Introduction to Identity
Verify users' account ownership and reduce fraud with the Identity product.
Overview
Plaid's Identity product helps you verify users' identities by accessing information on file with their financial institution. Using Identity, you can access a user's phone number, email address, mailing address, and name. This can be used to fight fraud by verifying that the linked financial institution account is owned by the same user who created an account with you.
Plaid provides two endpoints for Identity: /identity/get
retrieves the user's name and contact information from their financial institution, while /identity/match
allows you to provide a name and contact information for a user and returns a match score indicating how well that information matches the information on file with their financial institution, simplifying the process of using identity data for account ownership verification. Both endpoints can be used to reduce fraud, improve user onboarding and conversion, and to complement Know Your Customer (KYC) compliance checks.
Identity can be used to verify all major account types supported by Plaid, including checking and savings accounts, credit cards, brokerage accounts, and loans. Identity coverage can be used to verify an account before initiating an ACH transaction: 97% of Items initialized with Auth provide Identity data as well.
Depending on your use case, you may want to verify the identity of all users, or only some. For example, you might want to verify the identity of any user initiating a funds transfer, or you might only verify users who you have identified as being higher risk, based on data such as email address, location, financial institution, or activity patterns.
Plaid Identity can be combined with Plaid Identity Verification in a single workflow to provide full identity verification and fraud reduction. Identity Verification is used for KYC, to verify that the user of your app is the person they claim to be, while Identity is used to confirm that the ownership information on their linked bank or credit card account matches this verified identity.
Integration overview
- Create a Link token by calling
/link/token/create
.
- If you are using Identity as a best-effort adjunct to other products, like Auth, put
identity
in therequired_if_supported_products
array. - If you want to require Identity and fail sessions where Identity data is not available, put
identity
in theproducts
array.
- Initialize Link with the Link token from the previous step. For more details, see Link.
- Once the user has successfully completed the Link flow, exchange the
public_token
for anaccess_token
by calling/item/public_token/exchange
. - Once you have the
access_token
, call/identity/get
to get data, or/identity/match
to match data. For more information on/identity/match
, including optional streamlined integration modes, see Identity Match.
Getting Identity data
The /identity/get
endpoint provides you with several pieces of information. The name is guaranteed to be available; the email address, phone number, and address are usually available, but may be null
otherwise.
Sample Identity data
Identity data returned by /identity/get
includes owners' names, addresses, email addresses, and phone numbers as reported by the financial institution. In the case of an Item containing accounts with multiple owners, all owners' information will be provided. For business accounts, the account owner’s name can be that of a business.
1"owners": [2 {3 "addresses": [4 {5 "data": {6 "city": "Malakoff",7 "country": "US",8 "postal_code": "14236",9 "region": "NY",10 "street": "2992 Cameron Road"11 },12 "primary": true13 }14 ],15 "emails": [16 {17 "data": "accountholder0@example.com",18 "primary": true,19 "type": "primary"20 },21 {22 "data": "accountholdersecondary0@example.com",23 "primary": false,24 "type": "secondary"25 },26 ],27 "names": [28 "Alberta Bobbeth Charleson"29 ],30 "phone_numbers": [31 {32 "data": "1112223333",33 "primary": true,34 "type": "home"35 }36 ]37 }38]
Typical identity fill rates by field
Field | Typical fill rate |
---|---|
Name | 100% |
Email address | 98% |
Address | 93% |
Phone number | 90% |
Identity Match
Using /identity/match
, Identity data fields such as names, addresses, email addresses, and phone numbers can be matched against the owners’ identity information on connected accounts. Multiple fields are matched in a single request, and a separate score is returned for each field to indicate how closely it matched. Customers using Identity Match can experience onboarding conversion improvements of 20% or more, without increasing fraud rates, when using Identity Match versus using their own matching algorithms.
If you are using Auth, you can optionally integrate Identity Match via the Dashboard with no additional code. For details, see Integrating Identity Match via the Account Verification Dashboard.
