How does Amani ensure secure identity verification without third-party involvement?

Amani uses 100% proprietary AI to verify identities directly, without relying on third-party databases. It processes government-issued IDs, passports, and driver’s licenses from over 247 countries and territories, enabling businesses to onboard users globally with confidence. The platform guarantees data privacy, scalability, and fast verification with unmatched accuracy, all within a customisable and streamlined workflow.

Is the age verification process user-friendly?

Absolutely. Users can simply upload their ID and take a selfie, with real-time guidance throughout the process. Amani’s quick and responsive system verifies age in seconds to ensure a smooth user experience while keeping platforms compliant and secure.

Can Amani be used for remote customer onboarding?

Of course. Amani's cloud-based platform enables full KYC and AML compliance during remote onboarding. Clients can securely onboard users anytime, anywhere, with automatic document capture, verification, and AML checks- all in one smooth process.

What makes Amani’s video KYC solution banking compliant?

Amani's video KYC solution is designed to meet the regulatory standards of financial institutions and licensing bodies such as the DIFC. It includes features like secure live video capture, liveness detection, and agent-assisted verification to ensure secure, compliant remote onboarding.

Can the delivery verification process be integrated into logistics apps?

Definitely! Amani’s APIs and SDKs allow delivery verification features to be embedded into existing courier or e-commerce platforms, enabling a fully branded and secure handoff process that enhances customer trust.

Can biometric login be used across multiple devices?

Yes, Amani supports cross-device biometric login, allowing users to authenticate seamlessly on various platforms. The system uses cloud-based matching and device-level liveness checks to ensure secure re-authentication.

How does Amani flag a high-risk transaction?

Amani screens the sender and receiver details of every transaction in real time against sanctions, PEP, and adverse-media lists. If either party triggers a match, the transaction is immediately flagged as high risk, an alert is raised in the analyst queue, and the case file shows the matched list entries for review and regulatory reporting.

How does Amani support driver registration for gig platforms?

Amani verifies a driver's ID, license, and face biometrics to ensure eligibility and prevent impersonation. It streamlines onboarding for ride-hailing, delivery, and other gig economy platforms, reducing onboarding time and improving trust.

I'm concerned that switching to your platform would be a headache due to the effort involved in transferring all our existing data. How do you handle data migration?

We understand that data migration can seem daunting, which is why we've developed a powerful bulk migration engine to simplify the process. Our team takes care of the entire migration for you—transferring your legacy documents seamlessly, typically within a week. This requires minimal effort from your internal resources, ensuring a smooth and hassle-free transition.

Identity Glossary • Amani Ai

Identity glossary

The world of regulatory technology is filled with complex terms and acronyms, making it easy to get lost in the details. Here, we’ve defined the most common RegTech and compliance terms to help you understand the language that powers the industry.

Account takeover (ATO) fraud

Account takeover (ATO) fraud is a form of identity theft where fraudsters obtain a legitimate user’s credentials and take over their online accounts and make unauthorized transactions and/or changes.

AMLID

The Anti-Money Laundering International Database, or AMLID, is a database containing an analysis of AML laws and regulations around the world. The database also contains the contact information for countries’ anti-money laundering authorities. It was designed to be a reference tool for law enforcement officials, investigators, and other individuals working on money laundering cases involving multiple jurisdictions.

Anti-money laundering (AML)

Anti-money laundering (AML) is a set of procedures, laws, and regulations in place to stop criminals from disguising illegally obtained funds as legitimate income.

Bank Account Validation Service

Like the relationship between an area code and a phone number, every bank has an assigned routing number and every bank account has its own assigned account number. The combination of the two number sets creates a coding system that uniquely identifies every single bank account and allows monetary transactions to be easily directed to and from accounts.

The speed of electronic transactions not only allows for seamless commerce but also lightning-fast fraud. Bank Account Validation Services (or AVS) is a fraud protection tool that offers financial institutions and other related entities the ability to verify information such as the status or ownership or beneficiaries of an account in near-real time. This can be used in cases including prior to the issuing of a payment or a disbursement in order to prevent payment fraud or other losses, such as payment delays.

Who uses Bank Account Validation Services?

The most common AVS methods are those involved with Automated Clearing House (ACH) transactions. Top industries using AVS include payroll companies and direct sales, especially those with large funds transfers or high fraud risk.

ACH micro-transactions might be sent by a person-to-person sales app, such as an online marketplace, to verify that the recipient is a legitimate person and that the account is active and correct. After the recipient confirms receiving the test deposits, typically a few cents each, the originator will typically then debit the same transfer amounts.

ACH pre-notifications, or pre-notes, are $0 transfers that verify account details. They are similar to micro-transactions except that the recipient does not need to confirm receiving them nor do they need to share personal or financial information to do so. The verification is considered complete if there are no errors or change notifications. Pre-notes are commonly used for direct deposits, such as payroll.

Validation via wire would involve sending a test wire and requesting manual confirmation. Validating via ACH would accomplish the same end result for less cost but is a slower overall process.

