FAQ
On this page, we have collected the most frequently asked questions about our products and services. If you do not find the answer to your question, contact us.
User verification
What countries are documents accepted from?
Do you verify country-specific documents?
We cover over 14 000+ document types from 220+ countries and territories. Customers can set which documents are accepted for each country when adjusting verification levels and flows.
In what languages does Sumsub support documents?
Sumsub supports most of the languages, including Korean, Japanese, Chinese, Cyrillic, and Semitic.
Note
- For Amharic, Bengali, Burmese, Dari, Dhivehi, Hindi, Khmer (Cambodian), Kinyarwanda, Lao, Mongolian, Nepali, Sinhalese, we only accept documents with the latin characters. If the document is submitted with the country-specific characters, a notarized translation must be provided.
- Arabic, Farsi, and Urdu are available upon request at an additional cost. For more information, contact your Customer Success Manager.
How do I ensure the highest possible match rates?
Sumsub AI-based solution checks biometric data and submitted documents and ensures the highest possible match rate. Suspicious cases are additionally checked by our compliance experts for the final decision.
Can the Sumsub interface be localized for our applicants?
Yes, we support 30+ languages. This helps you talk with customers in their language and, as a result, ensure a high conversion rate.
How much time does it take to verify a user?
Normally, it takes around 50 seconds. However, this can vary depending on the verification steps and countries selected by the customer.
Is all personal applicant data including sensitive information from the documents available to the support operators?
No, we blur sensitive data from the bank cards and documents to ensure our applicants are completely protected.
Will my users have to download an app?
No. Sumsub can be integrated with your website or application. We provide several options for the most simple and convenient integration process:
- Web and Mobile SDKs
- Sumsub API
You can also generate verification links right from the dashboard and share them with users; no integration required.
Do I get a full audit trail?
Yes, you can view the full audit trail in your dashboard if you have the corresponding permissions.
Can your product be used by AML obliged entities?
Yes, it can. As part of our AML screening procedure, we monitor thousands of global lists on fitness & probity and global & national sanctions, including OFAC, UN, HMT, EU, DFAT and many more from around the world - all in real time.
We use an adjustable fuzzy-matching algorithm to reduce the number of false positives while maintaining precision.
Do you check for Politically Exposed Persons and individuals from high-risk jurisdictions?
Yes, we do. We monitor thousands of global lists on fitness & probity and global & national sanctions, including OFAC, UN, HMT, EU, DFAT and many more from around the world - all in real time.
We use an adjustable fuzzy-matching algorithm to reduce the number of false positives while maintaining precision.
The PEP list check is automated and does not imply any final compliance decision as to whether to onboard the user or not; such a decision is to be made in line with internal procedures of your company such as risk assessment, AML/CFT Policy, etc. The result of the check is only based on the list of potential matches between the user’s personal data and the data contained in databases available to the Service Provider.
Do you offer watchlist screening?
Yes, we do. Sumsub quickly identifies persons associated with criminal activity or those prohibited from certain industries and activities.
We scan thousands of lists on fitness & probity and global & national sanctions including OFAC, HMT, UN, and many more - all in real time. We also utilize a fuzzy-matching algorithm to reduce false positives.
How can I cost-effectively re-verify customers against watchlists to fulfill recurring AML due diligence requirements?
You can easily check customers against watchlists with Sumsub’s ongoing AML monitoring. The system will automatically look for potential watchlist matches and notify you accordingly.
What happens if a user faces any difficulties during verification?
In most cases, we send a notification to your users explaining the issue with the instructions on how to solve it before the verification is completed. This ensures the highest conversion rate. However, users showing clear fraud attempts are not given a second chance.
How can I receive verification results?
The results are reported to you in the form of a user status (approved/declined/requires action) and explanatory comments.
All the user data is stored in our customer lifecycle management platform, so compliance officers and support can always check it with a single click. In the case of any investigation being needed, you can manually review user profiles and all uploaded images and video.
You can also receive this information via webhooks or through API.
Transaction monitoring
What's the difference between KYT and Transaction Monitoring (TM)?
