Questions to consider when implementing Global Electronic Identity Verification and Business Verification

Electronic identity and business verification are only as good as the data sources behind it. Data quality is the single most important factor in regulation compliance and risk mitigation verification. GlobalGateway uses multiple independent third-party data sources to validate and verify information that your customers or businesses provide during onboarding or registration. We offer our clients access to hundreds of unique and trusted data sources to automate due diligence processes for identity and business verification in order to comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements. Implementing an effective identity verification and/or business verification solution can be complex for customers in one country, let alone in multiple countries.

At Trulioo, we help to ensure the foundational components for electronic identity verification and business verification are efficient and right for your business from the very start. With hundreds of clients worldwide, we can help your business with frictionless onboarding, fraud prevention, improved risk profiling, and adherence to cross-border AML and KYC compliance requirements.

Below is a list of frequently asked questions about Trulioo’s electronic identity and business verification service, GlobalGateway.


Q: Are Trulioo’s data sources reliable and independent, and what are the means to determine this? + -

A: Trulioo works with leading data source providers, who internally enforce the highest data privacy and industry compliance standards. From the vetting process to on-boarding, rigorous checks are in place including determining business history, as well as executing security compliance checks to ensure the integrity of our data.

Q: What are the types of data sources used for eIDV on GlobalGateway? + -

A: The following data sources are commonly used for eIDV:

  • MNO: Active data from leading Mobile Network Operators.
  • Citizen: Data sourced from either a utility or government issued database that is enhanced and updated with other source files such as public data, change of address, postal data, property data, and data pooling with other organizations.
  • Consumer: Data sourced from direct marketing campaigns.
  • Credit: The data is derived from a registered credit agency, or bureau, which manages consumer credit information on individuals with consumer credit history in that country.
  • Electoral Roll: Government collated and issued data, for all citizens in a country, who are enrolled to vote.
  • Government Issued: Government collated and issued databases, or information. This includes national insurance numbers, driver’s licenses and passports.
  • National ID: Government collated and issued data for countries which have a singular, national identification system with an associated number.
  • Property Files: Data issued by the government or other accredited sources detailing ownership of property within a given country.
  • Public Data/Resident Files: Mixed source which may include utility, consumer, and other public information.
  • Utility: Data issued for a national utility provider which includes telephone, gas, electricity, or water.
  • Tele-connect: An automated, telephone number verification service, which details whether a landline or mobile number is valid and hence connects, or is disconnected.
  • Watchlists (OFAC, DFAT, EU, etc.): Watchlists and country sanction program list screening is available against a rang of lists.
  • Other Identity Validation: Validation of national identity numbers, social security numbers, national health numbers, or other key country indicators of identity. Also includes validation of the unique reference number at the bottom of global passport machine readable zone (MRZ), which specifies that is it valid and also includes the individual’s name and date-of-birth.

Q: How is the data on each record collected, i.e. how do people come into the file? + -

A: Trulioo provides identity verification services to clients across the globe, with coverage in 195+ countries. As a result, each data source is unique, as are the collection methods by which a file is established. What is consistent across all data providers is an adherence to providing notice and requesting opt-in from users, prior to the collection of data, as well as the adherence to security and privacy best practices in protecting this information.

Q: How do people subsequently get removed from the file? + -

A: Each of our data partners adheres to the data retention practices governed by the laws and privacy standards in which the data is hosted, to ensure integrity. As such, retention practices will vary based on the country and provider, with a focus on maintaining the quality and integrity of the collected information over time. For any legally-compliant data removal request, individuals should contact the respective Data Controller in question.

Q: How frequently is the database updated? And how? + -

A: GlobalGateway provides access to a global resource of data sources, integrated via API to our system. Each data source has varying time frames by which the update of their data is governed. Primarily within a daily, weekly or quarterly cycle. Given the direct link to our data source providers, all updates are reflected in real time within GlobalGateway.

Q: How comprehensive is the file, e.g. % of population covered? + -

A: This depends on the country and when the file is pulled. Since we are constantly updating sources and continuously acquiring newer data sources to improve match rates, the percentage of coverage changes frequently.

GlobalGateway has many countries with population coverage in excess of 80% (Category 1) which is achieved by checking multiple data sources. Our country categorization is based in part on the percent of population covered for each country.

Q: What system is used to classify data sources in GlobalGateway? + -

A: Countries in GlobalGateway are routinely enriched and new countries added. A 3 category classification system shows the verification strength of each country (Category 1, Category 2, and Category 3). The classification system is based on how many data sources GlobalGateway has for the country, how much of the population is covered by the data sources for the country, and if the data sources meet or exceed age verification guidelines and AML requirements. Trulioo is committed to transparency and so makes available detailed information on sources once a prospect begins the evaluation of services and initiates a non-disclosure agreement.

