Overview
Identity Verification (IDV) is the final layer of the Security Waterfall. While Network Protection and Beneficiary Checks verify the bank account itself, IDV establishes a non-repudiable link between the physical person entering the data and the organization being paid.
IDV is triggered when:
- Premium bank-level checks (Network Protection or JPMC) are inconclusive.
- The customer is a non-subscriber and lacks access to premium automated checks.
- A user needs assistance in resetting their Multi-Factor Authentication (MFA).
Order of Operations
Graphite utilizes a tiered approach to IDV to minimize supplier friction while maximizing security. The system attempts verification in the following order:
I. Telecom Check
The platform utilizes an integrated, low-friction validation tier that automatically cross-references provided mobile connection points upon input.
- Logic: Graphite matches the user’s name and address against mobile carrier metadata.
- Coverage: United States (US), Canada (CA), United Kingdom (UK), Australia (AU), and Germany (DE).
- Outcome: If a "Match" is returned, the user is verified without further action. If a "No Match" or "Unsupported Carrier" is returned, the system moves to Government IDV.
II. Government IDV
A high-assurance check used for global coverage and indeterminate cases.
- Logic: The user is prompted to provide credentials from a trusted IDV provider or scan a government-issued photo ID (Passport, Driver’s License, or National ID) and perform a biometric "liveness" check (a brief video or selfie sequence). AI-driven detection evaluates the ID for authenticity and matches the biometric data to the photo on the document.
- Coverage: Graphite maintains global support for over 190 countries and 3,000+ document categories through an integrated network of verified enterprise identity providers.
- Outcome: Successful verification promotes the individual to Verified User status. This is a critical security distinction: once a user is verified, any subsequent data or documentation they input into the system is considered "Verified" by default, as the individual providing the information has been physically and biometrically authenticated. Failure (e.g., expired ID or failed liveness) triggers a manual Security Review for premium subscribers or results in a blocked onboarding process for non-paying customers.
III. Verified Callback (Premium Feature)
The "Human Backstop." Used for the highest risk profiles or as an alternative for suppliers unable to complete digital IDV.
- Logic: A member of Graphite’s Security and Validations team performs a manual or automated outreach to a verified, independent phone number for the supplier organization to confirm banking instructions.
- Outcome: This establishes a high degree of confidence and a “Verified” status for the banking information submitted.
Note: Graphite’s manual video call was deprecated, replaced by our premium Verified Callback.
Support Regions
The availability of specific verification methods depends on the geographic location of the supplier and the data available through local carriers and registries.
| Method | Coverage | Details |
| Telecom Check | US, CA, UK, AU, DE | Relies on direct carrier metadata matching. |
| Government IDV | Global (190+ Countries) | Supports 3,000+ ID types including Passports and National IDs. |
| IDV Provider Portal | Broad global coverage spanning major North American, European, and Asia-Pacific digital identity networks. | Allows users to submit verification through their saved profiles from different IDV providers. |
| Verified Callback | Global coverage | Manual outreach performed by the Graphite Security team. |
IDV System Statuses
The following table defines the specific statuses a user may see within the Trust Center or Connection Profile:
| Status | Description | Risk Impact |
| Match | The user’s name matches the identity verification | Low Risk
|
| Declined or No Data | The user was in an unsupported telecom region and declined to verify using any other IDV method | Medium Risk |
| No Match or Failed | The user’s name did not match the identity verification | High Risk |
| Pending | The user is queued for a Verified Callback. | No status or impact the risk score |
Non-Subscriber Logic: The "Stall"
For customers who do not pay for premium automated checks, IDV is the only path to verification.
If a supplier profile cannot successfully clear identity verification, the automated onboarding workflow securely pauses to prevent unauthorized progression. Because non-subscribers do not have access to the Verified Callback service or detailed Security Review metadata, the platform routes the profile to the customer for governance review, requiring a manual client policy exception to assume risk ownership or a formal decision to disconnect.
Privacy and Compliance
Graphite handles IDV data with the highest level of sensitivity:
- Data Masking: ID scans and biometric data are stored inside the Security Fence and are never visible to customer users.
- GDPR/CCPA: All IDV data is handled in accordance with global privacy regulations, including the right to erasure once the verification purpose is fulfilled.
- No Retention: Graphite does not store raw biometric "templates"—only the "Pass/Fail" result and the encrypted image of the ID.