Both terms ensure compliance with regulations but differ in scope. KYT (Know Your Transaction) focuses on AML screening of individual transactions. TM (Transaction Monitoring) is broader, encompassing KYT, user behavior monitoring, fraud detection, and more. For simplicity, Sumsub uses them interchangeably.
How do I find the right pricing plan?
Pricing depends on your expected monthly transaction volume. Our sales team will help you choose the best option based on your needs.
Does the platform offer pre-built rules for beginners?
Absolutely! We have a library of well-organized rule bundles categorized by risk level. Choose the ones that suit your risk appetite. We can also upload your existing risk matrix for a seamless transition.
How do I create custom rules?
There are a variety of options that you can use to create custom rules. They are as follows:
- Comprehensive Documentation: We provide detailed documentation that outlines all available expressions for building powerful and precise rules.
- Rule Builder with Autocomplete: Our intuitive rule builder streamlines the process. Start typing keywords, and the system will suggest relevant expressions to match your criteria.
- Human Language Rule Builder: We're also excited to introduce a revolutionary new feature – the human language rule builder (currently in the prototype stage). This innovative tool allows you to write rules in plain English. You can simply type a statement like "Put on hold all transactions where the total sum is greater than $10,000 in 10 days," the system will automatically translate it into the corresponding rule logic.
Can I request additional documents based on rules?
Yes, you can leverage rules to automatically request additional documents during transactions. This can be done by using additional screening options and checks to create an automotive flow and perform an in-depth analysis of your applicant profiles and their activities. Each rule can be configured to trigger requests for various verification checks, including:
- Liveness checks (confirming a user's physical presence)
- Proof of Address (PoA)
For more specific examples and use cases, refer to our detailed documentation here.
What other key features should I know about?
Some highlights include:
- AI for anomaly detection: Spot unusual patterns and suspicious activity for AML checks, combined with the power of user behavioral data checks.
- AML counterparty screening: Verify the legitimacy of other parties involved in transactions.
- Payment method and applicant scoring: Pre-check payment methods for fakes or stolen ones and identify high-risk transactions and users.
- Auto-decisions: Set thresholds for automatic approvals or rejections.
- Case management: Assign cases to specific officers for investigation.
- Transaction analytics: Gain insights with advanced data visualizations and rule statistics.
- Rule alert silencing: Manage the noise by prioritizing critical alerts.
- Payment Reference Screening with AI: Detects suspicious words & phrases, instructions, and names from watchlists.
- Request additional documents based on rules: Run applicant actions to request docs/selfies/questionnaires depending on the transaction parameters and rules triggered.
Can I get a more detailed analytics dashboard?
Sure! We offer a customizable dashboard with various visualizations and data points, including rule statistics and transaction scoring information.
Who should I contact for technical questions or integration help?
Our dedicated customer support and technical team is here to assist you 24/7 at any time zone and geolocation. We aim for rapid response times.
How can I report bugs or request features?
We value your feedback! You can directly report bugs and suggest features within the platform. We can also work with you to establish a dedicated channel on your preferred messaging platform (e.g., Slack) to ensure the quickest possible response to your inquiries.
What happens after my trial ends?
Sumsub currently offers Sandbox accounts that don't have a pre-defined end date. This allows for extended exploration of our Transaction Monitoring features. Once you've completed your testing and are ready to move forward, our team will be happy to assist you with choosing a suitable payment plan that aligns with your business needs, streamlining the go-to-market process, and ensuring a smooth integration of our solution into your existing system.
API
Where can I find integration documentation?
Documentation for all integration types is available at our Developers Hub.
Do you have a sandbox environment?
Yes, we do. You can tailor your verification process and fully test it before going live.
How can I get access to your API?
To access the Sumsub API, you need to implement the integration. This usually requires some assistance from our technicians.
How long does integration take?
The Sumsub-related part of integration can be completed in less than 1 hour. The final integration depends on your infrastructure and code base, but usually, our clients go live in 1-7 days after receiving access to our system.
What file extensions do you accept? Are there file size limits?
