Documentation
API ReferenceChangelogFAQDashboard

Document-based PoA

The process of document-based address verification includes the following steps:

  1. Applicants upload photos of their PoA documents via WebSDK and MobileSDK. This can also be done by you via the Sumsub API.
  2. Sumsub performs the following:
    • Checks the documents for authenticity, image integrity, and validates the document data.
    • Extracts the full name, home address, and issue date from the document using an OCR engine — to extract plain text, and then a machine learning algorithm — to structure and group the data into logical blocks.
    • Validates the extracted data to ensure it is a full address and it really exists.
    • Ensures the document is not expired.
    • Validates the extracted PoA data against the data from the ID document and the available data sources — external map services, such as Google Maps, Open Street Map, and others.
  3. You handle verification results.

There are certain requirements that PoA documents must meet to successfully pass verification. These requirements are applied to the original document, its contents, and photo characteristics.

Document requirements

The PoA documents must meet the following requirements:

  • The document was issued less than 3 month (by default) before the upload date. You can configure the list of documents accepted for your service and their expiry periods in the global settings or when customizing verification levels.
  • The document is not scratched, stained, or torn.
  • The applicant's full name, home address, and the document issue date (in most cases) information is present and readable.
  • The document is issued either in paper or electronic (PDF) form.
🚧

Consider the following conditions applied by default to all PoA checks:

  • All PO BOX addresses are accepted by default.
  • PoI documents as PoA documents are allowed.
  • Same document can be accepted on both PoI and PoA steps.
  • Verification will fail if the applicant submits the same document type at the 2nd Proof of Address step. For example, if the 1st PoA preset is wide (all documents) and the second is only a Bank statement, the applicant uploaded the Bank statement document on the 1st step will never be verified.
  • Business addresses and mobile phones are allowed.

Content requirements

PoA documents must contain:

  • Owner full name and full home address.
  • Issue date.
  • Issuing authority identification data.

Photo requirements

The PoA document photo to be uploaded should meet the following requirements:

  • The file is an original photo (static image), scan or screenshot (if allowed) in JPG, JPEG, PNG, or PDF.
  • If the document has data on the front and back, the photos of both sides should be uploaded.
  • The file size is under 50Mb.
  • Information in the document is readable.
  • All corners of the document are visible, and no foreign objects or graphic elements are present.
  • The uploaded photo has not been edited with any software or converted to PDF.
🚧

Attention

By default, screenshots are not accepted. You can allow them in the Global configuration tab, while configuring PoA preset.

Authenticity and fraud checks

Sumsub checks proof of address documents to confirm that the submitted file is genuine, contains the required data, and has not been digitally altered. The exact verification process depends on the PoA type, document subtype, and file format.

For document-based PoA, Sumsub checks that:

  • Document contains the required data, such as the applicant full name, address, and, where applicable, issue date, date of birth, MRZ, or other document-specific fields.
  • Required data is visible, readable, and can be extracted.
  • Document subtype is accepted according to your verification settings, for example, a utility bill, bank statement, government-issued document, or another supported document type.
  • Document is not expired, if an expiration period applies.
  • Applicant name and other extracted data match the data from other submitted documents and available sources.
  • Address is recognized, complete, and valid.
  • Document shows no signs of digital tampering or fraud.
  • Document visually matches the expected structure for a certain vendor, where applicable.

Authenticity checks for images

For image files, such as JPG, JPEG, and PNG, the system analyzes the uploaded file to detect signs of editing or manipulation. This may include:

  • Metadata analysis.
  • Checks for traces of image editing software.
  • Pixel-level analysis to identify abnormal areas in the image.

The system also performs the following:

  • Checks that all required fields are visible and can be extracted.
  • Verifies that the document is not a screenshot when the client does not accept screenshots.

Additional fraud signals may include repeated or suspicious document patterns, such as similar templates, addresses, account numbers, transactions, or other recurring data structures.

Authenticity checks for PDF files

For PDF files, the system checks metadata, internal PDF structure, and other technical signals to detect signs of editing or fraud. The system also performs the following:

  • Checks whether the document contains typical metadata and internal structure for specific vendors.
  • Analysis of the document internal structure.
  • PDF signature checks, where applicable.