Identity Document Upload
Learn about statement upload-based Identity verification
Overview
In order to provide the user an additional way to verify their account ownership, Identity Document Upload can be used to upload a bank statement, verify that statement belongs to the account in question, and verify the ownership information on the statement. This feature is intended primarily for use with Items created via loginless Auth flows, such as Same-Day Micro-deposits, Instant Micro-deposits, or Database Insights.
Identity Document Upload is available as an add-on to Identity. For pricing details, and to request access to Identity Document Upload, contact your Plaid Account Manager or Sales.
To detect potential document fraud or document tampering during the Identity Document Upload flow, you can use the optional Fraud Risk feature, which scans for over two dozen different fraud signals in categories such as visual evidence of tampering, suspicious metadata, inconsistent contents, and similarity to known fraudulent documents.
Implementation
To use Document Upload, you will first create the Item with another product such as Auth or Transfer. Then, run Link in update mode with the following parameters (in addition to the required fields):
- The
products
array set to["identity"]
. - The
identity.account_ids
array should contain theaccount_id
of the account to verify. Currently, only oneaccount_id
can be specified. identity.is_document_upload
should be set totrue
.- (Optional) to enable Fraud Risk, set
identity.parsing_configs
to["ocr", "risk_signals"]
1curl -X POST https://sandbox.plaid.com/link/token/create \2-H 'Content-Type: application/json' \3-d '{4 "client_id": "${PLAID_CLIENT_ID}",5 "secret": "${PLAID_SECRET}",6 "client_name": "Insert Client name here",7 "products": ["identity"],8 "access_token": "Insert access token here",9 "identity": 10 {11 "is_document_upload": true, 12 "account_ids": ["ZXEbW7Rkr9iv1qj8abebU1KDJlkexgSgrLAod"], 13 "parsing_configs": ["ocr", "risk_signals"]14 },15 "country_codes": ["US"],16 "language": "en",17 "user": {18 "client_user_id": "unique_user_id"19 }20}'
During update mode, the end user will be prompted to upload a bank statement. After the statement has been uploaded and processed, Plaid will send an IDENTITY: DOCUMENT_UPDATE_AVAILABLE
webhook. A "document_status": "OCR_PROCESSING_COMPLETE"
field in the webhook body indicates that the statement was successfully parsed.
If the parsing is successful, you can call /identity/documents/uploads/get
, which will return the identity data parsed from the document in the same format as /identity/get
. This endpoint will also return a documents
array -- for any given document in the array, if the metadata.is_account_number_match
field is true
, Plaid has verified that the account number on the document matches the account number known to Plaid. If it is false
, the document does not substantiate the end user's ownership of the account.
1"documents": [2 {3 "document_id": "1d107b7f-91fe-44c8-b8e9-325494addf5d",4 "metadata": {5 "document_type": "BANK_STATEMENT",6 "is_account_number_match": true,7 "last_updated": "2024-01-29T08:06:46Z",8 "uploaded_at": "2024-01-29T08:06:46Z"9 },10 "risk_insights": {11 "risk_signals": [12 {13 "has_fraud_risk": true,14 "page_number": 0,15 "signal_description": "Creation date and modification date do not match",16 "type": "METADATA_DATES_OUTSIDE_WINDOW"17 },18 {19 "has_fraud_risk": true,20 "page_number": 0,21 "signal_description": "Adobe Acrobat",22 "type": "SOFTWARE_BLACKLIST"23 }24 ],25 "risk_summary": {26 "risk_score": 10027 }28 }29 }30],
If Fraud Risk was enabled, the document
object will contain a risk_insights
object, including details about potential risks detected in the uploaded document. The risk_insights.risk_summary.risk_score
field will contain a score summarizing the risk of the document. If the score is 80 or higher, we recommend treating the account identity as unverified and potentially high risk and sending the user through a manual verification flow.
Testing Identity Document Upload
In the Sandbox, Plaid will not parse the uploaded bank statement and will instead return pre-populated test user data.