Face Verification
Address Verification
Document Verification
Age Verification
VideoIdent
Fast ID
eIDV
Consent Verification
NFC Verification
Business Verification
Due Diligence
Investor Verification
E-Signature
QES
AML Screening
Transaction Monitoring
Adverse Media
Business AML Screening
PEP & RCA
Sanctions
Watchlist
Behavioural Biometrics
Device Fingerprinting
Biometric Face Authentication
MFA
Fraud Hub
Onboarding
Ongoing Monitoring
KYC
KYB
KYI
Age Assurance
Identity Verification
Workforce IAM
Candidate Verification
Compliance
Fraud prevention
Trust & safety
Global expansion
Product Managers
Compliance Officers
Fraud Analysts
Developers
Deepfake
Bonus Abuse / Promotion Abuse
Account Takeover
Synthetic Identity Fraud
Document Fraud
Impersonation Fraud
Multi-Accounting
Fraud Networks
Chargeback Fraud
Money Mule Activity
Party Fraud
Regulatory & Compliance Risks
Fintech
Crypto
iGaming
Forex
Social Network
Marketplace
Banking
Gig Economy
Payments
Ride Hailing
Adult Content
Blind Spot Audit
Deepfake Detector
Liveness Spoofs
Document Originality
Document Deepfake
Global Trust Platform
Journey Builder
Case Management
Shufti AI
Fraud Analytics
Vendor Comparison
Brand Personalisation
IDV Modes
AI Compliance Co-Pilot
OCR
Secure Capture
Deployment Options
Identity Methods
API Documentation
Mobile SDKs
Service Status
Help Center
Contact Us
Technical Support
Supported Documents
Supported Countries
Content library
Blogs
News
Reports
Insights
Knowledgebase
ROI calculator
About
Career
Press Release
Certifications
Partnership
Awards
Events & Webinar
Interactive Demo
Podcast Studio
Spotlight Studio
Ride-Hailing
Driver Verification, Rider Safety, And Regulator Compliance In One Platform
Shufti covers driver onboarding, shift-start re-authentication, rider identity, and AML compliance across 240+ regions actively processed; without separate vendors for each check.
Proven Performance
Our Impact, By The Numbers
- <30sMedian Time-to-Decision
- 4,000+Watchlists Screened
- 240+Regions Actively Processed
Trusted by Leading Digital Enterprises Worldwide
Compliance Without Compromise
Why Ride Hailing Platforms Choose Shufti
-
Meet the Regulator on Their Terms
Transport for London made DBS Update Service registration mandatory from February 2024. New York's TLC requires quarterly DMV LENS checks. The EU Platform Work Directive restricts one-to-many biometric identification from December 2026. Shufti maps each requirement to the specific capability and audit artefact the regulator asks for, so TNC licence renewals and DBS compliance checks do not become engineering projects.
-
Stop Account Sharing Before It Becomes a Liability
The UK Home Office issued 1,508 civil penalty notices to gig-economy platforms in a nine-month period ending March 2025, with fines reaching £60,000 per illegal worker for repeat breaches. Driver account sharing is the primary vector. Shufti's iBeta Level 3 shift-start authentication confirms the verified driver is the person operating the vehicle, at every shift, not just at onboarding.
-
Onboard Drivers Without Slowing Supply
A KYC decision time under 30 seconds across 240+ regions actively processed means driver onboarding verification before they abandon the application. Document expiry monitoring eliminates the manual chasing of licences, insurance certificates, and work permits, so compliance overhead does not grow with fleet size.
Secure Every Stage Of The Ride-Hailing Lifecycle
Driver Sign Up
Automated Account Creation
Fraudsters run scripts to mass-register driver accounts for ride-hailing platforms, farming sign-up bonuses and referral payouts before a single real trip is taken. Proprietary Device Fingerprinting catches emulator stacks and rotating proxies at first contact. Behavioural Biometrics kills the attempt at registration. No bot produces the dwell times and touch patterns of a real driver completing an application.
