What Is VideoIdent? Complete Guide to Video Identity Verification

Deepfakes and synthetic identities are now the primary instruments behind targeted fraud. According to the World Economic Forum, sophisticated AI-powered fraud has risen 180% while broader identity fraud rates remain stable, meaning the growth concentrates at the highest-risk customer moments, including account recovery, large withdrawals, and tier upgrades. Automated document checks and liveness tests were not built for this level of risk. VideoIdent was.

What Is VideoIdent?

VideoIdent is an attended, live video-based identity verification method in which a trained agent confirms a customer’s identity through a real-time video session. The agent inspects the identity document, checks security features, performs a liveness challenge, and captures biometric face matching against the document photo. The session produces a complete, time-stamped evidence package ready for compliance review or fraud investigation.

This is distinct from the two other approaches. Automated document verification uses AI models with no human present in the session. Unattended video capture records the customer without a live agent observing. VideoIdent is attended and supervised from start to finish.

How VideoIdent differs from standard video KYC?

The term video KYC covers a wide range of implementations, some attended, some not. VideoIdent, as defined under Germany’s BaFin Circular 3/2017, is a specific supervised process requiring trained personnel, real-time document security feature inspection, structured liveness challenges, and session binding via TAN or OTP. BaFin treats a compliant VideoIdent session as the legal equivalent of a face-to-face identification. A video KYC implementation that skips any of these elements does not qualify as VideoIdent under German AML law.

For customers, the only equipment required is a smartphone or computer with a working camera, microphone, and stable internet connection. No specialist hardware or app download is needed.

How a VideoIdent Session Works?

A compliant session follows five stages.

Initiate. The customer triggers verification through an app or website. A risk engine determines whether automated checks are sufficient for this specific interaction or whether a live agent step is warranted, based on the action being taken, such as a withdrawal above a defined threshold or a PEP flag in screening.

Connect. The customer enters a live encrypted video session with a trained agent, typically within 20 to 30 seconds. For compliant deployments, agents are available 24 hours a day in multiple languages.

Verify. The agent checks at least three randomly selected security features on the identity document, including hologram, print detail integrity, and the photo or ghost image, along with MRZ validation. A liveness challenge follows. The customer moves their head and speaks a system-generated character sequence aloud, and the agent performs a biometric face match against the document photo.

Bind. A one-time TAN or OTP sent to the customer’s registered channel ties the session to the confirmed identity. Explicit consent is captured on camera with a timestamp before any evidence is recorded.

Evidence pack. The session produces a full audiovisual recording, document images with security feature annotations, a face comparison screenshot, a consent timestamp, a session binding confirmation, and a structured decision record with verification rationale.

Is VideoIdent a Legally Valid Identity Verification Method in Banking?

Yes, for organisations subject to Germany’s Geldwäschegesetz (GwG) and supervised by BaFin. Circular 3/2017 established VideoIdent as an AML-compliant remote identification method with the same legal standing as a face-to-face meeting. Austria’s FMA Online-IDV regulation covers comparable requirements for Austrian entities, adding structured screenshot standards and a typed numeric code as a second factor.

For legal validity, a session must include trained agents with annual qualification updates, inspection of a minimum of three random security features plus MRZ, a spoken random character sequence liveness challenge, TAN or OTP session binding, full audio and video recording, explicit on-camera consent before evidence creation, and five-year evidence retention.

Organisations that miss any of these elements do not produce a legally compliant VideoIdent record. When regulators examine flagged accounts, they look at the complete evidence trail. Partial packs become compliance gaps under examination.

Beyond Germany and Austria, video identity verification is gaining regulatory recognition across Southeast Asia, the Middle East, and Latin American markets as digital onboarding rules expand.

Which Industries Are Adopting VideoIdent?

Adoption concentrates at specific high-risk touchpoints rather than across all customer interactions.

Banking and fintech operations apply VideoIdent for account opening when automated checks return insufficient confidence, for PEP or sanctions flag reviews during onboarding, and for large withdrawal authorisation events.

Crypto exchanges deploy it at tier upgrade and payout moments, where account takeover rates run five times higher than in traditional finance.

Gaming and gambling operators use it to confirm identity for high-value payouts, multi-account investigations, and enhanced due diligence on high-activity accounts.

Healthcare platforms use VideoIdent for patient record creation, telemedicine access, and on-camera consent capture that meets data protection requirements.

Telecom operators apply it during SIM swap requests and identity re-verification campaigns.

The video KYC market is growing at 15.3% annually and is projected to reach approximately $1 billion by 2033, driven by regulatory expansion into non-financial sectors and the rise of AI fraud that makes human-in-the-loop review a practical necessity at high-risk touchpoints.

How Shufti VideoIdent Works in Real-World Scenarios?

Shufti’s VideoIdent solution is built around country-specific compliance flows rather than a single generic process. A German session includes TAN or OTP binding, three-feature document inspection, MRZ validation, and spoken character-sequence liveness as defaults. An Austrian session applies hologram tilt inspection, typed numeric code entry, and FMA-standard screenshot capture. Both produce complete evidence packs retrievable via API within seconds.

AI-generated faces and video injection attacks are now reaching attended video sessions, not just automated document checks. To address coached or scripted attempts, Shufti’s platform combines AI detection with human judgment. AI layers flag deepfake signatures and video injection attacks that human observation alone cannot catch. Trained agents assess response timing, environmental cues, and conversational behaviour that automated scoring cannot evaluate. Together, the two layers cover the gap that either approach leaves open on its own.

For customers in low-bandwidth or remote environments, agents control the pacing of inspection steps to reduce session failures from connection interruption. Sessions resume at the point of failure without restarting the full verification flow.

Recorded sessions are stored in EU-resident infrastructure and retained for five years under BaFin and up to ten years for certain FMA-governed record types. The evidence is retrievable via API for compliance reviews, internal investigations, and regulatory examinations.

Shufti’s agent model offers three configurations. Fully managed Shufti agents are available around the clock. A bring-your-own-agents option lets the client’s compliance team conduct sessions on Shufti’s infrastructure and evidence engine. A hybrid arrangement handles overflow and off-hours coverage. All three produce an identical, audit-ready evidence pack.

AML screening and face verification run within the same session, completing the full onboarding check without a separate integration point.

Conclusion

VideoIdent fills a specific position in the verification stack. It is the high-assurance option for moments where automated checks are not enough and regulators demand a defensible evidence record. The fraud environment is not softening. AI-powered sophisticated fraud is rising sharply while targeted attacks concentrate on the highest-value customer touchpoints. For organisations in DACH markets or managing high-risk customer segments globally, a compliant VideoIdent implementation is an operational requirement.

For a detailed implementation walkthrough, you can request a demo.