What are checks?
Use checks to help pass the due diligence tasks on a profile’s product application.
Checks replace the manual work that would otherwise be needed to get information from data providers, such as gathering all company filings from a corporate registry, or performing actions using data providers such as running an electronic identity check.
There is a set list of checks that can be used for each task.
For example, there are two checks available for the Verify identity task that confirms an individual is who they say they are:
Electronic identity check: Establishes a digital paper trail for an individual.
ID verification: Confirms whether an individual’s proof of identity documents are valid.
When configuring your account, you choose which checks are enabled for your tasks.
What are check variants?
Each check you enable must have at least one check variant.
A check variant specifies:
Which data provider is used to run the check.
Whether any additional configuration options are applied to the check.
When a check has multiple variants, you can choose which variant you want to use. So, for example, you might choose to run a variant with a different data provider if the first variant you try doesn’t work.
When a check configured to run automatically has multiple variants, you specify which variant is tried first. You also have the option to configure the variants so that if the first one fails, returns an error, or returns a partial match, another is tried automatically, and so on. This is called waterfalling your check variants.
Additionally, you can specify that the check variant, and waterfall, are determined by the profile’s country. For example, you could specify that when the Company filings check is performed on a company incorporated in the UK, Companies House is always used as the data provider.
Every time a check variant is run, a permanent record of the information used to run the check variant and the results returned from the data provider are kept on the task, so you always know what happened to a profile. To learn more about how the check results are displayed, see the descriptions for each check.
The data provider determines which configuration options are available for the check. The links to the data provider configuration topics explain, in detail, how each data provider handles the check, including what information is sent to the data provider and what causes the check to pass, fail, or return a partial match by default, and which configuration options are available.
The configuration options to determine whether checks are run automatically and whether they cause tasks to pass automatically are set at the task level. Learn more about task configuration options.
Checks for individual profiles
Bank account verification using a CRA
Used for the Verify bank account task.
This check confirms whether an individual’s bank account and personal details are correct and associated with a legitimate bank account.
The check is performed by cross-referencing the individual’s details with the data provider’s credit rating agency (CRA).
The possible results for this check are Passed, Failed, and Error.
The result details display any information that was successfully matched in the CRA.
For more information about the check variant, see the data provider topic:
API name: CRA_BANK_ACCOUNT_VERIFICATION
Device fraud detection
Used for the Assess device reputation task.
This check assesses whether the individual's device is reputable.
This check is performed by sending the device details to the data provider who checks for signs of fraud.
The possible results for this check are Passed, Review, Failed, or Error.
The result details show the total transaction score, the matched rules, and any device and IP location information returned from the data provider.
It is not possible to configure the Device fraud detection check to run automatically. The Device fraud detection check does not have ongoing monitoring.
Learn how to run the check via the API.
To learn about the check variant, see the data provider topic:
API name: DEVICE_FRAUD_DETECTION
Document verification (service collects multiple)
Used for the Verify address and Verify identity tasks.
This check confirms whether an individual’s proof of address and proof of identity documents are valid.
The customer submits one document for proof of address and/or one document for proof of identity to the data provider who checks for signs of forgery.
The data provider also extracts the customer’s details from all documents and those details are cross-referenced with the profile’s details to ensure they match.
The results of each document are displayed on the relevant task. If a proof of address document is returned, the results are displayed on the Verify address task. If a proof of identity document is returned, the results are displayed on the Verify identity task. For each task, an image of the relevant document is displayed, along with any extracted data.
Each document has a document result. The check variant determines whether the document result is passed or failed. For example, the document result might be passed when the data provider confirms the document is valid and the extracted details match the profile details. If the check is configured as an acceptance check, the task is marked as passed when the document result is passed.
Independently, the check also has a check result, which can be completed or failed. If any documents are sent to Passfort, the check result is completed, regardless of whether those documents are valid or invalid. If no documents are sent, the check result is failed.