Synthetic Identity Registration
A fraudster stitches a synthetic driver identity from stolen PII and fabricated contact details. It passes basic format checks but has no real person behind it. eIDV independently cross-references the submitted identity against government, telco, and credit bureau records simultaneously. No matching footprint means the registration does not proceed.
Duplicate Sign-Up
A fraudster opens multiple driver accounts under name variations or borrowed IDs to stack sign-up bonuses. 1:N Facial Deduplication checks every new registration selfie against the full driver database. The same face cannot hold two accounts regardless of the name on the document. Device Fingerprinting catches duplicate registrations sharing the same handset across different identities.
Underage Driver Registration
A minor submits a parent's driving licence to register as a driver, bypassing the platform's minimum age requirement. Age Verification extracts the date of birth from the submitted document and flags the discrepancy. Facial Biometrics then confirms the live applicant's approximate age against the document. A teenager presenting an adult parent's ID does not produce a matching face.
Stolen Identity Registration
A fraudster registers a driver account using stolen PII from a data breach, using someone else's name, address, and date of birth. eIDV cross-references the identity against government, telco, and credit bureau records simultaneously. A stolen identity rarely has all three data points align. Facial Biometrics confirms the selfie belongs to the document holder, not the fraudster wearing their identity.
Referral Bonus Abuse
Fraudsters self-refer or generate chains of fake referrals to harvest driver sign-up incentives at scale, often operating across dozens of devices. Device Fingerprinting links referred accounts back to the referrer through shared hardware signatures, exposing self-referral rings even when different phone numbers and email addresses are used. 1:N Facial Deduplication confirms that each referred driver is a genuinely distinct person. The same face appearing across multiple referred accounts terminates the chain.
Geolocation Spoofing at Sign-Up
A driver located in a restricted or high-risk jurisdiction declares a false address and uses a VPN to make their IP match the claimed location. Device Fingerprinting detects VPN clients, GPS spoofing applications, and emulated location data at the OS level. The declared location and the device's actual signals rarely align. Address Verification cross-references the submitted address against independent data sources, and a fabricated address in a clean jurisdiction leaves no matching footprint.
Identity and Document Verification
Fake Driving Licence
A fraudster submits a dark-web forged driving licence that looks authentic but carries no genuine security features. Document Verification runs forensic tamper detection across any government-issued document, checking MRZ integrity, font consistency, and hologram presence. A purchased fake fails instantly. NFC Verification reads the cryptographic chip in e-passports and modern licences. A printed fake has no chip to read.
Document Tampering
A driver edits a genuine driving licence, swapping the photo, altering the expiry date, or changing the licence number. Document Verification runs micro-forensic checks across font weight, print depth, MRZ alignment, and field-to-field coherence. eIDV cross-references the extracted data against live government records. A date or number that does not match triggers an immediate flag.
Deepfake / AI Face Attack
An attacker feeds an AI-generated face video or a static synthetic image into the selfie step, attempting to spoof the biometric check. Facial Biometrics at iBeta Level 3 uses 3D depth mapping and micro-movement analysis to reject any non-live representation. Injection Detection operates at the OS level before capture begins, blocking virtual camera drivers attempting to pipe pre-recorded footage into the verification stream.
Camera Injection Attack
A fraudster bypasses the device camera entirely using virtual camera software, feeding pre-recorded footage or AI-generated images directly into the selfie step. Injection Detection identifies virtual camera drivers and frame-injection markers at the OS level before the liveness check begins. Device Fingerprinting flags a handset running virtual camera software as a high-risk signal, compounding the rejection.
Right-to-Work Document Fraud
A driver without legal work authorisation submits a forged biometric residence permit, fake visa, or altered immigration document. Document Verification checks authenticity against any government-issued document, catching forgeries that pass the naked eye. eIDV cross-references the extracted immigration status against government records. A claimed right-to-work with no matching legal footprint is flagged immediately.
