Introduction to Identity

Plaid's Identity product helps you verify users' identities by accessing information on file with their financial institution. Using Identity, you can access a user's phone number, email address, mailing address, and name. This can be used to fight fraud by verifying that the linked financial institution account is owned by the same user who created an account with you.

Plaid provides two endpoints for Identity:

• /identity/get retrieves the user's name and contact information from their financial institution
• /identity/match allows you to provide a name and contact information for a user and returns a set of match scores indicating how well that information matches the information on file with their financial institution, simplifying the process of using identity data for account ownership verification.

Both endpoints can be used to reduce fraud, improve user onboarding and conversion, and to complement Know Your Customer (KYC) compliance checks.

Identity can be used to verify all major account types supported by Plaid, including checking and savings accounts, credit cards, brokerage accounts, and loans. Identity coverage can be used to verify an account before initiating an ACH transaction: 97% of Items initialized with Auth provide Identity data as well.

Depending on your use case, you may want to verify the identity of all users, or only some. For example, you might want to verify the identity of any user initiating a funds transfer, or you might only verify users who you have identified as being higher risk, based on data such as email address, location, financial institution, or activity patterns.

Plaid Identity can be combined with Plaid Identity Verification in a single workflow to provide full identity verification and fraud reduction. Identity Verification is used for KYC, to verify that the user of your app is the person they claim to be, while Identity is used to confirm that the ownership information on their linked bank or credit card account matches this verified identity.

1. Create a Link token by calling /link/token/create.
   • If you are using Identity as a best-effort adjunct to other products, like Auth, put identity in the required_if_supported_products array.
   • If you want to require Identity and fail sessions where Identity data is not available, put identity in the products array.
2. Initialize Link with the Link token from the previous step. For more details, see Link.
3. Once the user has successfully completed the Link flow, exchange the public_token for an access_token by calling /item/public_token/exchange.
4. Once you have the access_token, call /identity/get to get data, or /identity/match to match data. For more information on /identity/match, including optional streamlined integration modes, see Identity Match.

The /identity/get endpoint provides you with several pieces of information. The name is guaranteed to be available; the email address, phone number, and address are usually available, but may be null otherwise.

Identity data returned by /identity/get includes owners' names, addresses, email addresses, and phone numbers as reported by the financial institution. In the case of an Item containing accounts with multiple owners, all owners' information will be provided. For business accounts, the account owner’s name can be that of a business.

1"owners": [
2  {
3    "addresses": [
4      {
5        "data": {
6          "city": "Malakoff",
7          "country": "US",
8          "postal_code": "14236",
9          "region": "NY",
10          "street": "2992 Cameron Road"
11        },
12        "primary": true
13      }
14    ],
15    "emails": [
16      {
17        "data": "accountholder0@example.com",
18        "primary": true,
19        "type": "primary"
20      },
21      {
22        "data": "accountholdersecondary0@example.com",
23        "primary": false,
24        "type": "secondary"
25      },
26    ],
27    "names": [
28      "Alberta Bobbeth Charleson"
29    ],
30    "phone_numbers": [
31      {
32        "data": "1112223333",
33        "primary": true,
34        "type": "home"
35      }
36    ]
37  }
38]

Using /identity/match, Identity data fields such as names, addresses, email addresses, and phone numbers can be matched against the owners’ identity information on connected accounts. Multiple fields are matched in a single request, and a separate score is returned for each field to indicate how closely it matched. Customers using Identity Match can experience onboarding conversion improvements of 20% or more, without increasing fraud rates, when using Identity Match versus using their own matching algorithms.

If you are already using Identity Verification, you can further enhance your verification process by enabling Financial Account Matching in your Identity Verification template. This feature allows you to match the data collected during KYC without having to specify the user field in your /identity/match request. To ensure accurate matching, it's important to maintain consistency in the client_user_id used for end users across all products.

Data returned by /identity/match includes scores from matching a user's name, address, phone number, and email with the account owner's data that was present on the connected account. A score ranging from 0 to 100 is provided for each identity field. The score for a given field will be missing if the identity information for that field was not provided in the request or unavailable at the connected account. In the case of an Item containing accounts with multiple owners, the highest matched scores are returned.

Example of how to interpret name match score

Example of how to interpret phone number score

1{
2  "accounts": [
3    {
4      ..
5      "legal_name": {
6        "score": 90,
7        "is_nickname_match": true,
8        "is_first_name_or_last_name_match": true
9      },
10      "phone_number": {
11        "score": 100
12      },
13      "email_address": {
14        "score": 100
15      },
16      "address": {
17        "score": 100,
18        "is_postal_code_match": true
19      },
20      ..
21    },
22  ]
23}

Items verified via Same Day micro-deposits, Instant micro-deposits, or Database Auth are not typically compatible with any other Plaid products besides Auth and Transfer. An exception is Identity Match, which can be used with these Items if they were previously seen on the Plaid network (approximately 30% of these Items).