When the check is run manually, the check result is shared across the Verify address and Verify identity tasks, so the check on both tasks is completed or the check on both tasks is failed. This means that if only one document is returned and therefore only one task has document results to show, the other task will be marked as completed even though the document results look empty.
When the check is run automatically, it only runs on the tasks it's configured to run on, meaning it's possible for the check to run on Verify address task but not on the Verify identity task and vice versa. If you would like the automatic check experience to mimic the manual check experience, configure the Document verification (service collects multiple) check as an automatic check on both the Verify address and Verify identity tasks.
Note
Each task also has a status which can be completed as passed or failed. Tasks can have separate statuses even when the check result is shared across them.
To learn about the check variant, see the data provider article:
API name: DOCUMENT_CAPTURE
Electronic identity check
Used for the Verify address, Verify identity, and Verify tax status tasks.
This check verifies an individual’s address by establishing a digital paper trail for them.
The check is performed by searching for the individual in the sources supplied by the data provider, such as electoral rolls, credit databases, national identity registers, and telephone directories.
The check details display:
The overall result. A 2+2 result indicates the details were matched in two sources. A 1+1 result indicates the details were matched in one source. Note that with LexisNexis InstantID, a full match or partial match is returned instead of 1+1 and 2+2 results.
The information that was successfully matched in the data provider’s sources. Any matches contributing to the overall result are highlighted.
All sources that were searched. To see sources that did not return any matches, select
.
The data provider’s sources may vary per jurisdiction. Speak to your data provider to learn more about which sources they use for electronic identity checks.
The check variant determines when the check is Passed, Partial match, or Failed , for example, the check may pass when a 2+2 result is returned or a 1+1 result is returned, depending on your options.
Learn how to run the check using the portal and using the API.
To learn about the check variants, see the data provider topics:
API name:IDENTITY_CHECK
Fraud check
Used for the Assess individual fraud risk task.
This check assesses whether the individual has any matches in the Cifas National Fraud Database.
This check is performed by sending the individual's details to Cifas, who cross-references them in their National Fraud Database.
The possible results for this check are Passed, Review, or Error.
The result details show the number of potential matches found in the database and the Search ID that you can use to see the results in the Cifas portal.
The Fraud check does not have ongoing monitoring.
Learn how to run the check via the API.
To learn about the check variant, see the data provider topic:
Configuring Cifas National Fraud Database
API name: FRAUD_SCREENING
.
Geocoding check
Used for the Verify address task
The check finds the coordinates for an address.
The check is performed by sending an address to the data provider, which confirms the address is valid and returns the latitude and longitude.
The possible results for this check are Passed, Failed, and Error.
This check is always run from the API. It cannot be configured as an automatic check.
Once the coordinates have been determined, they can be used for the Geodistance check to calculate the distance between the individual's stated address and their current location.
Learn how to run the check using the API and see the results in the portal.
To learn about the check variants, see the data provider information:
Geodistance check
Used for the Verify address task.
This check confirms whether the individual's stated address and their current location are within the proximity threshold. You specify what the threshold will be when you configure the data provider.
The check is performed by taking the latitude and longitude of each location, then calculating the distance between them to confirm whether they're within a specified threshold.
The possible results for this check are Passed, Failed, and Error.
The result details display the distance between the two points in miles.
The distance is measured as a direct path between the two points. It does not account for any mountains, rivers, and so on. This check is always run from the API. It cannot be configured as an automatic check.
Learn how to run the check via the API and see the results in the portal.
To learn about the check variants, see the data provider topic:
ID verification (Passfort collects documents)
Used for the Verify address, Verify identity, and Verify tax status tasks.
This check confirms whether an individual’s proof of identity document is valid.
If you're using this check on the Verify tax status task, the tax documents are always verified manually.
If you're using this check on the Verify address or Verify identity task, you can choose to configure this check so documents are verified manually or verified by a data provider.
Alternatively, if you would like to use a data provider to verify documents, the check works as follows.
You upload an individual's document to Passfort. Passfort submits the document to the data provider who checks for signs of forgery.
