CONSENT VERIFICATION

Consent Verification With Verifiable Proof

Merchant-defined consent text on a handwritten or printed note. Active proof for payouts, recoveries, and high-risk changes. Verified in under ten seconds.

Request Demo Contact Us

Consent Verification proto — merchant-defined statement capture with handwritten or printed note flow

EVIDENCE THAT HOLDS UP IN AUDITS, DISPUTES, AND CHARGEBACKS

Built for Defensible Proof, Not Just Liveness

99.7%

OCR accuracy

<10s

decision time

150+

languages and scripts

Trusted By 2000+ Clients Worldwide

BUILT FOR HIGH-RISK ACTIONS THAT STAY DEFENSIBLE

Liveness Confirms Who. Consent Verification Confirms What They Authorised

Proof of the Exact Action, Not Just Presence

MERCHANT-DEFINED TEXT PER TRANSACTION

Merchants submit the exact text per transaction. The user writes or prints it, with an optional signature, creating proof the right person approved the exact action.

FOUR STEPS, NO CUSTOM UI

Delivery, capture, and verification complete in four steps without any UI rebuild on the merchant side.

Request a demo

Four-step consent flow — merchant text submission, user writes the note, OCR plus face match, and the evidence bundle export.

A Physical Note Beats a Recorded Face

CAPTURE THAT HOLDS UNDER REAL CONDITIONS

Shufti's capture engine handles poor lighting, angled shots, and partial occlusion to keep the flow clean under real-world conditions.

LIVE FACE MATCHING WHEN IT COUNTS

When face is enabled, live face matching pairs with the note to verify the genuine account holder, not just a photo or injected media.

Request a demo

Live capture with face and note paired — replay, deepfake, virtual camera, and presentation attacks blocked by physical-artefact verification.

Handwriting That Does Not End in Manual Review

OCR ACROSS MULTIPLE SCRIPTS AND LANGUAGES

Shufti's OCR handles multiple scripts and languages and returns a full evidence bundle ready to export in PDF or JSON for any audit or dispute.

SESSION RECORD CAPTURED AUTOMATICALLY

Captured note, matched text, device, IP region, and capture duration are all recorded at verification time.

Request a demo

Evidence bundle TX-7421 — captured note, OCR across 150+ scripts, session metadata, and tamper-evident hash, exportable as PDF or JSON.

Built for Compliance: Go live in minutes with our flexible API and lightweight SDKs

Single API, Seamless Integration

Build fully customisable verification flows with seamless backend integration.

Gain full control by customising verification flows end-to-end.
Integrate seamlessly with your backend for quick implementation.
Design flexible verification journeys tailored to your users.

Explore API Docs

Launch a native verification experience in your mobile app within minutes.

Launch native verification within minutes on iOS or Android.
Use ready-made UI with camera, capture, and real-time feedback.
Customise flows to fit seamlessly into your mobile app.

Explore SDKs Docs

Run Shufti within your own identical-capability infrastructure for maximum data control and privacy.

Keep all sensitive information in-house to meet strict governance and data residency requirements.
Keep sensitive information fully private and secure in-house.
Deploy in highly regulated sectors without compromising compliance.

Contact Sales

Quickly launch identity verification through a secure, customisable web link, no code required. Learn more.

Start verifying users instantly with a no-code setup.
Deliver a consistent identity experience via a link or embedded iframe.
Deploy quickly via a secure link or embedded iframe.

Explore API Docs

With KYC Journey Builder, create personalised verification journeys without writing a single line of code.

Customise your journey effortlessly with drag-and-drop functionality.
Instantly see how your verification flow looks for your users.
Easily connect with Hosted Verification for a consistent, branded experience.

Explore More

WHERE CONSENT VERIFICATION FITS BEST

Built For Regulated & High-Risk Businesses

Marketplaces Seller Upgrades Verified, Disputes Prevented

Upgrade buyers to sellers and enable payouts without repeating KYC across the journey, even as risk increases.

Learn More Try Now

Frequently Asked Questions

What does Consent Verification actually prove?

It proves the user actively presented the exact text the merchant submitted, creating a verifiable evidence record that the user approved a specific action: a withdrawal, payout change, device change, account recovery, or any merchant-defined event. The evidence bundle carries the captured artefact, matched OCR output, timestamp, session metadata, and a tamper-evident hash.

How is this different from liveness?

Liveness confirms the person is live on camera. It does not confirm what the person authorised. Consent Verification adds the authorisation layer by verifying a transaction-specific physical artefact carrying merchant-submitted text. Motion-based prompts are replayable by injection tools; a physical note with dynamic text is mathematically harder to fake in real-time.

How does it resist video-injection and deepfake attacks?

Two layers. First, capture requires a physical artefact with dynamic merchant-submitted text rendered in real-time lighting, shadow, grain, and hand interaction. Second, when face is enabled, the face layer applies iBeta PAD Level 2-tested passive and active liveness. The combined pipeline blocks the majority of replay, emulator, and virtual-camera injection attempts.

Can the consent text be customised?

Yes. Merchants submit the exact text per transaction via REST API, 4 to 400 characters, with dynamic tokens (transaction ID, amount, date, merchant-defined fields) substituted at request time. Pre-configured templates support onboarding, payout, recovery, and device-change flows.

Can face capture be required, optional, or prohibited?

All three. Face-required for high-risk actions (crypto withdrawals, payout changes), face-optional for mid-risk step-ups, and face-prohibited where biometric-consent law (BIPA, TDPSA, Washington MHMDA) makes face capture undesirable. Configurable at account level with per-transaction override.

What if the user cannot handwrite the note?

Three fallbacks: the user may print the text and present the printed copy; type the text in a merchant-provided form and present the typewritten output; or the merchant may switch to face-match-only at a lower assurance level. Accessibility accommodations are configurable per jurisdiction.

Where is data processed and what retention applies?

Data is processed in the merchant-selected region — EU (Frankfurt, Dublin), UK (London), US (Virginia, Oregon), APAC (Singapore, Tokyo, Mumbai), or MENA (Bahrain) — and does not leave that region by default. Retention is client-configurable 30 days to 10 years. DPA and SCC on request.

Can Consent Verification deploy on-premises or private cloud?

Yes. Consent Verification is a first-party Shufti capture technology: Shufti owns the OCR stack, face-match stack, and policy engine end-to-end, and they run on infrastructure the customer can isolate. Supported models include regional public cloud, dedicated private cloud, on-premises, and air-gapped deployment for regulated environments.

Which certifications apply?

PCI DSS applies at company level to cardholder-data handling. ISO 27001 and SOC 2 Type II scope and current status are confirmed on request under NDA. iBeta PAD Level 2 applies to the live-face-match component when face is enabled. ETSI conformity for electronic identification is in progress. DHS RIVR 2025 applies upstream to Shufti document verification, which Consent Verification can be layered onto.

Secure High-Risk Transactions with Action-Tied Consent

Stop liveness bypasses at the transaction layer. Shufti anchors cryptographic user consent to specific high-value actions, running automated first-party OCR checks to validate explicit authorization in real time.

Request A Demo View the Consent API Reference