Why are Bank Account Validation Services important?

Bank Account Validation Services play a crucial role in minimizing fraud, internal errors, payment delays, and other costly business disruptions. By validating an account prior to a significant transaction, the chances of errors or missed payments are significantly reduced. This provides both the sender and recipient with peace of mind in knowing that the involved parties are legitimate and having a higher level of assurance that unexpected complications won’t arise.

Bank Secrecy Act (BSA)

The Bank Secrecy Act (BSA) is a law that requires US financial institutions to collaborate with the US government in cases of suspected money laundering and fraud.

Bot protection

Bot protection refers to the methods and strategies an online company uses to manage its exposure to bots — both good and bad — that might affect its business. While any business operating online may have a bot protection strategy, they are very important to the broader anti-fraud strategies employed by financial institutions, social media companies, and online marketplaces.

Business lien

A business lien, also called a corporate lien, is a legal claim against a company’s assets — typically financial assets, real estate, vehicles, or other equipment — filed by an entity to which the company owes money. Liens show that the filing entity has an interest in these assets and that the assets can potentially be seized and sold to pay back the debt.

Liens are often filed by:

Lenders who are owed repayment on a business loan
Governments (federal, state, local) for unpaid income and property taxes
Contractors who are owed payment for services provided

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) is the California equivalent of GDPR and went into effect on January 1, 2020. It specifies that consumers have a right to request what information is being collected, for what purpose, and with whom it’s being shared. Consumers can also request to opt out of their data being shared or for their data to be deleted (which businesses must comply with unless that data impairs their ability to provide core services). Individuals also have the right to equal service and price, even if they exercise their privacy rights. Under CCPA, businesses are not allowed to sell the PII of anyone under 16 years of age, unless these individuals have specifically opted in.

A more comprehensive version of CCPA, the Consumer Privacy Rights Act (CPRA), went into effect on January 1, 2023 and gives consumers control over whether companies can share their personal information as well as whether they can sell it.

Children’s Online Privacy Protection Act (COPPA)

The Children’s Online Privacy Protection Act of 1998 (COPPA) is a US federal law created to protect the privacy of children under 13.

Combating the Financing of Terrorism (CFT)

Combating the Financing of Terrorism, or Counter Terrorist Financing (CFT) refers to a multitude of laws and regulations enacted to reign in the financing of terrorist activity. Under these policies, most financial institutions are required to fulfill strict requirements, including monitoring customers’ transactions and behavior, conducting proper due diligence, and maintaining appropriate records.

Compliance as a Service (CaaS)

Compliance as a Service (CaaS) is a business model in which one business hires another business to design, implement, consult on, and/or manage their compliance needs. It often involves purchasing licenses for compliance-focused software and tools. The CaaS business model makes it possible for a business to become and remain compliant with the regulations affecting them without needing to build and oversee their own in-house compliance solutions.

Customer Due Diligence (CDD)

The Customer Due Diligence (CDD) Rule is a regulation issued by the Financial Crimes Enforcement Network (FinCEN) aimed at improving financial transparency and preventing financial crimes and money laundering.

According to FinCEN, the CDD rule requires covered financial institutions to “identify and verify the identity the natural persons (known as beneficial owners) of legal entity customers who own, control, and profit from companies when those companies open accounts.” Beneficial owners include any individual who owns 25 percent or more of a legal entity.

To do this, organizations must “establish and maintain written policies and procedures that are reasonably designed to (1) identify and verify the identity of customers; (2) identify and verify the identity of the beneficial owners of companies opening accounts; (3) understand the nature and purpose of customer relationships to develop customer risk profiles; and (4) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.”

Customer Identification Program (CIP)

A Customer Identification Program (CIP) is a requirement of the USA Patriot Act that prescribes the minimum financial institutions must do to “form a reasonable belief that it knows the true identity of each customer.”

According to the Federal Deposit Insurance Corporation (FDIC), the CIP Rule has six general requirements:

A written program
Four pieces of identifying information: customer name, date of birth, address, and identification number
Identity verification procedures
Recordkeeping
Comparison with government lists
Customer notice

Data breach

A data breach is a security incident where unauthorized users take sensitive, protected, or confidential information from a system without permission from the system owner.

Deepfake

A deepfake is any image, video, or audio that shows a person doing something they never actually did. The name is a portmanteau of the word “deep learning,” which is the machine-learning technique used to generate the images and the word “fake.” Deepfakes are also broadly called synthetic media.

Fraudsters use deepfakes to bypass verification and authentication systems so they can:

Create fake accounts
Access accounts that aren’t theirs
Access sensitive data (personal, financial, health, etc.)
Complete or authorize fraudulent transactions
Create a synthetic ID
and more

Document check

In the context of identity verification, a document check involves checking ID documents such as driver’s licenses, passports, residence permits, and visas to confirm that the document is valid. This can be done manually or through automated technology.