The data provider also extracts the customer’s details from the document. These details are cross-referenced with the profile’s details to ensure they match.
Some data providers perform additional actions before the task is passed, such as police checks and selfie checks. Contact your data provider to find out what services they offer.
The possible results for this check are Passed or Failed. The check variant determines when each result is returned.
The result details display an image of the document.
To use this check to verify an individual’s address, ensure that:
The documents provided contain proof of address as well as proof of identity, for example, a driver’s license.
Your data provider extracts addresses from documents.
It's not possible to use this check with Onfido on the Verify address task because Onfido does not extract addresses from documents.
This check cannot be configured as an automatic check.
Some data providers offer services that check the quality of photos of documents to ensure they’re clear enough to be analyzed. Where possible, we recommend using ID verification (service collects documents) instead of ID verification (Passfort collects documents) because it enables these services to be used. Contact your data provider to find out what services they offer.
Learn how to run the check from the portal and from the API.
To learn about the check variants, see the data provider topics:
If you choose to always run the check manually rather than with a data provider, the provider is displayed as Manual Validation Only.
API name:DOCUMENT_VERIFICATION
ID verification (service collects documents)
Used for the Verify address and Verify identity tasks.
This check confirms whether an individual’s proof of identity documents are valid.
The customer submits their documents to the data provider who checks for signs of forgery.
The data provider also extracts the customer’s details from the document. These details are cross-referenced with the profile’s details to ensure they match.
Some data providers perform additional actions, for example, police checks, selfie checks, and liveness checks. Contact your data provider to learn what services they offer.
The possible check results are Passed or Failed. The check variant determines when each result is returned.
The result details display an image of the document and any information extracted from the document.
To use this check to verify an individual’s address, ensure that:
The documents contain proof of address as well as proof of identity, for example, a driver’s license.
Your data provider extracts addresses from documents.
It's not possible to use this check with Onfido on the Verify address task because Onfido does not extract addresses from documents.
This check is run manually. It cannot be configured to run automatically. Learn how to run this check using the API.
To learn about the check variants, see the data provider topics:
API name: DOCUMENT_FETCH
PEPs and sanctions screening
Used for the Assess PEPs and sanctions and Assess PEPs, sanctions, and adverse media tasks.
This check provides a list of an individual's potential matches to sanctioned persons, politically exposed persons (PEPs), and, if you have access to adverse media results through your data provider, instances of adverse media.
The check is performed by screening the individual through the data provider’s official sanctions lists and sources.
The possible check results are Completed or Unresolved events. The check variant determines when each result is returned.
The result details display two lists:
Potential matches: The potential matches returned by the data provider. You can choose to ignore any match on this list.
Ignored matches: The matches you have chosen to ignore. If you’re using Passfort false positive reduction service, any false positive matches are also displayed here. You can choose to confirm any match on this list.
Click the name of any match, potential or ignored, to see a detailed portfolio that provides the available information from the data provider about the match’s biography, associates, political exposure, events, and sources.
When you create an event with no check id, using POST /profiles/<uuid:profile_id>/events
in the API, these are listed under Screening matches from the Passfort API.
If there are no potential matches for the individual, the check results display a message that says "There are no potential matches to investigate."
Some data providers offer additional services to filter out false positives. If you’re using one of these services, false positives identified by your data provider aren’t displayed in Passfort. Contact your data provider for more information about how they determine false positives and where you can see them.
To learn about the check variants, see the data provider topics:
API name: PEPS_AND_SANCTIONS_SCREEN
Visa check
Used for the Verify immigration status task.
This check confirms whether an individual’s personal details and passport details are correct and associated with a valid work or study visa.
The check is performed by searching for the individual in the data provider’s database.
The possible check results are Passed or Failed. The check variant determines when each result is returned.
The result details display information about the visa.
It is not possible to configure the Visa check to run automatically.
Learn how to run this check using the API.
To learn about the check variant, see the data provider topic:
Each check variant with vSure can only be used to search for either work visas or study visas. To use vSure to search for both, set up one check variant with each, then configure the check variants as a waterfall.
