Verifying identities around the world: building assurance, preventing fraud, and staying compliant

Do you want to expand globally and need tools to build a robust identity verification (IDV) strategy?

Persona helps global fintechs, financial institutions, and other industries achieve this goal through its advanced IDV platform. How did they manage to build it? The secret lies in their Guide to Verifying Identities Around the World, where Persona’s ID experts outline how businesses can adapt their verification processes across geographies, balancing assurance needs, fraud risks, and regulatory demands.

Mirela Ciobanu, Lead Editor at The Paypers, shares the main takeaways from the guide.

The Guide to Verifying Identities Around the World in a nutshell

The guide explores how organisations can verify individuals and entities globally while delivering an exceptional user experience, preventing fraud, and staying compliant at the same time. The main challenges stem from operating across borders and jurisdictions, each with different regulations and requirements for identity verification. Businesses must also ensure that the person or entity they are engaging with is who they claim to be, a complex task in the age of deepfakes, document forgery, and synthetic identity fraud.

Another difficulty lies in balancing the legally required or business-desired level of assurance (the degree of certainty that an individual or entity is genuine) with the cost of achieving it and the friction introduced into the user journey (since more friction often leads to lower conversion rates).

The silver lining comes from technology providers like Persona, which combine business insight with advanced technical solutions to help globally expanding companies stay compliant and secure. Their platform keeps pace with evolving fraud trends, legal frameworks, and regulatory updates worldwide, while offering automated, fast, and reliable identity verification powered by up-to-date user and business data.

In the following sections, we’ll explore how to achieve this balance, based on the main takeaways from Persona’s Guide to Verifying Identities Around the World.

IDV relies on data, and data differ everywhere

Persona’s experts emphasise that a strong IDV framework must be rooted in data. However, the type of data collected, the way it is gathered, and how it is used can vary widely across jurisdictions. 

To meet different business goals and regulatory requirements, Persona recommends building around four key pillars:

• What type of data do you collect;
• How much information do you need;
• How that information is processed and validated;
• How fraud and compliance considerations are factored in.

Yet, there’s no perfect or universal model. As Persona notes, every organisation must adapt its IDV processes based on its risk appetite, business model, and the assurance level required in each geography.

The type of identity information and evidence collected

Government-issued IDs remain the cornerstone of most IDV programs, but their formats, materials (e.g., laminated plastic), visual security features (e.g., watermarks, holograms, embedded fibres, UV-sensitive inks, etc.), and embedded technologies vary. Some countries use plastic IDs with security chips; others still rely on paper documents (for instance, Italy, Venezuela, and Brazil).

To combat counterfeiting, many governments now embed encrypted chips into physical IDs. These chips securely store personal information, such as fingerprints and digital portraits, that can’t be easily forged or tampered with. Common examples include RFID chips, which can be read by smartphones using NFC, and IC chips, which require specialised hardware. However, not all IDs contain such chips, and the type or amount of stored data varies by country. Temporary IDs, for instance, often lack embedded chips altogether.

This diversity in ID types means businesses must tailor their verification scripts and technology flows to local realities. A single global IDV approach is unlikely to work everywhere.

How information is collected

Identity data standards differ widely. For example, in the US, citizens use a Social Security Number, while in Brazil, they have two identifiers: the Registro Geral (RG) and the Cadastro de Pessoas Físicas (CPF). These documents store different data and require distinct verification methods.

Additionally, direct translations between data fields don’t always work. Local context is essential to ensure equivalence in required attributes. Persona advises companies to plan IDV flows in advance, making sure they are flexible enough to adapt to local identity norms and provide the assurance level the business needs.

Validation and verification: ensuring accuracy and authenticity

Once data is collected, the next step is confirming its validity. Persona differentiates between validation (checking if the data itself is real) and verification (ensuring the person presenting it is its rightful owner).

Validation methods include:

Database validation: comparing user data with trusted databases. These may include:

• Issuing databases – managed by government bodies, offering the highest level of assurance (e.g., the US Department of Motor Vehicles database).
• Authoritative databases – maintained by trusted third parties such as credit bureaus or financial institutions (e.g., Experian, Equifax, and TransUnion in the US).
• Standard databases – drawing from public data sets, marketing sources, or social media, offering lower assurance but wider coverage.

A notable case study from the report is Zro Bank, a Brazil-based digital bank that initially relied on manual user reviews during onboarding. To improve efficiency and reduce fraud, Zro Bank integrated Persona with Brazil’s government database, Serpro, automating driver’s license verification. This transition reduced manual workload, increased conversion, and maintained high fraud prevention standards.

Another validation method is cryptographic validation, which uses encrypted chips embedded in IDs to confirm authenticity. However, not all countries have adopted these standards. Even when they do, technical hurdles, like missing public keys or a lack of compatible hardware, can limit effectiveness. For instance, although the US has embedded RFID chips in passports since 2006, authorities could only begin verifying their cryptographic signatures in 2022.

Verifying the link between person and identity

Validation ensures the data is real; verification ensures the person is. Persona explores two common approaches:

• Selfie verification: Matching a live selfie to the image on the ID. Though convenient, this method faces challenges from AI-generated deepfakes. Enhanced techniques, such as liveness detection, help ensure authenticity but require users to have smartphones, a limitation in markets like Nigeria (where only 32% own smartphones).
• Live video verification: Adds human interaction for stronger assurance. An agent may ask questions or request movements to confirm presence and detect coercion. However, this method depends on connectivity and regulatory acceptance. For instance, it is legally recognised in Germany and Spain but not explicitly mandated in the US.

Fraud and compliance: navigating global complexity

Fraud patterns and compliance obligations differ sharply between markets. In Turkey, mobile Trojans malware dominates, while India struggles with account takeovers, and North Korea’s state-sponsored cyberattacks target payment networks like SWIFT. Persona’s experts suggest consulting local fraud specialists or joining regional anti-fraud initiatives to stay ahead of threats.
On the compliance side, laws governing IDV, AML, and KYC differ in scope and detail. For instance, US banks must retain customer data for five years, while in Japan, the requirement extends to seven years.

Risk assessment: the foundation of a strong IDV strategy

Before expanding internationally, businesses must conduct a comprehensive risk assessment. This means identifying potential fraud touchpoints, evaluating assurance levels, staying compliant locally, and understanding the cost-benefit trade-offs of doing business in the selected region. To be able to do this, Persona recommends involving all key stakeholders, fraud, product, compliance, and legal teams early in the expansion process. Moreover, an adaptive IDV partner can then help design flexible workflows tailored to local markets while maintaining consistency and user trust.

Bringing it all together

Managing fraud, compliance, and user experience in a global context is not easy. But as Persona’s experts underline, achieving the right level of assurance is what allows businesses to operate safely and scale confidently.

In the end, identity verification is not just about checking documents; it’s about building trust. Global fintechs and banks that design flexible, data-driven IDV frameworks are best positioned to meet both regulatory expectations and customer demands, wherever they operate.

About author

Mirela Ciobanu is Lead Editor at The Paypers, focusing on following the latest trends and developments in fraud, cybersecurity, and technology (generative AI, blockchain analytics, data, etc.). Topics related to compliance, risk management, and balancing those with great user experience play an important role in her expertise.

Mirela is particularly passionate about the importance of having interoperable digital identity solutions that help not only to secure payments but also transactions in other areas of life (travel, health, education). She is a strong advocate for online data privacy and protection. As a skilled writer, she strives to deliver accurate and informative insights to her readers, always in pursuit of the most compelling version of the truth. To share more ideas and get inspired, connect with Mirela on LinkedIn or reach out via email at mirelac@thepaypers.com.