Identity Pack Fraud
Dark-web identity kits bundle a forged driving licence with a matched synthetic selfie, designed to defeat document-plus-selfie checks together. NFC Verification breaks the attack at the root: a purchased fake has no cryptographic chip, so the reading returns no result. Facial Biometrics then rejects the synthetic selfie that came with the kit.
Re-verification Spoofing
A driver who passed initial KYC sends a photo print or pre-recorded video during a periodic selfie re-check, allowing an unverified person to operate the account. Facial Biometrics at iBeta Level 3 rejects static images and video replay through certified liveness detection. Injection Detection ensures the stream is genuinely from the device's live camera, not piped in through virtual camera software.
Background Screening
Sanctions and Watchlist Evasion
A sanctioned individual registers using an alias, a transliterated version of their name, or a slight spelling variation designed to slip past keyword-match screening systems. AML Screening applies fuzzy matching across 4,000+ watchlists and 215+ sanctions regimes in 80+ languages. Phonetic variants, transliterations, and common alias patterns are checked automatically. A match at any confidence threshold above the configured sensitivity triggers a hold and routes the case to the compliance team before the driver account is activated.
Criminal History Concealment
A driver with a relevant conviction has their criminal history covered only in regional-language publications that English-only media screening tools miss entirely. AML Screening covers adverse media across 50,000+ sources in 80+ languages, with automated severity classification that distinguishes financial crime from minor civil matters. Due Diligence adds structured research on individuals who pass automated checks but present other risk signals, ensuring language coverage gaps do not become compliance gaps.
PEP Onboarding Without Enhanced Due Diligence
A politically exposed person joins the platform without any enhanced due diligence being triggered, either because the screening tool misses lower-tier PEP classifications or because close associates are not in scope. AML Screening classifies PEPs across four tiers, including family members and known close associates, and automatically triggers an enhanced due diligence workflow for any match. The EDD workflow routes the case to the compliance team with the PEP classification, tier, and associated risk signals pre-populated, so the review starts with context, not a cold record.
High-Risk Jurisdiction Misrepresentation
A driver based in a sanctioned or high-risk jurisdiction declares a clean-country address and pairs it with a VPN to make their IP appear consistent with the false declaration. Address Verification cross-references the declared address against independent data sources. A fabricated address in a low-risk country has no utility bills, credit records, or telco registrations to support it. Device Fingerprinting detects active VPN clients and flags IP-to-location discrepancies that indicate the device is not where the driver claims to be.
Right-to-Work Evasion
A driver without legal work authorisation submits convincing-looking immigration documents or uses a genuine document that has since expired, intending to start work before the platform catches the issue. eIDV cross-references immigration status and identity data against government records, and Document Verification confirms the document's authenticity and current validity through forensic field checks. Expiry monitoring then tracks the confirmed work authorisation date and triggers an automatic re-verification request before the permission lapses, removing the need for manual calendar tracking.
Fleet Operator UBO Concealment
A sanctioned beneficial owner structures a fleet company through nominee directors and layered holding entities to avoid appearing in any direct name-based screening. Due Diligence traces the full ownership chain from the registered entity to the ultimate beneficial owner, identifying each layer and cross-referencing it against the broader corporate structure. AML Screening then screens each identified UBO individually against 4,000+ watchlists, so a sanctioned individual hidden three ownership layers deep is still caught before the fleet relationship is activated.
Adverse Media Concealment
A driver's history of fraud or criminal activity is documented only in local-language news sources that English-only keyword screening tools do not index or translate. AML Screening covers adverse media across 50,000+ sources in 80+ languages, with automated severity scoring that ranks results by relevance and risk without requiring a human to triage every result. Due Diligence provides a structured research layer for cases where automated screening returns inconclusive results, ensuring that regional-language coverage gaps do not create blind spots.