API name:VISA_CHECK
Checks for company profiles
Charities registry check
Used for the Identify trustees and Verify charity details tasks.
This check provides basic information about a charity, for example, charity commission number, registration date, company number, areas of activity, and total expenditure.
The check is performed by searching for the charity in the registry the data provider is using for the charity’s jurisdiction.
The result details are displayed differently for each task.
Identify trustees
On the Identify trustees task, the possible results are Completed or Failed. The check result details display a list of key decision-makers at the board level, for example, chairs and secretaries, and any information available from the data provider about their roles, the dates they were appointed, and the dates they resigned.
You can add any of these trustees to the Trustee verification list, where you can verify and approve them. Learn more about adding, reviewing, and approving trustees.
Verify charity details
On the Verify charity details task, the possible results are Passed or Failed. The check result details display a list of all the information retrieved about the charity.
To learn about the check variants, see the data provider information:
API name: COMPANY_CHARITIES_REGISTRY
Company data check
Used for the Assess financials, Identify officers, Identify shareholders, Assess company ownership, and Verify company details tasks.
This check provides basic information about a company, for example, name, date of incorporation, officers, shareholders, and financial information.
The check is performed by requesting a report about the company from the data provider. The data provider compiles this report by gathering information from their sources for the company's jurisdiction.
When the check is run on a company, the results are displayed on all applicable tasks that the company has. Each task displays different elements of the data provider's report.
This check returns similar information to the Company registry check check and the Company ownership check check combined, plus, optionally, financial information.
Assess financials
On the Assess financials task, the check results display a summary of the company's financial data, such as credit rating, limits, international score, and rating history, profit & loss, balance sheet, capital & reserves, other financial items, and, for UK reports, cash flow.
All available data from the last five years is displayed.
There are two report formats:
Global standardized accounts: Displays the financial data in a way that's standardized for every country. This is sometimes referred to as the International Financial Reporting Standards (IFRS).
Localized UK accounts: Displays the financial data in a way that's localized for UK accounts.
If the data provider returns data for both report formats for a UK company, you can toggle between them by clicking
and .Reports for companies outside the UK are always displayed with the global standardized account format.
The cash flow is only displayed for the report format localized for UK accounts.
Only data returned from the data provider is displayed. For example, if the data provider does not return the currency, it's not displayed.
The information that's displayed in the summary of the check results comes directly from the data provider. For example, the Limit is Creditsafe's recommendation as guidance for the company's credit limit.
Today's limit is the total amount of credit that they recommend should be outstanding at one time, and the Contract limit is the recommended maximum contract capacity on a single contract over 12 months. For more information, see Creditsafe's documentation.
Identify officers
On the Identify officers task, the possible check results are Completed, Partial match, or Failed. The result details show a list of all the company officers found in the registry and any available information about their roles, the dates they were appointed, the dates they resigned, their dates of birth, and their nationalities.
You can add any of these officers to the Officers verification list, where you can verify and approve them. Learn more about adding, reviewing, and approving officers.
Identify shareholders
On the Identify shareholders task, the possible check results are Completed, Partial match, or Failed. The result details show a list of shareholders and any available information about their share percentage, share details, registration number, date of birth, and nationality.
You can add any of these shareholders to the Shareholders verification list, where you can verify and approve them. Learn more about adding, reviewing, and approving officers.
When Creditsafe Company Data API is the data provider, the names and share percentages of every shareholder are returned. Any available information about registration number, nationality, and date of birth is returned for the 50 shareholders with the largest shareholdings.
When Companies House is the data provider, only Persons of Significant Control (PSCs) are returned to the Identify Shareholders task.
Because Kompany KYC API does not return shareholder information, if you're using a check variant with Kompany configured as the data provider, a message is always displayed on the Identify shareholders task saying, "No shareholders found in check result."
Verify company details
On the Verify company details task, the possible check results are Passed, Partial match, or Failed. The result details show a list of all the information retrieved about the company.
