Forensic fraud signals on the documents inside your KYC pipeline — not a replacement for identity verification.
One POST returns AI-generation indicators, tampering regions, metadata drift, math reconciliation, and a verdict — designed for risk engines, not onboarding funnels.
Inspects EXIF, software signatures, edit history, and structural fingerprints.
Originals are processed in encrypted memory and removed after analysis. Reports stay redacted by default.
Identity verification providers — Persona, Jumio, Onfido, Veriff, Plaid Identity — answer 'is this person who they say they are?'. They do not deeply analyse whether the bank statement, paystub, utility bill, or business document submitted during KYC was AI-generated, recycled, or tampered. Regulators increasingly expect both.
TrueDoc returns structured forensic evidence per document — MRZ checksums, ELA regions, math reconciliation, AI-generation flags, metadata drift — designed to sit behind your existing IDV provider so compliance teams have audit-ready evidence for SAR filings and regulator requests.
Synthetic identities passing data-only checks
AI-generated IDs evading legacy template matchers
Edited statements masking source-of-funds risk
Proof-of-address forgery for sanctions evasion
Use your own UI or TrueDoc's hosted upload.
Send file plus customer ID and risk tier.
Stored automatically in the enterprise portal.
Immutable logs and PII masking ready for regulator review.
Two patterns cover most production deployments. Synchronous: POST a document, block on the verdict, route the decision in your application code. Best for low-volume, user-facing flows where the reviewer needs an immediate answer.
Asynchronous: POST a document, receive an acknowledgment, then handle the signed verdict over a webhook. Best for batch ingestion, back-office review queues, and any pipeline where fintech kyc and risk engineering teams review documents minutes or hours after submission.
End-to-end latency is dominated by the forensic layers, not the network. A typical PDF or image returns a verdict in ~5–9s p95. Throughput scales horizontally; teams running batch ingestion typically tune concurrency on their side and rely on webhook delivery so request timeouts are not a concern.
Rate limits, retry semantics, and the signed-webhook event schema are in the developer reference — designed so a failed downstream consumer never silently drops a verdict.
Each verdict carries a trust score plus structured findings: forensic layer, signal name, severity, and (where applicable) a bounding region on the document. That maps cleanly to a rules engine — for example, "auto-reject when synthetic identities passing data-only checks is detected with high confidence" or "route to human review when only ai-generated ids evading legacy template matchers is detected."
The point: the API is built to feed a decision system, not to be one.
No credit card. Redacted report in under a minute.