Enhanced due diligence (EDD)

Enhanced due diligence (EDD) refers to the due diligence process that a business applies to an individual (or other entity) deemed to carry a potentially high risk of money laundering. The goal is to achieve a deeper understanding of the risks posed by the individual, as well as a greater level of assurance in their identity.

Having a process in place for EDD is key to implementing a risk-based approach to money laundering. This typically includes some combination of more stringent identity verification, additional anti-money laundering (AML) screenings, source of funds (SoF) verification, and heightened transaction monitoring compared to the standard Customer Due Diligence (CDD) process.

False negative

In the context of identity verification, a false negative refers to a situation in which an individual isn’t able to get verified even though they’re actually who they say they are. In other words, keeping a legitimate user out.

In the context of fraud prevention, a false negative refers to incorrectly approving a bad actor or fraudulent transaction. In other words, allowing fraud through.

False positive

In the context of identity verification, a false positive refers to an individual passing the identity check even though they’re not who they say they are. In other words, letting a bad actor through.

In the context of fraud prevention, a false positive refers to incorrectly flagging a good account or transaction as fraudulent. In other words, blocking a legitimate user or transaction.

Federal Trade Commission (FTC)

The Federal Trade Commission (FTC) is a U.S. federal agency that protects consumer rights by working to prevent fraudulent, deceptive, and unfair business practices and teaching consumers how to detect, deter, and deny scams and fraud.

Federated identity management (FIM)

Federated identity management (FIM) is an identity federation that links a user’s identity across multiple security domains — each supporting or using its own identity management system. When two domains are federated, the user can authenticate to one domain and then access resources in the other domain without having to perform a separate login process. Single sign-on (SSO) is a subset of federated identity, as it relates only to authentication and would not be possible without some sort of federation. FIM is a subset of Identity and Access Management (IAM).

FedNow Service

The FedNow Service is a new payment infrastructure designed by the U.S. Federal Reserve to facilitate the instant transfer of funds. The service allows users to send and receive money in real time, typically within seconds of a transaction being initiated. Payments and transfers can be completed any time of day, and any day of the year — including weekends and holidays.

Financial Crimes Enforcement Network (FinCEN)

The Financial Crimes Enforcement Network is a bureau of the US Department of the Treasury that aims to safeguard the financial system from illicit use, prevent and punish domestic and international money laundering, and promote national security by collecting and analyzing information about financial transactions required under the Bank Secrecy Act (BSA). It consists of law-enforcement agencies, the regulatory community, and the financial services community.

Financial Industry Regulatory Authority (FINRA)

The Financial Industry Regulatory Authority (FINRA) is a private non-profit dedicated to “safeguarding the investing public against fraud and bad practices” through the regulation of broker-dealers.

First-party fraud

First-party fraud refers to instances where a bad actor misrepresents themselves — providing false information about their identity or financial situation, for example — in order to realize some kind of gain. In cases of first-party fraud, the primary victim could be a financial institution or business the bad actor is lying to, or even an individual. This differs from second- and third-party fraud in that it doesn’t involve the bad actor taking advantage of another person’s information.

Form W-9

Form W-9 is a tax form that employers use to confirm the name, address, and taxpayer identification number (TIN) of an individual that they will pay, but who is not classified as an “employee” at the company. It is also known as the Request for Taxpayer Identification Number and Certification form. An individual must typically complete the form prior to receiving their first payment from the company. The employing company then submits the form to the IRS. Later, the information contained within a Form W-9 will be used to generate the individual’s 1099 tax form, which will be used in filing individual income taxes.

Fraud as a Service (FaaS)

Fraud as a Service (FaaS) refers to situations in which a bad actor or larger fraud ring allows others to hire them to commit fraudulent activity for the purpose of making money or causing harm. The term can also be used when an individual purchases tools, code, or software from a bad actor to carry out fraud themselves. It is, in essence, a third-party business model where the product is the fraud itself.

Fraud investigations

A fraud investigation is the process by which a business determines whether or not fraud has occurred, the extent of that fraud, the perpetrators of that fraud, any victims of that fraud, and any damages that resulted from the event. Fraud investigations are commonly initiated in response to suspected money laundering, tax evasion, identity theft, marketplace fraud, and other suspicious activities indicating possible crimes.

Fraud ring

A fraud ring is a group consisting of multiple bad actors who work together to perpetrate fraud, such as money laundering, identity theft, or marketplace fraud. Fraud rings can be small or large, consisting of as few as two or three bad actors, or spanning into the dozens or even hundreds. Often, the members of a fraud ring will share resources (for example, identity information needed to skirt identity verification measures) and work in tandem to realize their goals.

Fullz

Fullz is a slang term used by credit card hackers, data resellers, and other criminals that refers to packages of individuals’ identifying information — in other words, their “full information.” Fullz usually contains an individual’s name, Social Security number, birth date, and account numbers. Criminals buy and sell fullz on the black market to commit fraud.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a strict set of data privacy laws for businesses that collect data on EU citizens. Under GDPR, businesses are responsible for safeguarding numerous types of personal information, including the customer’s IP address, cookie data, home address, and Social Security number.