If you are already using Identity Verification, you can further enhance your verification process by enabling Financial Account Matching in your Identity Verification template.
This feature allows you to match the data collected during KYC without having to specify the user
field in your /identity/match
request.
To ensure accurate matching, it's important to maintain consistency in the client_user_id
used for end users across all products.
Sample Identity Match data
Data returned by /identity/match
includes scores from matching a user's name, address, phone number, and email with the account owner's data that was present on the connected account.
A score ranging from 0 to 100 is provided for each identity field. The score for a given field will be missing if the identity information for that field was not provided in the request or unavailable at the connected account. In the case of an Item containing accounts with multiple owners, the highest matched scores are returned.
You should typically not set the match score requirement for a field to 100. For example, if a phone number match score of 100 is required, the presence or absence of a country code, parentheses, or other formatting differences may cause a phone number mismatch.
Example of how to interpret name match score
Range | Meaning | Example |
---|---|---|
100 | Exact match | Andrew Smith, Andrew Smith |
85-99 | Strong match, likely spelling error, nickname, or a missing middle name, prefix or suffix | Andrew Smith, Andrew Simth |
70-84 | Possible match, likely alias or nickname and spelling error | Andrew Smith, Andy Simth |
50-69 | Unlikely match, likely relative | Andrew Smith, Betty Smith |
0-49 | Unlikely match | Andrew Smith, Ray Charles |
1{2 "accounts": [3 {4 ..5 "legal_name": {6 "score": 90,7 "is_nickname_match": true,8 "is_first_name_or_last_name_match": true9 },10 "phone_number": {11 "score": 10012 },13 "email_address": {14 "score": 10015 },16 "address": {17 "score": 100,18 "is_postal_code_match": true19 },20 ..21 },22 ]23}
Using Identity Match with micro-deposit or database Items
Items verified via Same Day micro-deposits, Instant micro-deposits, or Database Auth are not typically compatible with any other Plaid products besides Auth and Transfer. An exception is Identity Match, which can be used with these Items if they were previously seen on the Plaid network (approximately 30% of these Items).
Note that this applies to the Identity Match endpoint only; Items created using these flows are not compatible with /identity/get
.
To use Identity Match with micro-deposit or database Items, you have two options:
- For a low-code option that allows you to run the Identity Match check within the Link flow, use the Account Verification Dashboard.
- To run the Identity Match check outside the Link flow, continue with the integration instructions in this section.
Integration instructions
- To enable the Item for Identity Match,
identity
must be included in theoptional_products
,required_if_supported_products
, oradditional_consented_products
array during the/link/token/create
call at Item creation. (For this flow,identity
should not be included in theproducts
array, since including any other product thanauth
in theproducts
array can prevent micro-deposit or database verification flows from activating.)- If this was not done during Item creation, you can Identity consent to an existing Item by sending it through update mode.
- Call
/identity/match
.
If the Item is supported by Identity Match, you will receive results. If the Item was not previously seen on the Plaid network and therefore cannot be used with Identity Match, you will receive a PRODUCTS_NOT_SUPPORTED
error and will not be billed for the API call.
Integrating Identity Match via the Account Verification Dashboard
If you are using Auth, you can integrate Identity Match via the Account Verification Dashboard. This is a lower-code option that allows you to rely on Plaid Link for checking match scores and handling failed sessions.
When enabling Identity in this way, the Identity check will be incorporated into the Link flow.
This configuration option can only be used if Auth and Identity are the only required Plaid products you are using in the session. If you need access to other products, use the standard integration flow.
- In the Dashboard, select your Link customization and enable the "Configure via Dashboard" toggle.
- Select the settings for Auth you would like to use, then click "Next".
- Select the rules to use for Identity Match. Typically, the match threshold for each field should be set to a score of 70 or higher.