The following media types and extensions are accepted:
Media type | File formats |
---|---|
image/jpeg |
jpeg, jpg |
image/png |
png |
application/pdf |
|
video/mp4 |
mp4 |
video/webm |
webm |
video/quicktime |
mov |
The maximum file size is 50 Mb. You can set the minimum and maximum thresholds in Global settings.
What are the current rate limits?
A rate limit is the number of API calls an app or user can make within a given time period.
The current default rate limits are:
- For
GET
requests - 300.0 per 5.0 seconds. - For
POST
requests - 50.0 per 5.0 seconds.
Note
We can increase these limits upon individual requests.
Why should we make endpoint for getting webhooks from your service?
Your service should accept webhooks from our service to automatically receive information about verification results and change the account status in real time. If you think that the verification results have not been received by your service, you can make a request at any time to obtain the current applicant status.
When I receive a webhook, where is the answer?
You can find the answer in the reviewResult.reviewAnswer
field. Supported values are GREEN
(applicant passed verification) and RED
(applicant failed verification). In most cases, applicants
can fix the problem by uploading new documents.
How can I get the results of applicant document recognition?
Once verification is complete, we send you a webhook. If "reviewAnswer": "GREEN"
, you can accept the recognition results. For more information, see
this article.
How can I get the results of the checked documents?
Once verification is complete, we send you a webhook. You can then make a request to get the verification results for each document.
How to notify users about verification result?
Once verification is complete, we send an email with the verification results to your applicants. The email also contains a link for the user to re-upload their documents if verification was unsuccessful.
Note
To enable sending emails with verification results, select the Send email about verification statuses checkbox in the General verification level settings.
How does resubmission work?
The resubmission flow is as follows:
- The applicant uploads all the necessary documents and the verification process starts.
- During verification, our system finds that some of the documents or other provided data is not eligible for verification.
- The status changes to
Resubmission requested
and theapplicantReviewed
webhook withreviewRejectType: "RETRY"
is sent. - The applicant sees the corresponding message on the SDK screens. We provide comments for every step that was failed during the verification process and request for the new images or other data.
What's the format of the document recognition results?
Different types of documents have different sets of fields that you can get using this method after verification.
How we can get access to production?
To make sure everything works smoothly for both you and your users, we need to test the flow of your system from the user's perspective before giving you access to the Production environment. To do this, we need you to share a link to your server/platform/app with us.
Ensure that:
- Integration on the Sandbox environment is complete, works, and meets your requirements.
- There are no dev. console errors or warnings.
- You saved our applicantIds to your database and matched your users.
- You received and successfully processed test webhooks from our side.
- You know how to correlate results received in the webhook payload with your users.
Note
We may send several final webhooks, so be prepared to change the user's status on your side accordingly. A typical example is when a user got approved, but later on he was detected as a fraudster, and therefore we block him with a second
RED
webhook.
How to move to production?
Provide us with the information on the expected amount of incoming users per hour/day/month if possible.
Note that the settings will not be transferred from the test environment to production automatically; make sure to:
- Set up webhooks at Dev Space.
- Create and use a production app token and secret key for API authorization.
I'm getting a `405 Method not allowed` error
Make sure that you use a correct HTTP verb. E.g. you do not use GET
where POST
is required. Also, as a rule of thumb, specify the -H Accept:application/json
HTTP header, which makes sense
in most cases, unless you are getting binary content like images or PDFs.
I'm getting a `415 Unsupported media type` error
Make sure that you use the correct headers provided for the expected return type (in most cases -H Accept:application/json
HTTP header) and if you are making a POST request, you specify, e.g.
-H Content-Type:application/json
or -H Content-Type:multipart/form-data
headers.
I'm getting a 401 error code
Make sure that all authorization headers have been provided as described in this section, an app token was created and used on the same environment (sandbox or production), signature encoded value matches request content, your timestamp matches UTC and was set in seconds not ms.
Do you have a service status page?
Yes, you can check our uptime history and current service status on the Sumsub Status page.
Why is the applicant in Pending status for a long time in the sandbox?
The Sandbox environment is only needed to implement integration. The test server does not automatically check applicants.