Introduction to Identity

Plaid's Identity product helps you verify users' identities by accessing information on file with their financial institution. Using Identity, you can access a user's phone number, email address, mailing address, and name. This can be used for prefilling account information, as well as for verifying with a trusted source that information they provided about themselves is correct. Fraud reduction and complementing of Know Your Customer (KYC) compliance are common applications for Identity. Identity can be used to verify both depository-type accounts, such as checking and savings accounts, and credit-type accounts, such as credit cards.

Depending on your use case, you may want to verify the identity of all users, or only some. For example, you might want to verify the identity of any user initiating a funds transfer, or you might only verify users who you have identified as being higher risk, based on data such as email address, location, financial institution, or activity patterns.

Identity data includes owners names, addresses, email address, and phone numbers. In the case of an Item containing accounts with multiple owners, all owners' information will be provided.

"owners": [
  {
    "addresses": [
      {
        "data": {
          "city": "Malakoff",
          "country": "US",
          "postal_code": "14236",
          "region": "NY",
          "street": "2992 Cameron Road"
        },
        "primary": true
      }
    ],
    "emails": [
      {
        "data": "accountholder0@example.com",
        "primary": true,
        "type": "primary"
      }
    ],
    "names": [
      "Alberta Bobbeth Charleson"
    ],
    "phone_numbers": [
      {
        "data": "1112223333",
        "primary": true,
        "type": "home"
      }
    ]
  }
]

The /identity/get endpoint provides you with several pieces of information. While email address, phone number, and address are usually available, only name is guaranteed to be available; other fields are nullable.

Identity is guaranteed to return name data, making name matching a reliable way to verify identity. In some cases, slight differences can appear between data returned by Identity and data provided by legitimate users. For example, a user might omit their middle name in your application, or provide a shortened version of their legal name. There are several techniques you can implement to reduce the chance of these mismatches, including substring matching, string cleaning to remove data such as initials and suffixes, or applying a fuzzy matching algorithm, for which many open-source implementations are available.

Matching email addresses can be done straightforwardly. You can also match a phone number after transforming it to the same format as the phone number that you have obtained from your user.

The easiest form of address matching is the matching of city names, regions, and postal codes, after ensuring that you have transformed these into the same format that you have obtained from your user (for example, making sure that any zip code is in a 5-digit format rather than a 9-digit format). Street addresses can be compared using the same techniques as described in the "Name" section to avoid any mismatches caused by slight inconsistencies.

It is recommended to provide a manual backup option in case a user's identity cannot be automatically verified. This can include uploading ID documentation such as a drivers license or passport, or banking information such as a voided check or bank statement.

Identity can be tested in Sandbox against test data without contacting Plaid. In order to test Identity against live Items in either Development or Production, you will need to first request access by submitting a product access request Support ticket explaining your use case.