Generative AI fraud

Generative AI fraud is an umbrella term used to refer to any type of fraud carried out using fake (i.e., generated) content created by neural networks.

Bad actors can use generative AI to create fake selfies, videos, and audio recordings of people who don’t exist, which are then used to bypass verification systems and open fraudulent accounts. Deepfakes, which are fake images, videos, or audio of real people, are a form of generative AI fraud.

Fraudsters can also use large language models (LLMs) to generate fake text, which can be leveraged in spam and other forms of phishing en masse.

Governance, risk, and compliance (GRC)

Governance, risk, and compliance (GRC) is a term that refers to an organization’s approach across these three practices: governance, risk management, and compliance with regulations. Governance is the system of rules that guides a business, risk management is the process of identifying and reducing potential dangers, and compliance is the processes an organization has in place to ensure it is following relevant regulations.

GRC is sometimes used to describe legal roles and can encompass security and internal controls.

Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act, also known as the Financial Services Modernization Act, is a US federal law that requires financial institutions (i.e. companies that offer consumers financial products or services such as loans, financial or investment advice, or insurance) to safeguard nonpublic personal information and explain their information-sharing practices with customers.

Graph database

A graph database, also called a graph network or a semantic database, is specifically designed to help the user identify and understand relationships (or links) that exist between different points of data.

Graph databases are often designed to be visual in nature. When a user runs a query, the output will be in the form of a graph that makes it easy to visualize how the different pieces of data are related to one another. With this in mind, graph databases typically look something like this:

By comparison, a traditional database stores data in tables. These tables are highly effective at storing and retrieving large quantities of information but are not easily used to determine relationships between pieces of data.

Health Insurance Portability & Accountability Act (HIPAA)

The Health Insurance Portability & Accountability Act of 1996 (HIPAA) is a US federal law that sets privacy and confidentiality standards for handling and sending healthcare information. Data protected under HIPAA includes any healthcare-related data of any size that’s written, spoken, electronic, or transmitted within and outside a healthcare facility.

Identity and access management (IAM)

Identity and access management (IAM) is a process used in businesses and organizations to grant or deny employees, users, or third parties access to secure systems.

Identity Assurance Levels (IAL)

Identity Assurance Levels (IALs) are a set of standards defined by the National Institute of Standards and Technology (NIST) that convey the degree of confidence that someone’s claimed identity is their real identity (i.e. how likely an individual is actually who they say they are).

Identity authentication

Identity authentication is the process of determining if users should have access to specific actions or services.

Identity graph

An identity graph is a database that shows how user accounts are connected by common properties. These properties can include anything from names and email addresses to device fingerprints, IP addresses, or birthdates.

Identity proofing

Identity proofing refers to the processes a business undertakes to establish that a customer is who they say they are. It involves the collection of information and evidence from an individual, which is then used to consider whether or not the person is who they claim to be. While any business can engage in identity proofing, it is common in regulated industries subject to Know Your Customer (KYC) requirements, such as the financial industry, online marketplaces, and, increasingly, social media.

Identity verification (IDV)

Identity verification (IDV) is the process of confirming that an individual or business is who they say they are — usually before doing business with them.

INFORM Consumers Act

The INFORM Consumers Act is a law that requires online marketplaces operating in the United States to implement specific measures designed to reduce the sale of stolen and counterfeit goods. These measures may also be effective at mitigating other types of marketplace fraud.

Inherent risk

Inherent risk refers to any risk present before risk mitigation or controls have been put in place. It can be thought of as the pure risk of any business or endeavor. The inherent risk that a business is exposed to is ultimately determined by many factors, including the business’s industry, maturity, target market, products and services, and any regulations it is subject to.

Know Your Business (KYB)

Know Your Business (KYB), sometimes called corporate KYC, is the process of verifying that another business is legitimate and safe to do business with. This usually involves verifying key details about the business and identifying the Ultimate Beneficial Owners (UBOs), or the key people behind the business, to understand who benefits from the business’s financial transactions — along with continuous AML monitoring throughout the business relationship.

Know Your Customer (KYC)

Know Your Customer (KYC), also known as customer due diligence or know your client, is the process of verifying current or prospective customers’ identities and assessing the potential risks of doing business with them.

Know Your Employee (KYE)

Know Your Employee (KYE) refers to the steps a business takes to verify an employee’s identity, background, and credentials in order to assess the individual’s fraud risk to the workplace. It often occurs just prior to an employment offer being made or immediately after an offer has been accepted — but typically prior to onboarding. It should also occur periodically over the course of an employee’s employment since relevant details could change.

Know Your Patient (KYP)

Know Your Patient (KYP) refers to various processes that a healthcare company uses to verify and reverify a patient’s identity.

