NFC VERIFICATION
NFC Verification That Builds Trust with Every Tap
Tap to verify passports and NFC-enabled IDs against issuer-signed credential data across 140+ countries. Shufti confirms document authenticity cryptographically, detects tampering and cloning, and matches the holder via embedded portrait, document photo, and face with liveness.
NFC Verification for Regulated Flows
NFC Verification, Built for Remote ID Authentication
Advanced Document Authentication
Shufti reads the NFC-enabled credential embedded in e-ID documents, where the data is digitally signed and encrypted. Forging or tampering with the issuer-signed information becomes near impossible.
Electronic forgery can defeat printed security patterns like guilloche, OVI, and rainbow prints. Hardware-secured verification bypasses surface checks entirely and reads the issuer-signed truth directly.
ICAO 9303 already mandates eMRTD-enabled passports and IDs across 150+ countries. Shufti's NFC verification meets the standard and detects criminal attempts instantly during onboarding.
Verification Flow
The user photographs their ID document. Shufti reads the Machine Readable Zone (MRZ) to extract the data needed to unlock secure access to the document’s NFC credential.
The user taps their document against their phone. Shufti opens a secure NFC session, reads the credential data, verifies issuer signatures, and confirms the document has not been tampered with or cloned.
The high-resolution portrait stored on the credential is compared against a live selfie with liveness detection. This confirms the person holding the document is the person it belongs to.
Data Extraction & Review-Ready Outputs
Reads DG1 for identity and document details, DG2 for the high-resolution portrait, and DG14/DG15 for security and key material when present.
Returns first name, last name, personal number, gender, date of birth, expiry date, serial number, document type, nationality, issuer authority, permanent address, place of birth, telephone, issuing authority, issue date, and the high-resolution eKYC proof face (DG2 portrait). Additional fields returned when present on the document.
Credential-to-document mismatches and handling errors are surfaced before the decision is returned. Final output includes decision signals, certificate validation status, and supporting reasons in one structured payload, ready for compliance review and audit.
Verify Every User Across Every Market
Single API, Seamless Integration
Build fully customisable verification flows with seamless backend integration.
- Gain full control by customising verification flows end-to-end.
- Integrate seamlessly with your backend for quick implementation.
- Design flexible verification journeys tailored to your users.
Launch a native verification experience in your mobile app within minutes.
- Launch native verification within minutes on iOS or Android.
- Use ready-made UI with camera, capture, and real-time feedback.
- Customise flows to fit seamlessly into your mobile app.
With KYC Journey Builder, create personalised verification journeys without writing a single line of code.
- Customise your journey effortlessly with drag-and-drop functionality.
- Instantly see how your verification flow looks for your users.
- Easily connect with Hosted Verification for a consistent, branded experience.
Run Shufti within your own identical-capability infrastructure for maximum data control and privacy.
- Keep all sensitive information in-house to meet strict governance and data residency requirements.
- Keep sensitive information fully private and secure in-house.
- Deploy in highly regulated sectors without compromising compliance.
Industry-Specific Solutions
Built For Your Business
Chip-Verified Sellers, Not Just Verified Names
Re-entered sellers slip past name-only checks, letting off-boarded actors return under new identities. NFC verification anchors every onboarding to issuer-signed chip data, making seller cycling detectable across markets.
Don’t just take our word for it, hear from our customers
The Confidence Our Clients Share
The future of digital identity is defined by trust, interoperability, and regulatory alignment, so our partnership with Shufti reinforces DevCode Identity’s commitment to supporting our global customers with the most secure, best-in-class, compliant identity verification solutions available today.
Combining our Conversion Driven Compliance Orchestration Platform with Shufti’s global KYC and IDV capabilities allows our customers not only to navigate complex regulatory demands but also to maintain a seamless customer onboarding experience with the highest achievable conversion rates.
Global Alliances, DevCode
We’re proud to continue our partnership with Shufti as we expand into new jurisdictions.
Shufti’s verification technology not only strengthens our compliance framework but also ensures our players enjoy a smooth, secure onboarding experience.
WhiteHat Gaming
We ain to offer our clients and their traders the very best tools with which to do their jobs, we’re excited to be able to work with Shufti.
They’re a leading company, and we’re looking forward to offering their solutions to our clients through our CRM.
FX Back Office
The relationship with Shufti was born out of frustration with an existing provider, so we started our discussion with Shufti.
The reponse time was excellent, from the start of speaking to sales to getting up and running with the demo.
My EU Pay
TECHNICAL DEEP DIVE
Frequently Asked Questions
What documents support NFC verification?
Most modern biometric passports and national ID cards with an embedded contactless credential. Shufti supports 180+ countries through a single SDK.
Does NFC replace Document Verification?
No. NFC adds a cryptographic layer on top of document verification. The flow starts with a document scan, then uses NFC to increase assurance.
What does Shufti verify via NFC?
Issuer signatures to detect tampering, and where supported, document authenticity checks to reduce clone or emulation risk.
What data can be read via NFC?
First name, last name, personal number, gender, date of birth, expiry date, serial number, document type, nationality, issuer authority, permanent address, place of birth, telephone, issue date, and the DG2 portrait for biometric matching.
What are DG1 and DG2?
DG1 contains identity and document details. DG2 contains the high-resolution portrait used for face matching.
Which countries require NFC verification?
Turkey, Vietnam, and Thailand for certain regulated activities. The EU's eIDAS 2.0 is expected to expand requirements across member states.
What if the user cannot complete NFC?
The journey continues through standard document and biometric verification. Shufti's flow orchestration detects device capability and routes accordingly.
What are the deployment options?
Cloud or on-prem, running alongside other checks in the Shufti verification suite.
What is an NFC-enabled document?
An identity document with a contactless microchip. Follows ICAO 9303, ISO/IEC 14443, and BAC/PACE/EAC protocols. Stores personal data, biometric data, and digital certificates for authenticity verification.
Can NFC chip data be altered?
Not remotely. Identity data is stored in a secure element protected by BAC/PACE/EAC. Altering it requires compromising the issuing authority's signing keys or physical attacks on the chip, both requiring nation-state resources. Passive Authentication detects any unauthorized changes.
What happens to digital signatures if chip data is altered?
The SOD signature will not validate and Passive Authentication fails. If an attacker clones data and SOD to another chip, Active/Chip Authentication catches it by proving the chip holds a private key that cannot be copied.
Can an NFC chip be faked?
Cloning can pass Passive Authentication alone but fails Active/Chip Authentication. Emulation also fails without the chip's private key. Shufti's layered checks (Passive Auth, Active/Chip Auth, MRZ cross-check, biometric match with liveness) catch fraud at every level.
How does Shufti detect alterations or fakes?
MRZ-to-chip cross-check, Passive Authentication against ICAO PKD, Active/Chip Authentication for clone detection, PKI validation, and biometric matching (DG2 portrait vs. live selfie with liveness).
How does the verification process work?
(1) User photographs document, OCR reads MRZ. (2) MRZ data derives access keys. (3) User taps document to open NFC session, reads DG1, DG2, DG14/DG15. (4) SOD signature verified via ICAO PKD. (5) DG2 portrait matched against live selfie with liveness.
Add Cryptographic Proof to Onboarding
Verify passports and IDs with issuer-signed credential data and portrait matching with liveness. Clear outcomes your team can trust.
