Frequently asked questions

Questions to consider when implementing GlobalGateway

Digital identity networks are only as good as the identity data sources and technology partners behind them. Data quality is the single most important factor in regulation compliance and risk mitigation verification.

The GlobalGateway identity network connects with hundreds of independent third-party data sources to validate and verify information that you collect from customers or businesses. We offer our clients access to a marketplace of unique and trusted data sources to automate due diligence processes for identity and business verification in order to comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements. Implementing an effective identity verification and/or business verification solution can be complex for customers in one country, let alone in multiple countries.

At Trulioo, we help to ensure that the verification workflows are efficient and right for your business from the very start. With hundreds of clients worldwide, we can help your business with frictionless onboarding, fraud prevention, improved risk profiling, and adherence to cross-border AML and KYC compliance requirements.

Below is a list of frequently asked questions about the Trulioo identity and business verification platform, GlobalGateway.


Are GlobalGateway data sources reliable and independent? How do you know?

Trulioo works with international data source providers, which undergo a thorough risk assessment to ensure that they meet required legislative and security standards. From initial vetting to onboarding, rigorous checks are in place, including determining business history and conducting an information security review to ensure the integrity of the data.

What types of data sources are used for online identity verification on GlobalGateway?

The following data sources are commonly used for online identity verification:

  • Citizen: Data sourced from either a utility- or government-issued database that is enhanced and updated with other source files such as public data, change of address, postal data, property data and data pooling with other organizations
  • Consumer: Data sourced from direct marketing campaigns
  • Credit: Data derived from a registered credit agency, or bureau, that manages consumer credit information on individuals with consumer credit history in that country
  • Electoral Roll: Government-collated and issued data for all citizens in a country who are enrolled to vote
  • Government Issued: Government-collated and issued databases or information. This includes national insurance numbers, driver’s licenses and passports
  • MNO: Active data from leading mobile network operators
  • National ID: Government-collated and issued data for countries that have a singular, national identification system with an associated number
  • Property Files: Data issued by the government or other accredited sources detailing ownership of property within a given country
  • Public Data/Resident Files: Mixed source that may include utility, consumer and other public information
  • Utility: Data issued for a national utility provider, which includes telephone, gas, electricity or water
  • Tele-connect: An automated telephone number verification service, which details whether a landline or mobile number is valid and hence connects, or is disconnected
  • Watchlists (OFAC, DFAT, EU, etc.): Watchlists and country sanction program list screening against a range of lists
  • Other Identity Validation: Validation of national identity numbers, social security numbers, national health numbers or other key country indicators of identity. Also includes validation of the unique reference number at the bottom of the global passport machine readable zone (MRZ), which specifies that it is valid and also includes the individual’s name and date of birth
How is the data on each record collected? How do people come into the file?

Trulioo provides identity verification services to clients across the globe, with coverage in 195+ countries. As a result, each data source is unique, as are the collection methods by which a file is established. What is consistent across all data providers is adherence to providing notice and requesting opt-in from users prior to the collection of data, as well as adherence to security and privacy best practices in protecting this information.

How frequently are the data sources updated? And how?

GlobalGateway provides access to a global resource of data sources, integrated via API into our system. Data sources have varying time frames that govern their data updates, primarily on a daily, weekly or quarterly cycle. Given the direct link to our data source providers, all updates are reflected in real time within GlobalGateway.

How comprehensive is the file? What is the percentage of population covered?

Coverage depends on the country and when the file is pulled. Since we are constantly updating sources and continuously acquiring newer data sources to improve match rates, the percentage of coverage changes frequently.

GlobalGateway has many countries with population coverage in excess of 80 percent (Category 1), which is achieved by checking multiple data sources. Our country categorization is based in part on the percentage of population covered for each country.

How do you classify data sources in GlobalGateway?

Countries in GlobalGateway are routinely enriched and new countries added. A three-category classification system shows the verification strength of each country (Category 1, Category 2 and Category 3). The classification system is based on how many data sources GlobalGateway has for the country and how much of the population is covered by the data sources for the country.

Trulioo is committed to transparency and so shares detailed information on sources once a prospect begins to evaluate services and initiates a non-disclosure agreement.

What are some of the data elements that are verified, and how do they match our AML program?