KYP verification typically involves the collection of a patient’s name, date of birth, Social Security number, and health insurance information during patient onboarding. This information is then verified via some combination of document verification, database verification, government ID verification, selfie verification, or other methods. The patient’s identity is then reverified through similar means during future interactions.

KYP plays an important role in preventing health insurance fraud, Medicare/Medicaid fraud, and medical identity theft. It’s also instrumental in protecting sensitive patient data and ensuring that your company remains HIPAA compliant.

Know Your Seller (KYS)

Know Your Seller (KYS) refers to the steps that an online marketplace or auction site takes to verify the identity of the sellers using their platform.

In the United States, online marketplaces are required under the INFORM Consumers Act to verify a seller’s name, contact information, bank account details, and tax identification number (SSN, TIN) if that seller:

Brings in at least $5,000 in gross revenue in a 365-day period
Completes at least 200 transactions

Per the law, accepted forms of verification include ID verification, tax document verification, and email/phone verification. Other verification methods can also be leveraged to gain a more comprehensive view of who your sellers are. Although seller verification is only required for high-volume sellers, many online marketplaces have chosen to implement blanket verification of all sellers during onboarding in order to reduce regulatory risk.

The goal of most KYS programs is to reduce the risk of marketplace fraud by preventing fraudsters from opening an account. Verification also provides investigators with an auditable trail to follow when fraud is detected.

Knowledge-based authentication (KBA)

Knowledge-based authentication (KBA) is an authentication method where users are asked a personal question before they can proceed with their login or action. There are two types: static (e.g. security questions) and dynamic (using credit history or public records).

Link analysis

Link analysis is a data science technique in which the different nodes of a network are analyzed to identify similarities and relationships. These links are often portrayed visually.

Through link analysis, it’s possible to understand how different accounts on a platform are related to one another based on the information or account details they share, as well as the actions each account takes. It’s also possible to look for patterns and anomalies in a given network, which may be indicative of fraud.

Marketplace account suspension

Marketplace account suspension is exactly what it sounds like: a situation in which a user’s account with an online marketplace is suspended, typically because the account was used to engage in fraud or other prohibited activities. Account suspension is a means for the online marketplace to discipline users who have broken the platform’s rules for maintaining trust and safety, while also protecting other users who may have been impacted by the suspended account’s behavior.

Once the account has been suspended, the user will typically be unable to access it or, if access is still permitted, the user will be unable to leverage its functions. For buyers, this may include completing purchases, leaving reviews, and communicating with sellers. For sellers, this may include listing products or services, receiving payments, completing sales, and communicating with buyers.

Marketplace risk

Marketplace risk is a term used to describe the various threats an online marketplace may encounter in its operations. Left unchecked, these threats may hurt a marketplace’s ability to attract and retain users, provide a safe and reliable user experience, and operate as it was designed to do.

Money services businesses (MSB)

Money services businesses (MSBs) are people or businesses that transmit or convert money. MSBs are regulated under the Bank Secrecy Act (BSA) and other anti-money laundering (AML) regulations and must register with FinCEN.

Multi-factor authentication

Multi-factor authentication (MFA) is an authentication method that combines two or more independent credentials: what the user knows (password), what the user has (security token), and who the user is (biometric) to authenticate the user’s identity for login or another purpose.

Personally identifiable information (PII)

PII stands for personally identifiable information and refers to information that can be used to identify someone. This includes both information that directly identifies an individual, such as their name, address, Social Security number, and contact information, and indirect information used in conjunction with other data elements, such as their gender, race, and birth date.

Placement money laundering

Placement refers to the act of introducing dirty money (e.g., the proceeds from criminal activities) into the financial system without arousing suspicion from regulators and investigators. It is the first stage of the money laundering process.

Politically exposed person (PEP)

A politically exposed person (PEP) is someone in a public, high-ranking position of power and influence. This status puts them at a higher risk of being involved in or linked to financial crimes like corruption, bribery, or money laundering.

Progressive risk segmentation

Progressive risk segmentation is a risk assessment strategy that empowers businesses to dynamically adjust in real time the level of friction a user encounters during identity verification. It does this by coordinating with the collection and analysis of risk signals. This allows a user to automatically move between multiple verification flows — for example, standard Customer Due Diligence (CDD), simplified due diligence (SDD), and enhanced due diligence (EDD) — as the system learns more about the individual. In this way, progressive risk segmentation helps a business balance their fraud prevention and compliance needs against the need to provide a positive user experience.

Red Flags Rule

The Red Flags Rule is an FTC rule that requires financial institutions to implement a written program designed to detect, prevent, and mitigate identity theft.

Regtech

Regtech is a term used to refer to technologies designed to help companies comply with regulatory requirements. It is a portmanteau of the words “regulatory” and “technology.” In the financial space, it’s often used to refer to technologies that aid in anti-money laundering (AML), Know Your Customer (KYC), and customer due diligence (CDD) compliance, but it may take on a different meaning in other industries that are subject to their own regulations.

