authenticity check | ✓ | ✓ |
| Sanctions / PEP screening | ✓ | ✓ |
| Liveness detection | ✗ | ✓ |
| Face match to document | ✗ | ✓ |
| eID integration | ✗ Typically | ✓ |
| Suitable for EDD | Borderline | ✓ |
| Defends against document forgery | ⚠ Partial | ✓ Strong |
| Defends against deepfake / video fraud | ✗ | ✓ With active liveness |
Where most platforms fall short
The market for identity verification tools is crowded. Most of them do the same thing: accept a document image, run an OCR extraction, and check the result against a watchlist. A handful go further and add some form of selfie comparison.
What few do is build the full loop: document OCR + security feature validation + active liveness detection + face match + risk context + audit trail + a workflow for manual review escalations. That complete chain is what turns an identity check into an identity assurance result you can defend to a regulator.
The other gap is integration. Most identity tools are standalone — the result sits in a separate system, disconnected from your CRM, your AML case management, and your onboarding workflow. A customer can pass identity verification in one tool and then flag for a high-risk indicator in another, with no automatic link between the two events. HubSecure Sentinel treats identity as one layer in a connected compliance workflow — the assurance result feeds directly into risk scoring, case creation, and the approval queue.
Go beyond document uploads
HubSecure Sentinel includes identity assurance as a built-in layer — document OCR, liveness, face match, and risk context in a single connected workflow.
Start free trial → See it in action