Insurance Verification
Forged Insurance Certificate
A driver submits an expired or wholly fabricated insurance certificate to satisfy platform compliance requirements, intending to operate without valid cover. Document Verification validates the certificate against known insurer template signatures, checking security features, formatting consistency, and policy number structure that template fakes cannot replicate accurately. Expiry date extraction at onboarding means the platform receives an automated alert when the confirmed certificate date approaches, without a compliance team member tracking it manually.
Fake Vehicle Registration
A driver submits another vehicle's registration document or a fabricated one to place a non-compliant or unlicensed vehicle on the platform. Document Verification applies forensic field checks to the registration, checking font consistency, stamp authenticity, and plate number formatting, that catch high-quality fakes as well as obvious fabrications. eIDV cross-references the extracted vehicle data against registration databases where integration is available, confirming the plate is registered to the submitting driver and currently active.
Document Tampering on Vehicle Papers
A driver takes a genuine registration or insurance document and alters specific fields, changing the plate number, extending the expiry date, or substituting the named insured, to make an out-of-scope vehicle appear compliant. Document Verification runs field-level consistency checks across the entire document simultaneously: alterations to a single field disrupt the font weight, print depth, and alignment patterns that genuine documents maintain throughout. MRZ integrity checks on documents that carry machine-readable zones catch alterations that visual-only inspection routinely misses.
Insurance Expiry Evasion
A driver's insurance lapses after onboarding, but because there is no continuous monitoring in place, they continue operating and the platform only discovers the gap when an incident occurs. Document Verification extracts the confirmed expiry date at onboarding and stores it against the driver profile. Configurable alert thresholds trigger an automated notification and re-verification request to the driver before the date is reached, so the platform acts before the lapse, not after the incident.
Sub-letting to Uninsured Drivers
A verified and insured driver rents their vehicle and their active platform account to an unverified third party, who then operates trips under the verified driver's identity and insurance cover. Biometric Face Match requires a live selfie matched to the enrolled KYC biometric at shift start. The person activating the account must be the person who passed verification, not someone who borrowed the credentials. Facial Biometrics at iBeta Level 3 ensures that photo prints or video replays of the real driver cannot satisfy the shift-start check on the sub-lessee's behalf.
Phantom Vehicle Fraud
A driver registers a vehicle on the platform that does not exist, is already deregistered, or belongs to someone else, inflating fleet numbers or enabling earnings claims against trips that cannot have occurred. Document Verification cross-references vehicle document data for internal consistency, and eIDV checks extracted registration details against available registration records to confirm the vehicle is active and correctly attributed. Trip data anomalies, such as earnings claims from a vehicle that shares a device fingerprint with another registered car, are surfaced through Fraud Hub for Trust and Safety review.
Shift Start Authentication
Driver Account Sharing
A verified driver hands their phone and active app to a friend or family member, who has not been verified or background-checked, to operate trips under the verified driver's identity. Biometric Face Match requires a live selfie matched to the enrolled KYC biometric at every shift start. The person activating the account must be the person who cleared verification, not someone handed the device. Facial Biometrics at iBeta Level 3 ensures the check cannot be spoofed with a photo of the real driver held up to the camera by the person taking over the shift.
Background-Check Evasion via Fronting
A person who would fail a criminal history or licence check uses a verified driver as a front. The verified driver passes authentication at shift start, then hands the vehicle over. Biometric Face Match ties account activation to the biometrically verified individual: the shift cannot go live unless the person whose face matches the KYC record is present at that moment. Device Fingerprinting tracks whether the device activating the shift is consistent with the verified driver's known device history. A new or unfamiliar handset at shift start triggers additional checks.
