Shufti-Sphere-Website-Banner
burger-menu cross-icon-2

Resources

us

216.73.216.69

NFC VERIFICATION

NFC Verification That Builds Trust with Every Tap

Tap to verify passports and NFC-enabled IDs against issuer-signed credential data across 140+ countries. Shufti confirms document authenticity cryptographically, detects tampering and cloning, and matches the holder via embedded portrait, document photo, and face with liveness.

NFC Verification — tap-to-read passport mockup with Cryptographic Auth, Tamper Detection and 3-Way Face Match checks resolving to a Trusted result across 140+ countries
HIGH ASSURANCE ONBOARDING

NFC Verification for Regulated Flows

100%
Contactless read accuracy
180+
ePassport coverage
<5s
Tap to decision
Trusted by 2,000+ Clients Worldwide
cashew gemone HERO Gaming Bitget IronFX PENN National Rakuten Witzeal Noteris banxy
Built for Compliance: Go live in minutes with our flexible API and lightweight SDKs

Single API, Seamless Integration

Build fully customisable verification flows with seamless backend integration.

  • Gain full control by customising verification flows end-to-end.
  • Integrate seamlessly with your backend for quick implementation.
  • Design flexible verification journeys tailored to your users.
Explore API Docs
RESTful API img

Launch a native verification experience in your mobile app within minutes.

  • Launch native verification within minutes on iOS or Android.
  • Use ready-made UI with camera, capture, and real-time feedback.
  • Customise flows to fit seamlessly into your mobile app.
Explore SDKs Docs
Lightweight SDK image

With KYC Journey Builder, create personalised verification journeys without writing a single line of code.

  • Customise your journey effortlessly with drag-and-drop functionality.
  • Instantly see how your verification flow looks for your users.
  • Easily connect with Hosted Verification for a consistent, branded experience.
Explore More
On-Premise Deployment image

Run Shufti within your own identical-capability infrastructure for maximum data control and privacy.

  • Keep all sensitive information in-house to meet strict governance and data residency requirements.
  • Keep sensitive information fully private and secure in-house.
  • Deploy in highly regulated sectors without compromising compliance.
Contact Sales
On-Premise Deployment image

Industry-Specific Solutions

Built For Your Business

Chip-Verified Sellers, Not Just Verified Names

Re-entered sellers slip past name-only checks, letting off-boarded actors return under new identities. NFC verification anchors every onboarding to issuer-signed chip data, making seller cycling detectable across markets.

Don’t just take our word for it, hear from our customers

The Confidence Our Clients Share

The future of digital identity is defined by trust, interoperability, and regulatory alignment, so our partnership with Shufti reinforces DevCode Identity’s commitment to supporting our global customers with the most secure, best-in-class, compliant identity verification solutions available today.

Combining our Conversion Driven Compliance Orchestration Platform with Shufti’s global KYC and IDV capabilities allows our customers not only to navigate complex regulatory demands but also to maintain a seamless customer onboarding experience with the highest achievable conversion rates.

Mark Knighton
Chief Global Development Officer -
Global Alliances, DevCode

TECHNICAL DEEP DIVE

Frequently Asked Questions

What documents support NFC verification?

Most modern biometric passports and national ID cards with an embedded contactless credential. Shufti supports 180+ countries through a single SDK.

Does NFC replace Document Verification?

No. NFC adds a cryptographic layer on top of document verification. The flow starts with a document scan, then uses NFC to increase assurance.

What does Shufti verify via NFC?

Issuer signatures to detect tampering, and where supported, document authenticity checks to reduce clone or emulation risk.

What data can be read via NFC?

First name, last name, personal number, gender, date of birth, expiry date, serial number, document type, nationality, issuer authority, permanent address, place of birth, telephone, issue date, and the DG2 portrait for biometric matching.

What are DG1 and DG2?

DG1 contains identity and document details. DG2 contains the high-resolution portrait used for face matching.

Which countries require NFC verification?

Turkey, Vietnam, and Thailand for certain regulated activities. The EU's eIDAS 2.0 is expected to expand requirements across member states.

What if the user cannot complete NFC?

The journey continues through standard document and biometric verification. Shufti's flow orchestration detects device capability and routes accordingly.

What are the deployment options?

Cloud or on-prem, running alongside other checks in the Shufti verification suite.

What is an NFC-enabled document?

An identity document with a contactless microchip. Follows ICAO 9303, ISO/IEC 14443, and BAC/PACE/EAC protocols. Stores personal data, biometric data, and digital certificates for authenticity verification.

Can NFC chip data be altered?

Not remotely. Identity data is stored in a secure element protected by BAC/PACE/EAC. Altering it requires compromising the issuing authority's signing keys or physical attacks on the chip, both requiring nation-state resources. Passive Authentication detects any unauthorized changes.

What happens to digital signatures if chip data is altered?

The SOD signature will not validate and Passive Authentication fails. If an attacker clones data and SOD to another chip, Active/Chip Authentication catches it by proving the chip holds a private key that cannot be copied.

Can an NFC chip be faked?

Cloning can pass Passive Authentication alone but fails Active/Chip Authentication. Emulation also fails without the chip's private key. Shufti's layered checks (Passive Auth, Active/Chip Auth, MRZ cross-check, biometric match with liveness) catch fraud at every level.

How does Shufti detect alterations or fakes?

MRZ-to-chip cross-check, Passive Authentication against ICAO PKD, Active/Chip Authentication for clone detection, PKI validation, and biometric matching (DG2 portrait vs. live selfie with liveness).

How does the verification process work?

(1) User photographs document, OCR reads MRZ. (2) MRZ data derives access keys. (3) User taps document to open NFC session, reads DG1, DG2, DG14/DG15. (4) SOD signature verified via ICAO PKD. (5) DG2 portrait matched against live selfie with liveness.

Add Cryptographic Proof to Onboarding

Verify passports and IDs with issuer-signed credential data and portrait matching with liveness. Clear outcomes your team can trust.