Q: Which data elements are verified and how does that match our AML program? + -

A: This is a critical question, and of course depends on the data source and the country. One great way to gain specific answers for this question is to sign up for a free trial or schedule a GlobalGateway demo with our sales rep. You can see the list of data sources in our portal with each data element required and verified for each source. Our data sources can verify the following types of data elements:

  • Full Name
    • First Name/Given Name
    • Last Name/Surname
  • Address
    • Street Number/House Number/ Civic Number
    • Street Name/Street Type
    • Postal Code
    • State/Region/Province
  • Date of Birth
  • Phone Number
  • Passport Number
  • Driver’s License or similar government ID
  • National ID Number

Q: Where is my customer data stored? + -

A: Trulioo does not retain customer Personally Identifiable Information (PII).


Q: What constitutes an ID Verification and how is this reported back to us? + -

A: A verification match is based on the configured rule for your implementation, the rule may include first name, last name, date of birth, address fields, passport and national ID.

The Verification Results Matrix in the GlobalGateway portal delivers a unique visualization of a verification result; displaying the match results for each individual attribute from each individual data source. This provides you with an enhanced understanding and greater clarity of why a customer was verified or not.

Q: How do I get continuity between ensuring the highest possible match rates to maximize the business case of eIDV, yet maintain KYC and risk mitigating process compliance? + -

A: GlobalGateway includes multiple built-in standard verification rules, as well as the ability to define your own match rules. GlobalGateway also provides the ability to apply a different rule per country enabling you to comply with regional and international AML and CTF regulations.

Q: How do I test to ensure all results are consistent, and no incorrect matches can slip through the system? + -

A: GlobalGateway provides the ability to create multiple test entities per country, allowing you to test for consistency.

Q: Do I need to vary the rules per country based on regulations/available datasets/available data elements? + -

A: It depends. Verification rules can be dependant on the country and industry, Trulioo recommends discussing your verification requirements with your legal counsel to ensure you are compliant with country specific regulations.

Q: How is the addressing done in the country and how does that feed into the ruleset? + -

A: Address information is managed by the built-in logic in GlobalGateway to ensure it maps to a country’s specific format and orientation. All or some of an address may be incorporated into a verification rule; this is dependant upon the rule itself.

Q: Do I get a full audit trail back with all the granular details if the regulator comes knocking? + -

A: Each verification transaction is logged in GlobalGateway with a TransactionID. You can search for prior transactions through the Transaction History tab.

Q: Do the required fields differ per country? + -

A: Required fields can differ per country and per data source, certain data sources may require ID information such as a National ID or Social Security Number.

Q: Are the output results consistent per country, or do I need to cater for different results? + -

A: A verification match is consistent across GlobalGateway, and we strive to maintain a consistent set of data fields (name and address fields), however there is a subset of fields that can be different per country.

Q: Can I integrate to one API, or do I need a different API per country? + -

A: Trulioo provides 2 options for integration:

  • XML Direct: A WSDL based web service that allows you to fully customize the integration of GlobalGateway into your automated business processes or website. XML Direct is GlobalGateway’s legacy API that provides country & data source specific fields.
  • Normalized API: A normalized API which is country agnostic, providing a consistent and normalized set of data fields for client service integration. The Trulioo Normalized API allows you to customize the integration of GlobalGateway into your automated business processes or website.

Q: Are there common nicknames, multiple names, etc.? Can the vendor cater for these or do I need to update my form? + -

A: With XML Direct, you can update the form per country based on the XML Guidelines Trulioo supplies per country. The Normalized API provides a “normalized” (generic) set of fields across all countries.

Q: How long does onboarding usually take? + -

A: Onboarding depends on a number of factors including integration type (XML Direct or Normalized API), the number of countries selected, and your development team’s timeline. Simple onboarding cases (e.g. national and international) can take as little as one day.

Q: How can I cost-effectively re-verify customers against a watchlist to fulfill recurring AML due diligence requirements? + -

A: To address the recurring need to remediate client data attributes, Trulioo offers an AML Batch Service where you can upload and process batch files (up to 200,000 transactions) to re-verify customers against the Watchlist (AML/PEP/OFAC lists) data source with minimal impact on business. In one to five business days, the results are provided in the form of a CSV file with a negative or positive flag per individual. For positively flagged individuals, links to the specific list(s) they were identified on are provided. For more information, visit our AML Batch Service page.

Q: How long does it take to process an AML batch file? + -

A: AML Batch process is completed in one to five business days, depending on batch size (up to 200,000 transactions).

Q: How are results for an AML Batch processing returned? + -

A: The results are provided back in the form of a CSV file with a negative or positive flag per individual. For positively flagged individuals, links to the specific list(s) they were identified on are provided. Results are also available in the GlobalGateway portal.


Q: What is identity verification? + -

A: A process that compares identity information from an individual, to database results, to see if it matches. For example, a new customer might be asked for their full name, phone number, address and date of birth. This identity information is then compared to records from credit bureaus, government agencies, utilities or various other reliable and independent sources to see if that personal identifiable information (PII) is accurate.

