Verify
Prove your customers are who they say they are.
Raytio Verify provides assurance that the people, businesses and credentials you deal with are real. Verification is done at source - against the cryptography in the document, the biometrics of the person, and government and financial registries - and every verified fact is digitally signed, so it can be checked by anyone, later, without re-doing the work.
Business problems solved
A photograph of a passport proves very little, and generative tools are making forgery cheaper every year.
Onboarding stalls while staff chase certified copies and re-key data.
A check done by one organisation is repeated by the next, at full cost, every time.
How it works
- You request verification through a form, a link, or the API - no coding required for the standard flows.
- The user completes verification on their own device: chip read, face check, consents.
- Results are digitally signed (4096-bit RSA-PSS, keys held in hardware) and written to the user's encrypted profile.
- You receive the outcome - and the user keeps the verification, reusable for the next organisation that asks.
What we verify
ePassports are read via NFC and proven cryptographically. The document's signature, its data-group hashes and its issuing country's certificate chain are all checked server-side against ICAO standards. Mobile driver licences are verified to ISO 18013-5. We don't accept document scans - if it can't be cryptographically verified, it isn't evidence.
Face match between the live person and the document's photo, with liveness detection to defeat replayed photos and video. The result is an identity binding: this person, this document, this moment.
New Zealand companies, trusts and legal entities verified against government registries, including directors and shareholders.
PEP and sanctions screening, plus adverse and credit checks. The checks run against government, credit bureau and bank data sources.
Email, phone, and physical address - the last by a one-time code delivered by post.
Bank accounts and transactions are connected by open-banking consent. Accounting records are connected from the user's accounting platform.
Connected accounts from developer, marketplace and social platforms are verified and summarised as badges covering account age, activity and standing. This is part of the reputation layer rather than a compliance check.
Benefits to your organisation
Cryptographic document proof and liveness detection remove the weakest links in remote onboarding.
Signed verification records and an immutable audit trail, ready for your auditor.
Users with verified profiles complete in minutes.
Every check returns a signed result, and face match returns a probability score against a threshold you set. Passed checks need no attention - your team reviews the failures, rather than every applicant.
Benefits to the user
The verification belongs to the user, not to the organisation that requested it.
Share only the fact - “over 18” - without the passport, where that's all that's required.
How chip verification works
When a passport chip is read, the verdict is not taken from the phone - the backend re-proves the chip independently, following ICAO 9303 passive authentication. Three checks must all pass:
The chip's security object is a signed document. The signature is verified against the Document Signer Certificate embedded in the chip.
Every data group read from the chip (identity data, photo) is hashed and compared with the signed hash table - any altered byte fails the check.
The Document Signer Certificate is chained to the issuing country's signing certificate, validated against the ICAO master list trust store.
Standards
ePassport machine-readable travel documents: MRZ, NFC chip access (BAC and PACE), active, chip and passive authentication.
Mobile driver licences, presented from the holder's phone wallet via a QR-initiated flow.
EU-PID and EU Photo ID credentials requested and verified via OpenID4VP, in both mdoc (CBOR) and SD-JWT formats.
Verification levels aligned with NIST 800-63 (IAL/AAL/FAL) and the NZ Identity Trust Framework.
What a signed verification looks like
Every verified fact is a signed record. Anyone holding the record can confirm the fact is genuine and unaltered - without contacting Raytio.
{
"field": "date_of_birth",
"source": "PASSPORT_CHIP",
"passed": true,
"verification_date": "2026-06-14T02:11:08Z",
"verifier": "Raytio",
"v_id": "758f1ec9-e527-4d86-9183-96ca095f70e5",
"signature": "RSA-PSS-SHA512(canonical_json(record))"
}
Where Verify is used
AML/CFT compliance
Customer due diligence that's fast for the client and audit-ready for you.
Read more →Verified customers, protected data, and agents you can hold to account.