- When calling
/link/token/create
, ensure thatidentity
is in theproducts
array (orrequired_if_supported_products
array, if you want to allow customers to link accounts if their bank does not support Identity) and provide the identity data you have about the user, such as theirlegal_name
,phone_number
,address
, andemail_address
. - When the user goes through the Link flow, the identity data you supplied in the previous step will be compared to the data retrieved from their linked financial account. If the result based on your configuration is a pass, they will see a success screen. If it is a failure, they will see an error.
- Watch for the
IDENTITY_MATCH_PASSED
orIDENTITY_MATCH_FAILED
event from Link to detect the result of Identity Match in the Link flow. You can also view the status of a completed session in the Dashboard.
If the Identity Match check fails, you will not receive a HANDOFF
event or onSuccess
callback, but if you want to proceed with creating an Item anyway, you can obtain the public_token
by calling /link/token/get
.
If Identity is enabled via the Account Verification Dashboard, you will be billed for Identity Match as long as Plaid could obtain any Identity data from the Item, even if you did not exchange the public_token
. If Plaid was unable to obtain any Identity data for the Item, you will not be billed.
1// Sample call when integrating Identity Match via the 2// Account Verification Dashboard 3
4const request: LinkTokenCreateRequest = {5 user: {6 client_user_id: 'user-id',7 phone_number: '++1-111-222-3333',8 email_address: 'accountholder0@example.com',9 legal_name: 'Alberta Bobbeth Charleson',10 address: {11 street: '2992 Cameron Rd.',12 city: 'Malakoff',13 region: 'NY',14 postal_code: '14236'15 }16 },17 client_name: 'Personal Finance App',18 products: ['auth'],19 required_if_supported_products: ['identity'],20 country_codes: ['US'],21 language: 'en',22 webhook: 'https://sample-web-hook.com',23 redirect_uri: 'https://domainname.com/oauth-page.html'24};25try {26 const response = await plaidClient.linkTokenCreate(request);27 const linkToken = response.data.link_token;28} catch (error) {29 // handle error30}
Testing Identity
Identity can be tested in Sandbox against test data. Plaid provides a GitHub repo with test data for testing Identity in Sandbox, helping you test configuration options beyond those offered by the default Sandbox user. For more information on configuring custom Sandbox data, see Configuring the custom user account.
/identity/match
can be tested in Sandbox using custom user accounts as described above. Note that it is not recommended to send real user data or PII in the Sandbox environment for use with /identity/match
, as Sandbox is meant for testing purposes.
For details on testing Identity Match with Same Day Micro-deposits, see Testing Same-Day Microdeposits.
When testing Identity Match using the default user_good
custom Sandbox user, you can expect the following identity data to be used for matching against:
1Alberta Bobbeth Charleson22992 Cameron Rd.3Malakoff, NY 142364Phone: +1-111-222-33335Email: accountholder0@example.com
Identity Document Upload
The Identity Document Upload add-on can be used to verify account ownership based on a bank statement uploaded by an end user. This feature is intended primarily for use with Items created via loginless Auth flows, such as Same-Day Micro-deposits, Instant Micro-deposits, or Database Insights. For more details, see Identity Document Upload.
Sample app tutorial and code
For a real-life example of an app that incorporates Identity, see the Node-based Plaid Pattern Account Funding sample app. Pattern Account Funding is a sample account funding app that fetches Identity data in order to verify identity prior to a funds transfer. The Identity code can be found in items.js.
For a tutorial walkthrough of creating a similar app, see Account funding tutorial.
Identity pricing
Identity is billed on a one-time fee model, meaning you will be billed once for each Item with Identity added to it. Identity Match is billed on a per-request flat-fee basis. To view the exact pricing you may be eligible for, apply for Production access or contact Sales. For more details about pricing and billing models, see Plaid billing.
Identity availability by country
Identity and Identity Match are available in all supported countries (US, Canada, and Europe, including the UK). In Canada, Identity Match is in Early Availability; it cannot be requested via the Production access form and is available via a Growth or Custom plan only. To request access to Identity Match in Canada, contact your account manager or Sales.
Next steps
To get started building with Identity, see Add Identity to your App.
If you're ready to launch to Production, see the Launch Center.