To learn about the check variants, see the data provider topics:
Currently, only the Creditsafe Company Data API can be used to retrieve financial data for the Assess financials task.
Assess company ownership
For the Assess company ownership task, the possible check results are Completed, Partial match, or Failed. The result details show a list of entities and individuals with ownership and control of the onboarding company, and any available information about their share percentage, share details, registration number, date of birth, and nationality.
You can add any of these owners to the Ownership verification list, where you can verify and approve them. Learn more about adding, reviewing, and approving owners.
Company filings retrieval
Used for the Review company filings task.
This check lists all documents available in a corporate registry and imports the documents where possible.
The check is performed by searching for the company in the registry the data provider is using for the company’s jurisdiction.
The possible check results are Passed or Failed.
The result details display the names of all the documents, along with any other information that’s available about them, for example, filing date, or description.
All free documents are imported so you can view them.
All paid documents have the cost displayed and the option to purchase them. Once purchased, the documents are imported so you can view them.
The registry’s jurisdiction often determines the amount of information and the quality of data available online. Digital-first jurisdictions, for example, the UK, are likely to provide a large number of documents whereas other jurisdictions may only provide a few and the data may be unstructured.
To learn about the check variants, see the data provider topics:
When this check is run via the API, there is one check to retrieve the names and details of the company filings COMPANY_FILINGS
and another check to purchase a company filing COMPANY_FILING_PURCHASE
.
Company ownership check
Used for the Assess company ownership and Identify shareholders tasks.
This check provides a list of a company’s shareholders. Which shareholders are provided depends on your data provider and the company’s business type, for example, private vs public, but it might be a complete list of owners or a list of the most important shareholders.
The check is performed by searching for the company in the data provider’s sources.
The possible check results are Passed, Partial match, or Failed.
The result details display a list of shareholders and any available information about their share percentage, share details, dates of birth, and nationality.
You can add any of these shareholders to the Shareholder verification list, where you can verify and approve them.
To learn about the check variants, see the data provider topics:
API name: COMPANY_OWNERSHIP
Company registry check
Used for the Identify officers and Verify company details tasks.
This check provides basic information about a company, for example, name, date of incorporation, and officers.
The check is performed by searching for the company in the registry the data provider is using for the company’s jurisdiction.
The possible check results are Passed, Partial match, or Failed.
The result details display a list of all the company officers found in the registry and any available information about their roles, the dates they were appointed, the dates they resigned, their dates of birth, and their nationalities.
You can add any of these officers to the Officers verification list, where you can verify and approve them. Learn more about adding, reviewing, and approving officers.
The basic company information, for example, name, and date of incorporation, is imported into the profile data.
To improve the accuracy of search results for company names, common abbreviations for company types are also searched and considered matches. For example, if "Acme LTD" is searched and "Acme Limited" is found, it’s considered a match.
This check can also help users create company profiles via the portal. When a user chooses to search for a company, the search result data is retrieved using a Company registry check, if you have one set up. The only exception is when a Company data check is set up as the default check. In that case, the Company data check is used for company search.
To learn about the check variants, see the data provider topics:
API name: COMPANY_REGISTRY
Document verification
Used for the Verify bank account, Verify company address, Verify company details and Verify tax status tasks.
This check confirms whether a company’s document is valid.
You upload the company’s documents to Passfort. Passfort submits the documents to the data provider who assigns a specialist to manually check whether the documents are valid.
Some data providers offer services where the specialist gathers additional information. If you’re using one of these services, any additional information gathered by the specialist is imported into Passfort. Contact your data provider to find out what services they offer.
The possible check results are Passed or Failed.
The result details display an image of the document.
The company documents you can use depend on the task type.
Learn how to run a Document verification check using the API.
To learn about the check variant, see the data provider information:
API name:COMPANY_DOCUMENT_VERIFICATION
Fraud check
Used for the Assess company fraud risk task.
This check assesses whether the company has any matches in the Cifas National Fraud Database.
