Identity Document Upload

Learn about statement upload-based account ownership verification

Overview

In order to provide the user an additional way to verify their account ownership, Identity Document Upload can be used to upload a bank statement, verify that statement belongs to the account in question, and verify the ownership information on the statement. This feature is intended primarily for use with Items created via loginless Auth flows, such as Same-Day Micro-deposits, Instant Micro-deposits, or Database Insights.

Identity Document Upload is available as an add-on to Identity. For pricing details, and to request access to Identity Document Upload, contact your Plaid Account Manager or Sales.

To detect potential document fraud or document tampering during the Identity Document Upload flow, you can use the optional Fraud Risk feature, which scans for over two dozen different fraud signals in categories such as visual evidence of tampering, suspicious metadata, inconsistent contents, and similarity to known fraudulent documents.

Implementation

To use Document Upload, you will first create the Item with another product such as Auth or Transfer. Then, run Link in update mode with the following parameters (in addition to the required fields):

  • The products array set to ["identity"].
  • The identity.account_ids array should contain the account_id of the account to verify. Currently, only one account_id can be specified.
  • identity.is_document_upload should be set to true.
  • (Optional) to enable Fraud Risk, set identity.parsing_configs to ["ocr", "risk_signals"]
1curl -X POST https://sandbox.plaid.com/link/token/create \
2-H 'Content-Type: application/json' \
3-d '{
4  "client_id": "${PLAID_CLIENT_ID}",
5  "secret": "${PLAID_SECRET}",
6  "client_name": "Insert Client name here",
7  "products": ["identity"],
8  "access_token": "Insert access token here",
9  "identity": 
10    {
11      "is_document_upload": true, 
12      "account_ids": ["ZXEbW7Rkr9iv1qj8abebU1KDJlkexgSgrLAod"], 
13      "parsing_configs": ["ocr", "risk_signals"]
14    },
15  "country_codes": ["US"],
16  "language": "en",
17  "user": {
18    "client_user_id": "unique_user_id"
19  }
20}'

During update mode, the end user will be prompted to upload a bank statement. After the statement has been uploaded and processed, Plaid will send an IDENTITY: DOCUMENT_UPDATE_AVAILABLE webhook. A "document_status": "OCR_PROCESSING_COMPLETE" field in the webhook body indicates that the statement was successfully parsed.

If the parsing is successful, you can call /identity/documents/uploads/get, which will return the identity data parsed from the document in the same format as /identity/get. This endpoint will also return a documents array -- for any given document in the array, if the metadata.is_account_number_match field is true, Plaid has verified that the account number on the document matches the account number known to Plaid. If it is false, the document does not substantiate the end user's ownership of the account. 

1"documents": [
2  {
3      "document_id": "1d107b7f-91fe-44c8-b8e9-325494addf5d",
4      "metadata": {
5          "document_type": "BANK_STATEMENT",
6          "is_account_number_match": true,
7          "last_updated": "2024-01-29T08:06:46Z",
8          "uploaded_at": "2024-01-29T08:06:46Z"
9      },
10      "risk_insights": {
11          "risk_signals": [
12              {
13                  "has_fraud_risk": true,
14                  "page_number": 0,
15                  "signal_description": "Creation date and modification date do not match",
16                  "type": "METADATA_DATES_OUTSIDE_WINDOW"
17              },
18              {
19                  "has_fraud_risk": true,
20                  "page_number": 0,
21                  "signal_description": "Adobe Acrobat",
22                  "type": "SOFTWARE_BLACKLIST"
23              }
24          ],
25          "risk_summary": {
26              "risk_score": 100
27          }
28      }
29  }
30],

If Fraud Risk was enabled, the document object will contain a risk_insights object, including details about potential risks detected in the uploaded document. The risk_insights.risk_summary.risk_score field will contain a score summarizing the risk of the document. If the score is 80 or higher, we recommend treating the account identity as unverified and potentially high risk and sending the user through a manual verification flow.

Testing Identity Document Upload

In the Sandbox, Plaid will not parse the uploaded bank statement and will instead return pre-populated test user data. Because of this, Sandbox will proceed much faster than Production; you should make sure your app can handle the asynchronous behavior of Production, in which the user's statement will be verified after they have completed Link, rather than during the Link session.

In Sandbox, you must provide a valid webhook URI in order to upload documents.