This is a critical question, and of course depends on the data source and the country. One great way to gain specific answers for this question is to download the GlobalGateway brochure. You can see the list of data sources in our portal with each data element required and verified for each source. Our data sources can verify the following types of data elements, among many others:

  • Full name
    • First name/given name
    • Last name/surname
  • Address
    • Street number/house number/civic number
    • Street name/street type
    • Postal code
    • State/region/province
  • Date of birth
  • Phone number
  • Passport number
  • National ID number
  • Driver’s license or similar government ID document
  • Facial recognition
  • Watchlist screening
Where is my customer data stored?

Trulioo does not retain customer personally identifiable information (PII).


What constitutes an identity verification, and how is it reported back to us?

A verification match is based on the configured rule for your implementation. The rule may include data elements such as first name, last name, date of birth, address fields, passport and national ID.

The verification results matrix in the GlobalGateway portal delivers a visualization of a verification result, displaying the match results for each individual attribute from each individual data source. This results matrix provides you with an enhanced understanding and greater clarity of why a customer was verified or not.

How do I get continuity between ensuring the highest possible match rates to maximize the business case for online verification, yet maintain KYC and risk mitigating process compliance?

GlobalGateway includes multiple built-in standard verification rules, as well as the ability to define your own match rules. GlobalGateway also provides the ability to apply different rules for different countries, enabling you to comply with regional and international AML and Counter Terrorism Funding (CTF) regulations.

How do I test to ensure that all results are consistent and no incorrect matches can slip through the system?

GlobalGateway provides the ability to create multiple test entities per country, allowing you to test for consistency.

Do I need to vary the rules per country based on regulations/available datasets/available data elements?

It depends. Verification rules can be dependent on the country and industry. Trulioo recommends discussing your verification requirements with your legal counsel to ensure that you are compliant with country-specific regulations.

Do I get a full audit trail back with all the granular details if the regulator comes knocking?

GlobalGateway tracks every identity verification match that you run, keeping an audit trail. When you need to run an audit or produce detailed reports of your verifications, you can access details of your past transactions quickly and easily.

Do the required fields differ per country?

Required fields can differ per country and per data source. Certain data sources may require identity information such as a national ID or Social Security Number.

Are the output results consistent per country, or do I need to cater to different results?

A verification match is consistent across GlobalGateway, and we strive to maintain a consistent set of data fields (name and address fields). However, there is a subset of fields that can be different per country.

Can I integrate to one API, or do I need a different API for each country?

GlobalGateway deploys a normalized API that is country agnostic, providing a consistent and normalized set of data fields for client service integration. The normalized GlobalGateway API allows you to customize the integration of GlobalGateway into your automated business processes or website.

How long does GlobalGateway onboarding usually take?

Onboarding as a client of Trulioo depends on a number of factors, including the number of countries selected and your development team’s timeline. Simple onboarding cases (for example, national and international) can take as little as one day.

How can I cost-effectively re-verify customers against a watchlist to fulfill recurring AML due diligence requirements?

To address the recurring need to remediate client data attributes, Trulioo offers a batch service where you can upload and process batch files (up to 200,000 transactions) to re-verify customers against the watchlist (AML/PEP/OFAC lists) data source with minimal impact on business. In one to five business days, the results are provided in the form of a CSV file with a negative or positive flag per individual. For positively flagged individuals, links to the specific list(s) they were identified on are provided. For more information, visit our AML watchlist page.


What is identity verification?

Identity verification is a process that compares identity information from an individual to database results, to see if it matches. For example, a new customer might be asked for their full name, phone number, address and date of birth. This identity information is then compared to records from credit bureaus, government agencies, utilities or various other reliable and independent sources to see if that personal identifiable information (PII) is accurate.

What is the difference between identity verification and identity authentication?

Identity verification confirms that an identity provided actually exists and matches records. However, this confirmation does not indicate that the identity is authentic, that is, that the individual is who they say they are. Identity authentication goes a step further and makes sure that the person claiming the identity actually owns it. For example, facial recognition matches a person’s selfie with the photo on their identity document.

What is AML?

