Trust Platform Product Description 1

Trust Platform.

Summary

IDnow Trust Platform is a module‑based, configurable ecosystem enabling Customers to compose services and workflows to fit their specific use cases and regulatory requirements.

Service Description

IDnow Trust Platform is a unified platform layer through which Customers may access and use both IDnow in-house services and third party services, depending on the respective products used.

By consolidating service consumption via a platform approach, it is intended to reduce Customer-side integration and ongoing maintenance effort and to support faster deployment of additional workflows over time, including iterative changes without repeated re-integration efforts.

Benefits include, but are not limited to:

  • Lower integration and maintenance effort on the Customer side
  • Faster time-to-market for new use cases and workflows
  • Future-proof setup: easier to add, switch, or optimize services without redoing integrations
  • Frees up Customer developer resources for iterative changes
  • Central visibility on performance KPIs across different workflows
  • Unified monitoring and analytics for workflows and services used via the platform

Key Capabilities

Modules within the Trust Platform:

Email and Phone Number Signals 

Email & Phone Signals is an intelligence layer that assesses the legitimacy and risk level of a user’s email address and/or phone number at the point of verification. Taking these inputs, the component cross-references them against a wide range of data sources — public records, messaging apps, data breaches, social accounts, and network indicators — to produce a composite risk score.

The component analyses inputs across four dimensions:

  • Email quality: format validity, domain age and activity, disposable or alias detection, spam trap flags, string pattern analysis, and velocity (number of connected accounts and services).
  • Phone quality: number validity and type, disposable or Voice over Internet Protocol (VoIP) detection, porting history, messaging app presence, and velocity.
  • Cross-signal consistency: checks whether the email and phone are linked to each other, whether names match across public records, Google, Skype, and data breach sources, and whether geolocation and time zone signals are coherent.
  • Network & session context: IP masking (VPN, Tor, proxy), IP blocklist status, and browser/session anomalies (automation tools, headless browsers, behavioral inconsistencies).

The combination of signals produces a final score, which is compared against a configurable threshold to determine the status.

Customers can provide an email address, a phone number, or both as inputs. The scoring threshold is configurable, allowing teams to calibrate sensitivity to their risk appetite. 

Device Signals

Device Signals is a passive intelligence layer that runs silently during a session, collecting technical data from the user’s device and network environment. 

It serves three core purposes: creating a unique device fingerprint, recognizing returning devices, and generating a trust score to assess the risk level of the interaction.

Signals are captured across three layers:

  • Browser — browser name, version, OS, device type, and incognito mode detection.
  • Network — IP address, geolocation, VPN, Tor, proxy, and IP blocklist status.
  • Device integrity — bot detection, emulator, root/jailbreak, tampering, location spoofing, virtual machine, and man-in-the-middle attack detection.

These signals are combined to produce a unique ID (a stable device fingerprint), a composite trust score, and a verdict applied against a configurable threshold.

Velocity monitoring and proximity analysis add a behavioral dimension, flagging unusual activity patterns or suspicious device clustering over time.

Configuration

The trust score threshold is fully configurable, allowing customers to calibrate sensitivity to their risk appetite. 

Biometric Authentication (via third-party service provider)

This service provides a seamless, secure method for user authentication using facial biometrics. The process begins with the enrolment of the user into the service leveraging the selfie image captured during the identity verification process. This image is securely processed and used to create a biometric template which is based on unique facial characteristics. Once the user is enrolled, subsequent authentication checks can be performed by performing a biometric liveness check and comparing the user against their stored biometric template. The service ensures a frictionless and secure user experience, reducing the need for traditional second factor authentication steps.

The biometric verification process meets stringent security standards, ensuring data protection and compliance with regulatory requirements. The service is highly adaptable and can be configured to meet the specific needs of various industries, where robust identity verification is critical. Whether used as part of a multi-factor authentication flow or as a standalone verification method, this solution offers enhanced security while minimizing user friction.

Biometric Authentication services are provided by a third-party provider on their terms and conditions available here: this link.

EUDI Wallets

EUDI Wallets are government-issued or regulated digital identity wallets that allow individuals to securely store, manage, and present verified identity credentials and attributes — online and in person. Built under the eIDAS 2.0 regulation, they give users full control over what personal data they share, with whom, and when.

Unlike traditional document-based identity verification, the identity data returned via an EUDI Wallet is pre-verified and cryptographically secured, sourced directly from government-authorized providers. The wallet can hold a range of credentials — from Person Identification Data (PID), which serves as the basis for KYC and identity verification, to Qualified Electronic Attestations of Attributes (QEAA) such as tax data or mobile driving licenses, and non-qualified Electronic Attestations of Attributes (EAA) such as employee IDs or loyalty cards.

