Skip to main content

Verify

Prove your customers are who they say they are.

Raytio Verify provides assurance that the people, businesses and credentials you deal with are real. Verification is done at source - against the cryptography in the document, the biometrics of the person, and government and financial registries - and every verified fact is digitally signed, so it can be checked by anyone, later, without re-doing the work.

Business problems solved

Document scans are easy to fake

A photograph of a passport proves very little, and generative tools are making forgery cheaper every year.

Manual checks are slow and expensive

Onboarding stalls while staff chase certified copies and re-key data.

Verification doesn't travel

A check done by one organisation is repeated by the next, at full cost, every time.

How it works

  1. You request verification through a form, a link, or the API - no coding required for the standard flows.
  2. The user completes verification on their own device: chip read, face check, consents.
  3. Results are digitally signed (4096-bit RSA-PSS, keys held in hardware) and written to the user's encrypted profile.
  4. You receive the outcome - and the user keeps the verification, reusable for the next organisation that asks.

What we verify

Identity documents - chip only

ePassports are read via NFC and proven cryptographically. The document's signature, its data-group hashes and its issuing country's certificate chain are all checked server-side against ICAO standards. Mobile driver licences are verified to ISO 18013-5. We don't accept document scans - if it can't be cryptographically verified, it isn't evidence.

The person

Face match between the live person and the document's photo, with liveness detection to defeat replayed photos and video. The result is an identity binding: this person, this document, this moment.

The business

New Zealand companies, trusts and legal entities verified against government registries, including directors and shareholders.

Standing

PEP and sanctions screening, plus adverse and credit checks. The checks run against government, credit bureau and bank data sources.

Contact details

Email, phone, and physical address - the last by a one-time code delivered by post.

Financial data

Bank accounts and transactions are connected by open-banking consent. Accounting records are connected from the user's accounting platform.

Reputation

Connected accounts from developer, marketplace and social platforms are verified and summarised as badges covering account age, activity and standing. This is part of the reputation layer rather than a compliance check.

Benefits to your organisation

Stronger evidence

Cryptographic document proof and liveness detection remove the weakest links in remote onboarding.

Compliance that keeps its receipts

Signed verification records and an immutable audit trail, ready for your auditor.

Faster onboarding

Users with verified profiles complete in minutes.

Review by exception

Every check returns a signed result, and face match returns a probability score against a threshold you set. Passed checks need no attention - your team reviews the failures, rather than every applicant.

Benefits to the user

Verify once, reuse everywhere

The verification belongs to the user, not to the organisation that requested it.

Only what's needed

Share only the fact - “over 18” - without the passport, where that's all that's required.

No cost to the user

How chip verification works

When a passport chip is read, the verdict is not taken from the phone - the backend re-proves the chip independently, following ICAO 9303 passive authentication. Three checks must all pass:

Document signature

The chip's security object is a signed document. The signature is verified against the Document Signer Certificate embedded in the chip.

Data-group hashes

Every data group read from the chip (identity data, photo) is hashed and compared with the signed hash table - any altered byte fails the check.

Country signing chain

The Document Signer Certificate is chained to the issuing country's signing certificate, validated against the ICAO master list trust store.

Standards

ICAO 9303

ePassport machine-readable travel documents: MRZ, NFC chip access (BAC and PACE), active, chip and passive authentication.

ISO 18013-5

Mobile driver licences, presented from the holder's phone wallet via a QR-initiated flow.

EU Digital Identity Wallet

EU-PID and EU Photo ID credentials requested and verified via OpenID4VP, in both mdoc (CBOR) and SD-JWT formats.

Assurance frameworks

Verification levels aligned with NIST 800-63 (IAL/AAL/FAL) and the NZ Identity Trust Framework.

What a signed verification looks like

Every verified fact is a signed record. Anyone holding the record can confirm the fact is genuine and unaltered - without contacting Raytio.

{
"field": "date_of_birth",
"source": "PASSPORT_CHIP",
"passed": true,
"verification_date": "2026-06-14T02:11:08Z",
"verifier": "Raytio",
"v_id": "758f1ec9-e527-4d86-9183-96ca095f70e5",
"signature": "RSA-PSS-SHA512(canonical_json(record))"
}

Where Verify is used

AML/CFT compliance

Customer due diligence that's fast for the client and audit-ready for you.

Read more →

Customer onboarding

Verified customers from the first form.

Read more →

Guest check-in

Contactless, verified check-in for accommodation.

Read more →

Verified customers, protected data, and agents you can hold to account.