Anti-Money Laundering (laws). To disrupt and prevent corruption, terrorist financing and other criminal activities, governments enact AML regulations requiring banks and other financial institutions to ascertain that the customer and their funds are legitimate.

What is KYC?

Know Your Customer. As part of AML, financial institutions need to establish customer identity and do Customer Due Diligence (CDD) to ensure that they know the source of the customer’s funds and determine the associated risk of doing business with them.

What is a Customer Identification Program (CIP)?

The initial step of an effective KYC process is to accurately identify an individual. Each financial institution has to have a set policy for account opening, identity verification, account screening, customer notification and record keeping.

What are PEPs?

Politically exposed persons. These are individuals who, based on their position of power and influence, pose a higher risk of bribery and corruption. Due to their higher risk category, CDD requirements are more stringent (see Enhanced Due Diligence).

What is a watchlist?

Anti-Money Laundering (AML) sanctions lists. These are lists of individuals who are suspected (or convicted) of various financial crimes and restricted from doing business in sanctioning countries. These lists come from diverse government sources, international regulators and law enforcement agencies.

What is Customer Due Diligence (CDD)?

A legislated responsibility of banks and other financial institutions to understand their customer’s activities and do an analysis of their risk of money laundering and terrorist financing. CDD is a critical element of effectively managing the institution’s risks and protecting itself against potential financial crimes and nefarious activities.

What is Enhanced Due Diligence?

Types of activities or account holders that require extra customer due diligence scrutiny. If an account type or account owner has a higher risk of money laundering or terrorist funding, then it’s subject to Enhanced Due Diligence (EDD).

What is fintech?

Financial technology. While any technology used in finance could, technically, be fintech, the term is now more descriptive of new financial startups that are offering innovative technology and processes. According to PwC, “fintech is a dynamic segment at the intersection of the financial services and technology sectors where technology focused startups and new market entrants innovate on the products and services currently provided by the traditional financial services industry.” For more information, please see our blog articles on fintech.

What is RegTech?

Regulation technology. This term describes the field of companies that help financial firms deal with the burden of regulations. According to Deloitte, “RegTech helps firms to automate the more mundane compliance tasks and reduce operational risks associated with meeting compliance and reporting obligations. In the long term, RegTech will empower compliance functions to make informed risk choices based on data provided insight about the compliance risks it faces and how it mitigates and manages those risks.” For more information, please see our blog articles on RegTech.

What is beneficial ownership?

According to the FATF, “beneficial owner refers to the natural person(s) who ultimately owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a legal person or arrangement.” That is to say, you need to know who you are doing business with, the real person (or group of people) who owns or controls that business.

The beneficial owner is often referred to as the UBO, which stands for Ultimate Beneficial Owner.

What is business verification?

Verifying business entities involves matching information provided by the entity against information taken from the public information available from the in-country business registrar in the specific area or jurisdiction (or other reputable source), including but not limited to name, registration number, address, telephone, date of incorporation, status, beneficial owners and other information related to the operation of the business.

What is KYCC?

Know Your Customer’s Customer. As an extension of KYC requirements, KYCC takes those requirements to the next level and looks to who your customers are doing business with, their source of funds and its legitimacy, and the risk that these third parties are laundering money.

What is KYB?

Know Your Business. Similar to KYCC, it’s a requirement to do proper Customer Due Diligence and risk assessment on corporate accounts to ensure that the source of funds is legitimate and the risk to launder money or finance terrorism is sufficiently low to do business with. Also referred to as corporate KYC.

How can I verify Ultimate Beneficial Owners (UBO)?

If your business is required to adhere to international or local AML regulatory requirements, your organization needs procedures and processes to collect information about the beneficial owner. When opening business accounts, in addition to collecting the usual business information (name of business, place of business, type of business, business registration number), you need to obtain the identity of all individuals who have a significant ownership or control position. Also, if there is a significant change on the account, collect the beneficial ownership information.

The beneficial ownership information includes:

  • With respect to the natural person opening the account: name and title;
  • With respect to the legal entity customer: name and address;
  • With respect to the beneficial owners:

– Name (and title for the controlling individual(s));

– Date of birth;

– Address; and

– Social security number, or passport number and country of issuance or similar ID number

Still haven’t answered your questions?

Please send an email to or fill out a contact form and let us know how we can help.