We accept documents from 220+ countries and territories.

We cover over 14 000+ document types from 220+ countries and territories. Customers can set which documents are accepted for each country when adjusting verification levels and flows.

Sumsub supports most of the languages, including Korean, Japanese, Chinese, Cyrillic, and Semitic.

📘

Note

• For Amharic, Bengali, Burmese, Dari, Dhivehi, Hindi, Khmer (Cambodian), Kinyarwanda, Lao, Mongolian, Nepali, Sinhalese, we only accept documents with the latin characters. If the document is submitted with the country-specific characters, a notarized translation must be provided.
• Arabic, Farsi, and Urdu are available upon request at an additional cost. For more information, contact your Customer Success Manager.

Sumsub AI-based solution checks biometric data and submitted documents and ensures the highest possible match rate. Suspicious cases are additionally checked by our compliance experts for the final decision.

Yes, we support 30+ languages. This helps you talk with customers in their language and, as a result, ensure a high conversion rate.

Normally, it takes around 50 seconds. However, this can vary depending on the verification steps and countries selected by the customer.

No, we blur sensitive data from the bank cards and documents to ensure our applicants are completely protected.

No. Sumsub can be integrated with your website or application. We provide several options for the most simple and convenient integration process:

• Web and Mobile SDKs
• Sumsub API

You can also generate verification links right from the dashboard and share them with users; no integration required.

Yes, you can view the full audit trail in your dashboard if you have the corresponding permissions.

Yes, it can. As part of our AML screening procedure, we monitor thousands of global lists on fitness & probity and global & national sanctions, including OFAC, UN, HMT, EU, DFAT and many more from around the world - all in real time.

We use an adjustable fuzzy-matching algorithm to reduce the number of false positives while maintaining precision.

Yes, we do. We monitor thousands of global lists on fitness & probity and global & national sanctions, including OFAC, UN, HMT, EU, DFAT and many more from around the world - all in real time.

We use an adjustable fuzzy-matching algorithm to reduce the number of false positives while maintaining precision.

The PEP list check is automated and does not imply any final compliance decision as to whether to onboard the user or not; such a decision is to be made in line with internal procedures of your company such as risk assessment, AML/CFT Policy, etc. The result of the check is only based on the list of potential matches between the user’s personal data and the data contained in databases available to the Service Provider.

Yes, we do. Sumsub quickly identifies persons associated with criminal activity or those prohibited from certain industries and activities.

We scan thousands of lists on fitness & probity and global & national sanctions including OFAC, HMT, UN, and many more - all in real time. We also utilize a fuzzy-matching algorithm to reduce false positives.

You can easily check customers against watchlists with Sumsub’s ongoing AML monitoring. The system will automatically look for potential watchlist matches and notify you accordingly.

In most cases, we send a notification to your users explaining the issue with the instructions on how to solve it before the verification is completed. This ensures the highest conversion rate. However, users showing clear fraud attempts are not given a second chance.

The results are reported to you in the form of a user status (approved/declined/requires action) and explanatory comments.

All the user data is stored in our customer lifecycle management platform, so compliance officers and support can always check it with a single click. In the case of any investigation being needed, you can manually review user profiles and all uploaded images and video.

You can also receive this information via webhooks or through API.

Both terms ensure compliance with regulations but differ in scope. KYT (Know Your Transaction) focuses on AML screening of individual transactions. TM (Transaction Monitoring) is broader, encompassing KYT, user behavior monitoring, fraud detection, and more. For simplicity, Sumsub uses them interchangeably.

Pricing depends on your expected monthly transaction volume. Our sales team will help you choose the best option based on your needs.

Absolutely! We have a library of well-organized rule bundles categorized by risk level. Choose the ones that suit your risk appetite. We can also upload your existing risk matrix for a seamless transition.

There are a variety of options that you can use to create custom rules. They are as follows:

• Comprehensive Documentation: We provide detailed documentation that outlines all available expressions for building powerful and precise rules.
• Rule Builder with Autocomplete: Our intuitive rule builder streamlines the process. Start typing keywords, and the system will suggest relevant expressions to match your criteria.
• Human Language Rule Builder: We're also excited to introduce a revolutionary new feature – the human language rule builder (currently in the prototype stage). This innovative tool allows you to write rules in plain English. You can simply type a statement like "Put on hold all transactions where the total sum is greater than $10,000 in 10 days," the system will automatically translate it into the corresponding rule logic.

AYes, you can leverage rules to automatically request additional documents during transactions. This can be done by using additional screening options and checks to create an automotive flow and perform an in-depth analysis of your applicant profiles and their activities. Each rule can be configured to trigger requests for various verification checks, including:

• Liveness checks (confirming a user's physical presence)
• Proof of Address (PoA)

For more specific examples and use cases, refer to our detailed documentation here.