EUDI Wallet verification operates at a High Level of Assurance (LoA High) under eIDAS 2.0. It uses the OID4VP (OpenID for Verifiable Presentations) and mdoc protocols to request and verify credentials from the user’s wallet. Selective disclosure is supported by design — meaning only the specific attributes required for a given use case are requested and shared, minimizing unnecessary data exposure.

A successful verification returns identity attributes (e.g. name, date of birth, nationality) and any additionally requested credentials directly from the wallet, mapped to structured data blocks (e.g. BasicIdentity, ExtendedIdentity) for seamless integration into the Trust Platform flow.

EUDI Wallet verification can be used as a standalone method or combined with other steps (e.g. AML screening, biometric authentication, electronic signatures) depending on the customer’s regulatory requirements and risk policy.

eID Schemes

eID schemes are government-issued or regulated digital identity solutions that allow individuals to verify their identity online using a trusted, cryptographically secured credential. Unlike traditional document-based identity verification, the identity data returned is pre-verified and legally recognized in the issuing jurisdiction.

eID schemes typically meet High or Substantial assurance levels under eIDAS or equivalent national standards, and use the OIDC protocol for authentication. A successful verification returns identity attributes (e.g. name, date of birth, nationality) directly from the issuing authority — the exact scope varies by scheme.

eID verification can be used as a standalone method or combined with other steps (e.g. document-based identity verification, AML screening) depending on the customer’s regulatory requirements and risk policy.

Customers can enable or disable individual eID schemes (e.g. France Identité, German eID) based on their market and compliance needs. One or multiple schemes can be active simultaneously, and eID verification can be combined with other steps (e.g. AML screening, document-based identity verification) within the same workflow.

User Due Diligence  

Product Configuration: Customers may configure the product in terms of:

Identity Data Checks — UK only

  • Validation of a user’s identity using full Electoral Roll and Credit Bureau data (UK only).  
  • Required input from Customer: user’s full name, address and date of birth. 
  • 2+2 check: verifies (i) name + address AND (ii) name + date of birth against two independent data sources to maximize match confidence.  
  • Validation outcome (e.g., pass/fail) returned as part of the transaction response.
  • The query creates a money‑laundering footprint on the queried person’s bureau profile.

AML Screening / Monitoring

  • PEP & Sanctions Screening: checks whether a specified person is a Politically Exposed Person (PEP), a close relative/associate of a PEP, or listed on sanctions lists. This check is done against the following sanctions lists: O.F.A.C (Office of Foreign Assets Control), US Treasury Department, French Asset Freeze List, HMT (His Majesty’s Treasury Department UK), European Union, Government of Netherlands National Terrorism List, United Nations, Office of the Superintendent of Financial Institutions.
  • Customer may opt to exclude former PEPs (ex‑PEPs) from results.  
  • Results: returns matches found (provides up to 100 matching entries if multiple matches exist).

Adverse Media 

  • Purpose: global media search against published sources for negative coverage relating to serious crime.
  • Coverage: flags individuals accused of, arrested or convicted for Financial Crime, Terrorism, Organized Crime, Trafficking and Corruption.
  • Results: returns matched records as part of the screening response (up to 100 matches if multiple results exist).

White-Labeled Dashboard

Each compliance check (e.g., AML, PEP) returns a unique transaction or user ID, enabling full traceability across all screenings.

A white-labeled dashboard is provided to the customer, offering a branded back-office interface to manage and review all screening activity in one centralized place.

Key Capabilities

  • Search & Review: Quickly search for individual screenings or browse all matches across the entire customer portfolio
  • Full Screening Details: Each screening record displays comprehensive results, with additional data available on demand
  • Match Management: Confirm or reject individual matches directly within the interface
  • Case Management: Use the dashboard as a fully integrated back-office tool for compliance workflows

Matching thresholds

Customers can configure name‑query and date‑of‑birth match thresholds for PEP & Sanctions screening to align with their risk appetite and improve match accuracy.

Financial Risk Checks — UK only

  • Mortality Data Check
    • Purpose: identifies whether an end‑user is deceased using Probate, Funeral and Registration sources.
    • Coverage: ~12 million records (~85% of UK deaths), updated weekly (~40,000 additions/month). 
    • Results: returns up to 10 matching records.
  • Application Data Check
    • Purpose: identifies enquiries for high‑cost, short‑term (HCST) loans (payday loans) to flag financial vulnerability.
    • Coverage: dataset includes ~2.5 million records (~44% of highest‑risk UK consumers).
    • Interpretation: a match indicates enquiry/intent for HCST credit (not necessarily an application or approval) and signals potential financial vulnerability; absence of a match does not guarantee lack of HCST use or financial stress.
    • Usage: intended as an additional risk indicator; Customers should consider it alongside other data before decisioning.
  • Vulnerability Data Check
    • Purpose: checks for self‑declared vulnerability entries in the Vulnerability Registration Service (VRS).
    • Output: two result sections — a mandatory VC flag (always returned) and optional Sub‑flags (returned when available).
    • Use case: helps identify customers with circumstances that may affect their ability to manage financial responsibilities so that appropriate measures can be applied.