Sanctions

Sanctions are threatened penalties or punishments for disobeying a law, rule, or order. Many countries impose economic sanctions such as travel bans or trade embargoes on other countries or specific citizens as punishment or to alter strategic decisions.

Second-party fraud

Second-party fraud refers to instances where an individual gives their credentials, identity information, or other sensitive data to another person so that the second person can engage in fraud. It is essentially permission to engage in “light identity theft.” This is often done in exchange for payment; other times it stems from a desire to help a friend or family member in financial need.

Secretary of State (SOS) filing

When a company does business in a state, it’s required to register with state agencies — typically the state’s Secretary of State. The process through which a company files information and documents to register as a business in that state is known as a Secretary of State (SOS) filing.

Importantly, a company may be required to register in a state even if it’s headquartered in a different jurisdiction. This is the case if:

Any of the company’s employees work in the state
A significant amount of the company’s revenue originates in the state
The company has many in-person business meetings in the state
The company has a physical presence (office, satellite office) in the state

Securities and Exchange Commission (SEC)

The US Securities and Exchange Commission (SEC) is an independent US government agency in charge of overseeing securities exchanges, protecting investors, and facilitating capital formation.

Self-sovereign identity (SSI)

Self-sovereign identity (SSI) is an approach to digital identity that gives individuals ownership and control of their digital identities and how their personal information is shared and used. Current implementations of the concept typically involve blockchain.

Selfie check

Selfie checks are an identity verification method that ask a user to take a photo of themselves that can then be used to confirm that they are a real person and/or compare against other photos, such as the photo on a government-issued ID, to confirm it’s the same person.

Single sign-on (SSO)

Single sign-on (SSO) is an authentication method that allows an individual to use one set of login credentials to access multiple applications. This streamlines the login process, making it easier for the user to access accounts or conduct transactions without compromising security.

Social media profiling

Social media profiling, or social profiling, refers to the process of building a non-public profile of an individual using publicly available information from one or more social media platforms. This can include, but is not limited to, information about:

Who a person is (their name, address, contact information, date of birth, work and education history, etc.)
Who a person knows (their friends, family members, neighbors, coworkers, etc.)
A person’s routine (their work or class schedule, when they attend certain events or activities)
A person’s interests (favorite movies, music, books, etc.)
A person’s appearance (through photos and videos)

These profiles can then be used for a variety of purposes, including both fraud and fraud prevention.

Spear phishing

Spear phishing is an email-spoofing attack that targets a specific organization or individual by posing as someone they know and trust to gain access to confidential information.

Strong Customer Authentication (SCA)

Starting on September 14, 2019, Strong Customer Authentication (SCA) requires that businesses use two independent authentication elements (something a customer knows, has, or is) to verify payments. 3D Secure 2 — the new version of 3D Secure rolling out in 2019 — will be the primary authentication method used to meet SCA requirements for card payments.

Subject access request (SAR)

Also known as a data subject request (DSR) or data subject access request (DSAR), a subject access request (SAR) is a formal request by an individual (data subject) to a controller (company) to disclose what personal data the organization has collected about the individual and how they use or intend to use it. Consumers are granted the right to request this information under data privacy laws such as GDPR and CCPA/CPRA.

Suspicious transaction report (STR)

A suspicious transaction report (STR) is generally considered an interchangeable term with suspicious activity report (SAR), as both terms refer to the mandatory form that financial institutions must file with the Financial Crimes Enforcement Network (FinCEN) whenever there is a suspected case of money laundering or fraud. These reports wave a figurative red flag for regulators and law enforcement, alerting them to client activity deemed out of the ordinary and which could be a sign of illegal activity that potentially threatens public safety or the integrity of the U.S. financial system.

Since 2012, all suspicious transaction reporting filings have been required to be submitted via FinCEN’s Bank Secrecy Act (BSA) e-filing system.

As part of the process of reporting suspicious transactions, financial institutions identify who is conducting the suspicious activity, what instruments/mechanisms they are using, when and where the activity took place, and why they think the activity is suspicious.

The suspicious transaction report may have derived its name from the similarly named currency transaction report (CTR). The CTR is a BSA reporting mandate that banks must follow whenever one or more cash transactions through or to the bank exceeds $10,000 in a 24-hour period by or on behalf of one person. CTRs can also concurrently trigger STRs if there is a related cause for concern. For example, a customer, upon realizing that a $10,000 deposit will prompt additional questions from the teller, decides to intentionally remove $100 from the deposit in order to skirt the threshold. This is known as “structuring” and is illegal. In addition to a CTR, the bank witnessing this crime would also need to submit a SAR or, as many instead call it, an STR.

Synthetic fraud

Synthetic fraud is a type of fraud that occurs when someone creates a fake identity by combining real information (such as a Social Security number, or SSN) with fake personal identifiable information (PII) such as birth dates, addresses, or phone numbers. The criminal then uses this synthetic identity to open fraudulent accounts, access credit, and make purchases with no intention of repayment.