Q:What is the difference between identity verification and identity authentication? + -

A: An identity verification confirms that an identity provided actually exists and matches records. However, this does not indicate that the identity is authentic, that the individual is who they say they are. Identity authentication, often referred to as knowledge-based authentication (KBA), goes a step further and requires providing an answer to a uniquely qualifying question. For example, what is the name of your first pet, or another question that only you would know.

Q: What is AML? + -

A: Anti-money laundering (laws). To disrupt and prevent corruption, terrorist financing and other criminal activities, governments enact AML regulations requiring banks and other financial institutions to ascertain that the customer and their funds are legitimate.

Q: What is KYC? + -

A: Know your customer. As part of AML, financial institutions need to establish customer identity and do customer due diligence to ensure they know the source of the customers funds and determine the associated risk of doing business with them.

Q: What is a Customer Identification Program (CIP)? + -

A: The initial step of an effective KYC process is to accurately identify an individual. Each financial institution has to have a set policy for account opening, identity verification, account screening, customer notification and record keeping.

Q: What are PEPs? + -

A: Politically Exposed Persons. These are individuals who, based on their position of power and influence, pose a higher risk of bribery and corruption. Due to their higher risk category, customer due diligence requirements are more stringent (see enhanced due diligence).

Q: What is a watchlist? + -

A: Anti-Money Laundering (AML) sanctions lists. These are lists of individuals who are suspected (or convicted) of various financial crimes and restricted from doing business in sanctioning countries. These lists come from diverse government sources, international regulators and law enforcement agencies.

Q: What is Customer Due Diligence (CDD)? + -

A: A legislated responsibility of banks and other financial institutions to understand their customer’s activities and do an analysis of their risk of money laundering and terrorist financing. CDD is a critical element of effectively managing the institutions risks and protecting itself against potential financial crimes and nefarious activities.

Q: What is Enhanced Due Diligence? + -

A: Types of activities or account holders that require extra customer due diligence scrutiny. If an account type or account owner has a higher risk of money laundering or terrorist funding, then it’s subject to enhanced due diligence (EDD).

Q: What is Fintech? + -

A: Financial technology. While any technology used in finance could, technically, be Fintech, the term is now more descriptive of new financial startups that are offering innovative technology and processes. According to PWC, “Fintech is a dynamic segment at the intersection of the financial services and technology sectors where technology focused startups and new market entrants innovate on the products and services currently provided by the traditional financial services industry.” For more information please visit our Blog: fintech.

Q: What is RegTech? + -

A: Regulation technology. This recent term is for the nascent field of companies that help financial firms deal with the burden of regulations. According to Deloitte, “RegTech helps firms to automate the more mundane compliance tasks and reduce operational risks associated with meeting compliance and reporting obligations. In the long term, RegTech will empower compliance functions to make informed risk choices based on data provided insight about the compliance risks it faces and how it mitigates and manages those risks.” For more information please visit our Blog: RegTech.

Q: What is Beneficial Ownership? + -

According to the FATF, “beneficial owner refers to the natural person(s) who ultimately owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a legal person or arrangement.” That is to say, you need to know who you are doing business with, the real person (or group of people) who owns or controls that business.

The beneficial owner is often referred to as the UBO, an acronym for ultimate beneficial owner.

Q: What is Business Verification? + -

Business Verification verifies business entities by matching information provided by the entity against information taken from the public information available from the in-country business registrar in the specific area or jurisdiction (or other reputable source) including but not limited to name, registration number, address, telephone, date of Incorporation, status, beneficial owners and other information related to the operation of the business.

Q: What is KYCC? + -

KYCC is an acronym for Know Your Customer’s Customer.  As an extension of KYC requirements, KYCC takes those requirements to the next level and look to who your customers are doing business with, their sources of funds and its legitimacy, and the risk that these third parties are laundering money.

Q: What is KYB? + -

KYB is an acronym for Know Your Business. Similar to KYCC, it’s a requirement to do proper customer due diligence and risk assessment on corporate accounts to ensure that the source of funds is legitimate and the risk to launder money or finance terrorism is sufficiently low to do business with.

Q: How to verify Ultimate Beneficial Owners (UBO)? + -

If your business is required to adhere to international or local AML regulatory requirements, your organization needs procedures and processes to collect information about the beneficial owner. When opening business accounts, in addition to collecting the usual business information (name of business, place of business, type of business, business registration number), you will need to obtain the identity of all individuals who have a significant ownership or control position. Also, if there is a significant change on the account, collect the beneficial ownership information.

The beneficial ownership information includes:

  • With respect to the natural person opening the account: name and title;
  • With respect to the legal entity customer: name and address;
  • With respect to the beneficial owners:

– Name (and title for the controlling individual(s));

– Date of birth;

– Address; and

– Social security number, or passport number and country of issuance or similar ID number

Still haven’t answered your questions?

Please send an email to contact@trulioo.com or fill out a form and let us know how we can help.