Technical Integration (UK services)

  • Service environment: Trust Platform for the UK operate in the third-party-service environment and are provided under UK law.
  • Security measures: Technical and organisational measures of third-party-service apply to these services.
  • Scope of IDnow measures: IDnow’s technical and organisational measures (as per the main Agreement) continue to apply to identification/KYC services ordered and executed within the IDnow environment.
  • Logical separation: third-party-service environment is logically separated from the IDnow environment; third-party-service does not have access to the IDnow environment.
  • Data exchange: Data and service requests/results are exchanged via API endpoints.
  • API access: Customers retrieve Trust Platform results and any additional identification service orders via the provided API.
  • Compliance note: Customers should review both third-party-service and IDnow security documentation and the Order Agreement for precise responsibilities, integration details and data flow specifics.

Optional Modules

Ongoing Monitoring

  • Customers may enable continuous re‑screening against the same PEP, sanctions and adverse‑media databases to detect changes in status.
  • Default cadence: monthly monitoring unless otherwise agreed.
  • Management: monitored records can be added or removed via Portal or API.
  • Alerts: notifications delivered via webhooks; Customers are notified of alerts requiring investigation, remediation or marking as false positives.

Address Lookup  

  •  Purpose: verify and standardise address data to improve accuracy and streamline capture.  
  •  Address completion: expands partial input into a fully formed, standardised address using authoritative data sources and algorithms.  
  •  Multiple matches: returns up to 100 potential address matches when the input is ambiguous.

Pre-defined Available Configurations

Any of the below services can be used separately or combined

Standalone services:

  • Identity Data Check – UK residents (2+2)
  • PEP
  • Sanction
  • UK financial risk checks
  • Document & Biometric verification (IDCheck) 

Combined bundles:

  • PEP & Sanction
  • Identity Data Check – UK, PEP & Sanction
  • Identity Data Check – UK, PEP & Sanction, UK financial risk checks

Standard Data Retention and Deletion

  • Screening cadence: checks may be performed as a one‑off (onboarding) or on an ongoing basis (daily, weekly, monthly) according to Customer configuration.  
  • Retention: personal data is retained for up to six (6) years unless a different period is agreed contractually or required by applicable law.

Data Privacy

When Customers purchase IDnow services, personal data may be processed and transferred outside the European Union depending on the selected products and configurations. The Customer (as Controller) remains responsible for obtaining any required consents from end‑users and for fulfilling all applicable information obligations under data protection law.

Processing personal data

  • Scope: the personal data processed depends on the chosen product modules and configuration (e.g., identity attributes, contact details, document images, screening results).  
  • Additional fields: telephone or mobile numbers and other data may be processed if requested by the Customer or required by a chosen module.  
  • KYC services: where Customers purchase additional KYC modules, the processing rules in the respective product descriptions and the Data Processing Agreement (DPA) apply.  
  • Processing activities: may include reception of Customer‑supplied data, queries against relevant data sources, rule‑based controls specified by the Customer, and the return of verification/screening results.

Service Hours 

  • Scheduled Unavailability: Short maintenance windows for upgrades or routine maintenance may occur.
  • No mandatory downtime: Normal production operation does not require planned downtime; scheduled windows are used only when necessary and communicated in advance where practicable.

Platform Fee 

A Platform Fee is a license fee charged for the right to access the Trust Platform (i.e., the platform layer) and to use the platform capabilities that enable consumption of IDnow services via that layer .

The Platform Fee is distinct from any usage-based fees or product-specific fees that may apply to the individual services consumed via the platform.

The Platform Fee covers the provision and operation of the Trust Platform capabilities, including:

  • Single integration into the platform layer (instead of multiple point-to-point integrations), 
  • An orchestration layer to plug in and combine multiple IDnow services in one place, 
  • Access to dashboard that allows you to review past verifications and analytics for monitoring,
  • Optimize conversion rate and fraud detection with Trust Platform A/B testing,
  • Support and maintenance by IDnow for the platform access and the services used via the platform, in accordance with the applicable support terms.[PF4] 

Compliance summary

IDnow Trust Platform support relevant regulatory frameworks, while customers remain responsible for selecting modules and configurations that meet their jurisdictional obligations. Security and operational controls are provided by IDnow and, for UK services, by third-party-service under their respective technical and organizational measures. Platform Services include screening and risk modules and provide monitoring and logging to enable auditability, with specific responsibilities and terms documented in the Order Agreement.

Trust Platform Product Description 2

Questions?

Talk to an expert