Some highlights include:

• AI for anomaly detection: Spot unusual patterns and suspicious activity for AML checks, combined with the power of user behavioral data checks.
• AML counterparty screening: Verify the legitimacy of other parties involved in transactions.
• Payment method and applicant scoring: Pre-check payment methods for fakes or stolen ones and identify high-risk transactions and users.
• Auto-decisions: Set thresholds for automatic approvals or rejections.
• Case management: Assign cases to specific officers for investigation.
• Transaction analytics: Gain insights with advanced data visualizations and rule statistics.
• Rule alert silencing: Manage the noise by prioritizing critical alerts.
• Payment Reference Screening with AI: Detects suspicious words & phrases, instructions, and names from watchlists.
• Request additional documents based on rules: Run applicant actions to request docs/selfies/questionnaires depending on the transaction parameters and rules triggered.

Sure! We offer a customizable dashboard with various visualizations and data points, including rule statistics and transaction scoring information.

Our dedicated customer support and technical team is here to assist you 24/7 at any time zone and geolocation. We aim for rapid response times.

We value your feedback! You can directly report bugs and suggest features within the platform. We can also work with you to establish a dedicated channel on your preferred messaging platform (e.g., Slack) to ensure the quickest possible response to your inquiries.

Sumsub currently offers Sandbox accounts that don't have a pre-defined end date. This allows for extended exploration of our Transaction Monitoring features. Once you've completed your testing and are ready to move forward, our team will be happy to assist you with choosing a suitable payment plan that aligns with your business needs, streamlining the go-to-market process, and ensuring a smooth integration of our solution into your existing system.

The following languages are supported:

📘

Note

You can provide us with any ISO 639-1 code when initializing the SDKs. If we do not have that locale, it will automatically fall back to English.

You can use custom CSS for the WebSDK by setting it up at the flow settings or sending it as a .uiConf.customCss/.uiConf.customCssStr parameter at the initialization function.

For the MobileSDK, there is a native support item:

• Android
• iOS

SDK locales can be changed from the Dashboard at SDK Translations.

Documentation for all integration types is available at our Developers Hub.

Yes, we do. You can tailor your verification process and fully test it before going live.

To access the Sumsub API, you need to implement the integration. This usually requires some assistance from our technicians.

The Sumsub-related part of integration can be completed in less than 1 hour. The final integration depends on your infrastructure and code base, but usually, our clients go live in 1-7 days after receiving access to our system.

The following media types and extensions are accepted:

The maximum file size is 50 Mb. You can set the minimum and maximum thresholds in Global settings.

A rate limit is the number of API calls an app or user can make within a given time period.

The current default rate limits are:

• For GET requests - 300.0 per 5.0 seconds.
• For POST requests - 50.0 per 5.0 seconds.

📘

Note

We can increase these limits upon individual requests.

Your service should accept webhooks from our service to automatically receive information about verification results and change the account status in real time. If you think that the verification results have not been received by your service, you can make a request at any time to obtain the current applicant status.

You can find the answer in the reviewResult.reviewAnswer field. Supported values are GREEN (applicant passed verification) and RED (applicant failed verification). In most cases, applicants can fix the problem by uploading new documents.

Once verification is complete, we send you a webhook. If "reviewAnswer": "GREEN", you can accept the recognition results. For more information, see this article.

Once verification is complete, we send you a webhook. You can then make a request to get the verification results for each document.

Once verification is complete, we send an email with the verification results to your applicants. The email also contains a link for the user to re-upload their documents if verification was unsuccessful.

📘

Note

To enable sending emails with verification results, select the Send email about verification statuses checkbox in the General verification level settings.

Different types of documents have different sets of fields that you can get using this method after verification.

To make sure everything works smoothly for both you and your users, we need to test the flow of your system from the user's perspective before giving you access to the Production environment. To do this, we need you to share a link to your server/platform/app with us.

Ensure that:

• Integration on the Sandbox environment is complete, works, and meets your requirements.
• There are no dev. console errors or warnings.
• You saved our applicantIds to your database and matched your users.
• You received and successfully processed test webhooks from our side.
• You know how to correlate results received in the webhook payload with your users.

📘

Note

We may send several final webhooks, so be prepared to change the user's status on your side accordingly. A typical example is when a user got approved, but later on he was detected as a fraudster, and therefore we block him with a second RED webhook.

Provide us with the information on the expected amount of incoming users per hour/day/month if possible.

Note that the settings will not be transferred from the test environment to production automatically; make sure to:

• Set up webhooks at Dev Space.
• Create and use a production app token and secret key for API authorization.

Make sure that you use a correct HTTP verb. E.g. you do not use GET where POST is required. Also, as a rule of thumb, specify the -H Accept:application/json HTTP header, which makes sense in most cases, unless you are getting binary content like images or PDFs.

Make sure that you use the correct headers provided for the expected return type (in most cases -H Accept:application/json HTTP header) and if you are making a POST request, you specify, e.g. -H Content-Type:application/json or -H Content-Type:multipart/form-data headers.

Make sure that all authorization headers have been provided as described in this section, an app token was created and used on the same environment (sandbox or production), signature encoded value matches request content, your timestamp matches UTC and was set in seconds not ms.

Yes, you can check our uptime history and current service status on the Sumsub Status page.

The Sandbox environment is only needed to implement integration. The test server does not automatically check applicants.