CONSENT VERIFICATION
Consent Verification With Verifiable Proof
Shufti’s consent verification solution captures merchant-defined consent text on a handwritten or printed note, providing proof of consent for payouts, recoveries, and high-risk account changes in under ten seconds.
Built for Defensible Proof, Not Just Liveness
Liveness Confirms Who. Consent Verification Confirms What They Authorised
Proof of the Exact Action, Not Just Presence
Merchants submit the exact text per transaction. The user writes or prints it, with an optional signature, creating proof the right person approved the exact action. This process is powered by Shufti’s consent verification and shufti's consent verification software, enabling consent-based verification for every transaction.
Delivery, capture, and verification complete in four steps without any UI rebuild on the merchant side, using shufti's consent verification tools.
A Physical Note Beats a Recorded Face
Shufti's capture engine handles poor lighting, angled shots, and partial occlusion to keep the flow clean under real-world conditions. Shufti’s consent verification solutions ensure that each capture meets audit-grade standards.
When face is enabled, live face matching pairs with the note to verify the genuine account holder, not just a photo or injected media.
Handwriting That Does Not End in Manual Review
Shufti's OCR handles multiple scripts and languages and returns a full evidence bundle ready to export in PDF or JSON for any audit or dispute. Our consent verification solutions ensure that all evidence is tamper-proof and legally valid.
Shufti's OCR handles multiple scripts and languages and returns a full evidence bundle ready to export in PDF or JSON for any audit or dispute. Our consent verification solutions ensure that all evidence is tamper-proof and legally valid.
Single API, Seamless Integration
Build fully customisable verification flows with seamless backend integration.
- Gain full control by customising verification flows end-to-end.
- Integrate seamlessly with your backend for quick implementation.
- Design flexible verification journeys tailored to your users.
Launch a native verification experience in your mobile app within minutes.
- Launch native verification within minutes on iOS or Android.
- Use ready-made UI with camera, capture, and real-time feedback.
- Customise flows to fit seamlessly into your mobile app.
With KYC Journey Builder, create personalised verification journeys without writing a single line of code.
- Customise your journey effortlessly with drag-and-drop functionality.
- Instantly see how your verification flow looks for your users.
- Easily connect with Hosted Verification for a consistent, branded experience.
Run Shufti within your own identical-capability infrastructure for maximum data control and privacy.
- Keep all sensitive information in-house to meet strict governance and data residency requirements.
- Keep sensitive information fully private and secure in-house.
- Deploy in highly regulated sectors without compromising compliance.
WHERE CONSENT VERIFICATION FITS BEST
Built For Regulated & High-Risk Businesses
Seller Upgrades Verified, Disputes Prevented
Seller upgrades and payout releases without confirmed user authorisation leave no clear evidence trail. Shufti Consent Verification attaches verifiable proof of seller approval to every upgrade and payout event.
Don’t just take our word for it, hear from our customers
The Confidence Our Clients Share
The future of digital identity is defined by trust, interoperability, and regulatory alignment, so our partnership with Shufti reinforces DevCode Identity’s commitment to supporting our global customers with the most secure, best-in-class, compliant identity verification solutions available today.
Combining our Conversion Driven Compliance Orchestration Platform with Shufti’s global KYC and IDV capabilities allows our customers not only to navigate complex regulatory demands but also to maintain a seamless customer onboarding experience with the highest achievable conversion rates.
Global Alliances, DevCode
We’re proud to continue our partnership with Shufti as we expand into new jurisdictions.
Shufti’s verification technology not only strengthens our compliance framework but also ensures our players enjoy a smooth, secure onboarding experience.
WhiteHat Gaming
We ain to offer our clients and their traders the very best tools with which to do their jobs, we’re excited to be able to work with Shufti.
They’re a leading company, and we’re looking forward to offering their solutions to our clients through our CRM.
FX Back Office
The relationship with Shufti was born out of frustration with an existing provider, so we started our discussion with Shufti.
The reponse time was excellent, from the start of speaking to sales to getting up and running with the demo.
My EU Pay
Frequently Asked Questions
What does Consent Verification actually prove?
It proves the user actively presented the exact text the merchant submitted, creating a verifiable evidence record that the user approved a specific action: a withdrawal, payout change, device change, account recovery, or any merchant-defined event. The evidence bundle carries the captured artefact, matched OCR output, timestamp, session metadata, and a tamper-evident hash.
How is this different from liveness?
Liveness confirms the person is live on camera. It does not confirm what the person authorised. Consent Verification adds the authorisation layer by verifying a transaction-specific physical artefact carrying merchant-submitted text. Motion-based prompts are replayable by injection tools; a physical note with dynamic text is mathematically harder to fake in real-time.
How does it resist video-injection and deepfake attacks?
Two layers. First, capture requires a physical artefact with dynamic merchant-submitted text rendered in real-time lighting, shadow, grain, and hand interaction. Second, when face is enabled, the face layer applies iBeta PAD Level 2-tested passive and active liveness. The combined pipeline blocks the majority of replay, emulator, and virtual-camera injection attempts.
Can the consent text be customised?
Yes. Merchants submit the exact text per transaction via REST API, 4 to 400 characters, with dynamic tokens (transaction ID, amount, date, merchant-defined fields) substituted at request time. Pre-configured templates support onboarding, payout, recovery, and device-change flows.
Can face capture be required, optional, or prohibited?
All three. Face-required for high-risk actions (crypto withdrawals, payout changes), face-optional for mid-risk step-ups, and face-prohibited where biometric-consent law (BIPA, TDPSA, Washington MHMDA) makes face capture undesirable. Configurable at account level with per-transaction override.
What if the user cannot handwrite the note?
Three fallbacks: the user may print the text and present the printed copy; type the text in a merchant-provided form and present the typewritten output; or the merchant may switch to face-match-only at a lower assurance level. Accessibility accommodations are configurable per jurisdiction.
Where is data processed and what retention applies?
Data is processed in the merchant-selected region — EU (Frankfurt, Dublin), UK (London), US (Virginia, Oregon), APAC (Singapore, Tokyo, Mumbai), or MENA (Bahrain) — and does not leave that region by default. Retention is client-configurable 30 days to 10 years. DPA and SCC on request.
Can Consent Verification deploy on-premises or private cloud?
Yes. Consent Verification is a first-party Shufti capture technology: Shufti owns the OCR stack, face-match stack, and policy engine end-to-end, and they run on infrastructure the customer can isolate. Supported models include regional public cloud, dedicated private cloud, on-premises, and air-gapped deployment for regulated environments.
Which certifications apply?
PCI DSS applies at company level to cardholder-data handling. ISO 27001 and SOC 2 Type II scope and current status are confirmed on request under NDA. iBeta PAD Level 2 applies to the live-face-match component when face is enabled. ETSI conformity for electronic identification is in progress. DHS RIVR 2025 applies upstream to Shufti document verification, which Consent Verification can be layered onto.
Secure High-Risk Transactions with Action-Tied Consent
Stop liveness bypasses at the transaction layer. Shufti anchors cryptographic user consent to specific high-value actions, running automated first-party OCR checks to validate explicit authorization in real time.