Note that this applies to the Identity Match endpoint only; Items created using these flows are not compatible with /identity/get.

To use Identity Match with micro-deposit or database Items, you have two options:

• For a low-code option that allows you to run the Identity Match check within the Link flow, use the Account Verification Dashboard.
• To run the Identity Match check outside the Link flow, continue with the integration instructions in this section.

Integration instructions

1. To enable the Item for Identity Match, identity must be included in the optional_products, required_if_supported_products, or additional_consented_products array during the /link/token/create call at Item creation. (For this flow, identity should not be included in the products array, since including any other product than auth in the products array can prevent micro-deposit or database verification flows from activating.)
   • If this was not done during Item creation, you can Identity consent to an existing Item by sending it through update mode.
2. Call /identity/match.

If the Item is supported by Identity Match, you will receive results. If the Item was not previously seen on the Plaid network and therefore cannot be used with Identity Match, you will receive a PRODUCTS_NOT_SUPPORTED error and will not be billed for the API call.

If you are using Auth, you can integrate Identity Match via the Account Verification Dashboard. This is a lower-code option that allows you to rely on Plaid Link for checking match scores and handling failed sessions.

When enabling Identity in this way, the Identity check will be incorporated into the Link flow.

This configuration option can only be used if Auth and Identity are the only required Plaid products you are using in the session. If you need access to other products, use the standard integration flow.

1. In the Dashboard, select your Link customization and enable the "Configure via Dashboard" toggle.
2. Select the settings for Auth you would like to use, then click "Next".
3. Select the rules to use for Identity Match. Typically, the match threshold for each field should be set to a score of 70 or higher.
4. When calling /link/token/create:
   • Ensure that identity is in the products array (or required_if_supported_products array, if you want to allow customers to link accounts if their bank does not support Identity).
   • Set the link_customization_name to the customization you selected in Step 1 (this is optional if you are using the default customization).
   • Provide the identity data you have about the user, such as their legal_name, phone_number, address, and email_address.
5. Launch Link using the Link token. When the user goes through the Link flow, the identity data you supplied in the previous step will be compared to the data retrieved from their linked financial account. If the result based on your configuration is a pass, they will see a success screen. If it is a failure, they will see an error.
6. Watch for the IDENTITY_MATCH_PASSED or IDENTITY_MATCH_FAILED event from Link to detect the result of Identity Match in the Link flow. You can also view the status of a completed session in the Dashboard.

If the Identity Match check fails, you will not receive a HANDOFF event or onSuccess callback, but if you want to proceed with creating an Item anyway, you can obtain the public_token by calling /link/token/get.

1const request: LinkTokenCreateRequest = {
2  loading_sample: true
3};
4try {
5  const response = await plaidClient.linkTokenCreate(request);
6  const linkToken = response.data.link_token;
7} catch (error) {
8  // handle error
9}

Identity can be tested in Sandbox against test data. Plaid provides a GitHub repo with test data for testing Identity in Sandbox, helping you test configuration options beyond those offered by the default Sandbox user. For more information on configuring custom Sandbox data, see Configuring the custom user account.

/identity/match can be tested in Sandbox using custom user accounts as described above. Note that it is not recommended to send real user data or PII in the Sandbox environment for use with /identity/match, as Sandbox is meant for testing purposes.

For details on testing Identity Match with Same Day Micro-deposits, see Testing Same-Day Microdeposits.

When testing Identity Match using the default user_good custom Sandbox user, you can expect the following identity data to be used for matching against:

1Alberta Bobbeth Charleson
22992 Cameron Rd.
3Malakoff, NY 14236
4Phone: +1-111-222-3333
5Email: accountholder0@example.com

The Identity Document Upload add-on can be used to verify account ownership based on a bank statement uploaded by an end user. This feature is intended primarily for use with Items created via loginless Auth flows, such as Same-Day Micro-deposits, Instant Micro-deposits, or Database Insights. For more details, see Identity Document Upload.

For a real-life example of an app that incorporates Identity, see the Node-based Plaid Pattern Account Funding sample app. Pattern Account Funding is a sample account funding app that fetches Identity data in order to verify identity prior to a funds transfer. The Identity code can be found in items.js.

For a tutorial walkthrough of creating a similar app, see Account funding tutorial.

Identity is billed on a one-time fee model, meaning you will be billed once for each Item with Identity added to it. Identity Match is billed on a per-request flat-fee basis. To view the exact pricing you may be eligible for, apply for Production access or contact Sales. For more details about pricing and billing models, see Plaid billing.

Identity and Identity Match are available in all supported countries (US, Canada, and Europe, including the UK). In Canada, Identity Match cannot be requested via the Production access form and is available via a Growth or Custom plan only. To request access to Identity Match in Canada, contact your account manager or Sales.

To get started building with Identity, see Add Identity to your App.

If you're ready to launch to Production, see the Launch Center.