Synthetic ID

A synthetic identity (ID) is a fake identity that a fraudster creates by combining real information with false data.

Synthetic identities often start with a stolen Social Security number, date of birth, and/or name, which are then paired with a fake address, phone number, email address, and other PII. Because synthetic IDs contain some information that is real, they can be harder to detect than IDs that are purely fabricated.

Synthetic IDs are an integral part of synthetic fraud whereby bad actors attempt to open fraudulent accounts or lines of credit; make fraudulent purchases; and commit healthcare fraud, employment fraud, and more. Synthetic IDs can even be leveraged for terrorist financing.

Tax Identification Number (TIN)

A taxpayer identification number (TIN) is a number that is assigned to an individual, business, or other entity in order to identify them for tax purposes. By nature, TINs are designed to be unique, so that no two individuals will have the same number. This distinction makes it possible for TINs to be used to file tax returns, claim tax refunds and benefits, enforce tax compliance, and more.

In addition to tax purposes, taxpayer identification numbers can also be used for identity verification purposes.

The National Institute of Standards and Technology (NIST)

The National Institute of Standards and Technology (NIST) is a physical sciences laboratory and a non-regulatory agency of the United States Department of Commerce whose mission is to promote US innovation and industrial competitiveness in fields such as nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement.

Third-party fraud

Third-party fraud is essentially another term for identity theft. It refers to situations where an individual’s personally identifiable information (PII) is stolen and then used to open or take over an account. Bad actors often engage in third-party fraud to gain access to credit, financial products, or services that would otherwise be unavailable to them — harming both the business and the person whose information they have stolen.

Ultimate beneficial owner (UBO)

An ultimate beneficial owner (UBO) is the (or one of the) persons or entities that are the ultimate beneficiaries of a company. Certain financial and other organizations, including banks, currency exchange offices, and insurers, are subject to mandatory disclosures of UBOs if doing business with any party. When companies conduct due diligence on businesses they’re interested in working with (called Know Your Business or KYB), they also need to verify the people behind the business, or the UBOs.

USA PATRIOT Act

The USA PATRIOT Act is a U.S. law designed to deter terrorism passed in the wake of the September 11, 2001 terrorist attacks. It contains provisions related to money laundering and the financing of terrorism. Title III of the law is specifically known as the International Money Laundering Abatement and Financial Anti-Terrorism Act of 2001, which expands on the Bank Secrecy Act (BSA) and related AML laws.

VAT validation

All European Union member nations impose a value-added tax (VAT) on items sold in the EU. In these countries, businesses are assigned a VAT number, which is similar to the Employer Identification Number (EIN) issued to businesses in the US. VAT validation is the process of verifying that a business has a valid VAT number. It can also be used to confirm whether a VAT number is associated with a particular name and address.

It’s important to note that while more than 160 countries around the world impose a VAT tax and therefore issue VAT numbers, VAT validation typically refers only to countries in the EU.

Vishing

Vishing, or voice phishing, is a type of phishing attack that takes place over the telephone. Bad actors use vishing attacks to steal sensitive information, which can then be used to carry out fraud or sold to other bad actors.

Watchlists

Watchlists are lists of people and entities (such as organizations, states, and countries) companies may want to monitor and screen against, such as Office of Foreign Assets Control (OFAC) sanctions lists, Specially Designated Nationals and Blocked Persons (SDN) lists, Politically Exposed Person (PEP) lists, and more. Monitoring these watchlists can help businesses enrich their understanding of users, deter, detect, and deny fraud, and perform ongoing KYC/AML monitoring without going through additional integration or procurement.

What is digital identity?

Digital identity is a group of data points — information, attributes, credentials, behaviors, and more — that together represent an individual, business, device, or other entity in a digital space.

A digital identity is like a file that contains everything you know about a person’s digital footprint. If a person needs to prove digitally that they are who they say they are, they can present you with a piece of information or evidence (or usually multiple pieces of evidence), which you can then compare against what’s contained in the file.

As more and more products and services move online, digital identities are a crucial part of interacting with the web, for example, when:

A student logs into an online learning platform to complete an exam
An individual wants to open an individual retirement account (IRA) or other retirement account with an investment firm
An employee needs to log into their company email
A user takes the plunge and signs up for online dating

Digital identity vs. digital ID

While the terms digital identity and digital IDs sound similar and are sometimes used interchangeably, they’re actually different concepts.

A digital identity is a set of identifying data points that can be used to represent or verify a person’s identity online. A digital ID, on the other hand, is an electronic identification document (ID) meant to replace a physical ID. A mobile driver’s license (mDL), digital driver’s license (dDL), electronic IDs (eIDs), and e-passports can all be considered examples of digital IDs.

Importantly, digital IDs can be used to establish and verify a person’s digital identity.

Digital identity vs. user

While users and digital identities are related, they are not the same.

A user is somebody that opens an account in order to access and interact with a specific platform or system — for example, a social media platform or an online marketplace. Another way to think about it is that a user is somebody who opens an account and establishes a digital identity, while a digital identity contains all of the data you know about a specific person.