This check is performed by sending the individual's details to Cifas, who cross-references them in their National Fraud Database.
Note
The company's country of incorporation (metadata.country_of_incorporation
) is not sent to Cifas. When you click the button, you must be logged in to view the result. If you're not, you'll be prompted to log in, and to view the result you should either click the button again or use the Search ID to find the match in Cifas.
The possible results for this check are Passed, Review, or Error.
The result details show the number of potential matches found in the database, the Cifas Search ID, and a link to the match in the Cifas portal.
The Fraud check does not have ongoing monitoring.
Learn how to run this check using the API.
To learn about the check variants, see the data provider topic:
API name: COMPANY_FRAUD_SCREENING
.
Merchant fraud check
Used for the Assess merchant fraud risk task.
This check provides a list of any merchant accounts on the data provider's Terminated Merchant Files (TMF) database which may belong to the company or company associates, who are individuals, that you're onboarding.
The check is performed by screening the company and company associates who are individuals, through the data provider's TMF.
The possible results of the check are Completedwhen there are no potential matches, and Unresolved eventswhen there is at least one potential match.
The check result details display three lists:
Potential matches: Any potential matches from the TMF. You can choose to ignore or confirm any match on this list.
Ignored matches: Any matches from the TMF you have chosen to ignore.
Previous inquiries: Any matches that have been searched recently by other members of the TMF network. Note that these matches were not reported and did not have their accounts terminated. It is not possible to confirm or ignore them, and no action is required to progress the product application; these matches will not cause the check result to be Unresolved events.
Click the name of any match to see a detailed portfolio that provides all available information from the data provider about the match's company data, associate data, and the reason the merchant is on the list. For potential and ignored matches, the reason the match's account was terminated and the contact details of the merchant that filed the report are also displayed.
If there are no potential matches, the check results display a message that says "There are no potential matches to investigate."
Learn how to run this check using the API and see the results in the portal.
To learn more about the check variant, see the data provider topic:
Sanctions and adverse media screening
Used for the Assess sanctions and Assess sanctions and adverse media tasks.
This check provides a list of a company’s potential matches to sanctioned companies and, if you have access to adverse media results through your data provider, instances of adverse media and/or PEPs matches.
Individuals associated with the company are not screened as part of this check. To screen individuals automatically, create an associated smart policy for the task that has the PEPs and sanctions screen check.
The check is performed by screening the company through the data provider’s official sanctions lists and sources.
The possible check results are Completed or Unresolved events. The check variant determines when each result is returned.
The result details display two lists:
Potential matches: The potential matches returned by the data provider. You can choose to ignore any match on this list.
Ignored matches: The matches you have chosen to ignore. If you’re using Passfort’s false positive reduction service, any false positive matches are also displayed here. You can choose to confirm any match on this list.
Click the name of any match, potential or ignored, to see a detailed portfolio that provides all available information from the data provider about the match’s biography, associates, political exposure, events, and sources
If there are no potential matches for the individual, the check results display a message that says “There are no potential matches to investigate.”
Some data providers offer additional services to filter out false positives. If you’re using one of these services, false positives identified by your data provider aren’t displayed in Passfort. Contact your data provider for more information about how they determine false positives and where you can see them.
Learn how to run this check using the portal.
To learn about the check variants, see the data provider topics:
Adverse media results are not supported for Dow Jones Risk and Compliance.
API name:COMPANY_PEPS_AND_SANCTIONS_SCREEN
Website content check
Used for the Assess website content risk task.
This check evaluates website content for potential risk, such as signs of malware or phishing, prohibited phrases, no company address, and so on.
The check is performed by sending the URL and company details to the data provider, who checks for risky content.
The possible results for this check are Passed, Refer, or Error.
The result details show the website content details, including the data provider's score for the website.
If the data provider returns a full site scan report, this can be viewed in the task results and is also available via the profile's Files area.
Learn how to run the check using the portal and using the API.
To learn about the data provider variant, see the data provider topic:
API name: COMPANY_WEBSITE_CONTENT