Digital identity vs. account

Likewise, it can be easy to conflate a digital identity with an account — but again, they are not the same.

An account is essentially a portal through which a user is allowed to interact with a platform or system. They are typically secured via login credentials: a username, password, and potentially security questions or multi-factor authentication settings which are used to gain access to the account. An account can be tied to a digital identity, but it does not make up the entirety of that identity.

Why is digital identity important?

Ultimately, the importance of digital identities is that they allow a business or organization to know who somebody is and whether or not they should have access to a particular platform, service, or account. They’re essential not just for authentication purposes, but for a variety of other purposes as well:

Compliance: Businesses operating in a number of industries — like banking, financial services, and online marketplaces — are required to verify the identities of all or some of their users. Digital identities make this verification possible in a remote setting.
Anti-fraud measures: Once a digital identity has been established, it can be used to evaluate accounts and transactions for fraud, empowering you to spot and eliminate potential account takeovers and other fraud vectors.
Friction control: The more attributes a digital identity contains, the more flexibility you have in controlling friction around logins. For example, imagine that you have established a particular device as a trusted device for login purposes for your user. When a user logs in again in the future, if you detect this device, you may choose to offer an easier, lower-friction means of authentication.

What’s included in a digital identification?

The data points, attributes, and other characteristics that are included in a digital identity will vary depending on use case as well as the type of identity that is being established.

For individuals, a digital identity will often include things like:

Name
Date of birth
Social Security number
ID numbers (driver’s license, passport)
Fingerprints
Selfies
Voiceprints
Login credentials
Answers to security questions
Email addresses
Social media profiles
Bank account numbers
Debit and credit card numbers
PINs
IP addresses
Geolocation data
Other personally identifiable information (PII)

Depending on the setting, it can also include things like an individual’s browsing history, transaction data, and more.

For businesses and other entities, it may include:

Business registration numbers
Taxpayer identification number (TIN)
Employer identification number (EIN)
Value-Added Tax (VAT) number
Corporate email addresses
Corporate social media handles and profiles
Corporate domain names
Bank account numbers
Debit and credit card numbers
Geolocation data

Other identifying information, such as customer account numbers and vendor codes — as well as fingerprints, selfies, and login credentials tied to an organization’s executives — can also form part of an entity’s digital identity.

Finally, for devices, it can include attributes like:

IP addresses
Device fingerprints
Browser fingerprints
Security certificates
Geolocation
API keys
Serial numbers
International Mobile Equipment Identity (IMEI) numbers
Mobile Equipment Identifier (MEID)
NFC or RFID tags

Types of digital identity

We can segment digital identities in a number of different ways. For example, based on how they are established. Under this framework, we have the following types of digital identity:

Account-based digital identities, which are established when an individual creates an account and uses that account to access a platform, content, or services
Document-based digital identities, which are established by and linked to a government-issued ID, like a driver’s license, passport, or digital ID
Biometric digital identities, which are tied to an individual’s biometric information, such as their fingerprint, voiceprint, or selfie
Credential-backed digital identities, which are tied to a person’s login information, including their username, passport, and answers to security questions
Email-backed digital identities, which are tied to a person’s email or single sign-on (SSO) to access a variety of accounts around the web
Device-based digital identities, which are tied to a person’s device (smartphone, computer, security keyfob, etc.)
Social media-based digital identities, which are linked to a person’s social media presence across a variety of different platforms and profiles
Payment-based digital identities, which are established by a person’s payment information, such as their debit card, credit card, or digital payment information

What is NFC?

Near-field communication (NFC), is a set of digital protocols and processes that makes it possible for two or more devices or NFC chips to communicate with each other when they are close by – without needing to establish a physical connection. Once this connection has been established, it can be used to quickly transfer data, initiate a transaction, kick off a software application, or initiate other actions.

To work, a device must be NFC enabled. All this means is that the device is capable of interacting with an NFC chip or other NFC-enabled device. All iPhones produced since 2014 and most Samsung devices since 2015 have built-in NFC readers.

Ready to get started?

Explore Amani Ai, or create an account instantly and start verifying. You can also contact us to design a custom package for your business.

Start Now Contact Sales

Always know what you pay

Integrated per-transaction pricing with no hidden fees.

Start your integration

Get up and running with Amani in as little as 1 hour.

Amani Veritas

Amani Vida

Amani Video

Amani Vista

Phone & Email Verification

Address Verification

Amani e-Sign

Bulk Upload & Data Migration

Amani Studio

Identity Verification

Age Verification

KYC & AML

Video KYC

Delivery Verification

Biometric Login

Right to Work

Right to Rent

High Risk Transactions

Driver Registration

Learn, Explore & Stay Informed With Amani.

Learning

Blogs

Videos

Knowledge Bytes

Identity Glossary

Company

About Us

Partners

Careers

Contact Us

Developers

Documentation

API References