Re-verification Spoofing
During a scheduled re-check, a driver holds up a printed photo or plays a video of their own face to let an unverified person satisfy the biometric step without being present. Facial Biometrics at iBeta Level 3 was certified with zero errors against physical artefacts including printed photos, screen replays, and 3D masks on consumer-grade iOS and Android devices. Injection Detection ensures the video feed originates from the live camera rather than from software feeding a pre-captured image into the biometric capture stream.
Sub-letting of Verified Accounts
A verified driver sells or rents their login credentials on grey-market platforms, sometimes for £300 to £500 per month, allowing unverified individuals to operate commercial trips under a clean driver profile. Biometric Face Match at shift start means credentials alone are worthless: the account cannot be activated without a live face match to the enrolled biometric of the verified driver. Device Fingerprinting flags the account when the shift-start device differs materially from the verified driver's known handset, surfacing account handoff attempts for Trust and Safety review.
Credential Theft at Shift Start
An attacker obtains a driver's login credentials through phishing or a data breach and attempts to activate the account for a shift without the driver's knowledge. Biometric Face Match means stolen credentials produce nothing: activating a shift requires a live biometric match, and the attacker does not have the verified driver's face. A new device triggering the shift-start check activates MFA and additional Device Fingerprinting signals, creating a multi-layer barrier that credential theft alone cannot clear.
Ghost Driver Activation
A suspended or deactivated driver attempts to reactivate their account by using retained credentials or a cloned device, intending to return to the platform under a ban. Device Fingerprinting cross-references the activating device against the deactivation record. Hardware linked to a banned driver profile is flagged before the shift-start biometric check even runs. Biometric Face Match then confirms the biometric match against the full account history including the deactivation record, preventing a suspended driver from slipping back through under their original identity.
Session Handoff Mid-Shift
A verified driver passes their authenticated phone to a different person mid-shift, after the shift-start check is already cleared, allowing an unverified individual to complete the remaining trips. Behavioural Biometrics monitors interaction patterns continuously throughout the shift. Typing cadence, touch pressure, swipe behaviour, and device handling change measurably when a different person picks up the phone. A detected mid-session change triggers a step-up re-authentication challenge, requiring the current device holder to pass a new biometric check before the session continues.
In-Trip Safety
Mid-Trip Driver Handoff
A driver who passed shift-start authentication hands their phone to a different person partway through a trip, putting a passenger in a vehicle with an unverified individual operating under a clean profile. Behavioural Biometrics monitors interaction patterns continuously throughout the active session: touch pressure, swipe behaviour, grip angle, and typing cadence change measurably the moment a different person handles the device. When the pattern deviation crosses a configured threshold, a step-up re-authentication challenge is issued to the device. The new holder cannot pass a biometric check tied to a different enrolled face.
Phantom Trip Fraud
Colluding driver and rider accounts generate fake trips between themselves, completing and paying for journeys that never physically occurred, to inflate driver earnings or drain rider credits. Fraud Hub correlates device signals across both accounts: colluding pairs typically share device infrastructure, register from the same location, or show suspiciously synchronised trip-completion patterns. Behavioural Biometrics adds a second signal. Real trips produce natural interaction patterns during navigation and trip management; phantom trips between coordinated accounts produce mechanical or absent interaction.
GPS Spoofing
A driver submits falsified GPS coordinates during a trip to show a longer route than actually driven, inflating the fare, or to place themselves in a surge zone they are not physically in. Device Fingerprinting checks sensor-level consistency across the device: GPS spoofing applications introduce discrepancies between location data, accelerometer readings, gyroscope output, and network triangulation that a genuine moving vehicle does not produce. Anomalous GPS patterns, including teleportation between coordinates, perfectly straight routes, or stationary sensor data during claimed movement, are flagged in Fraud Hub for review.
Passenger Identity Spoofing
A different person uses a legitimate rider's account to book and take a trip, either with the account holder's knowledge or after a takeover, creating a mismatch between the booked identity and the actual passenger. Biometric Face Match can be configured as a biometric step-up for high-risk or high-value trip categories, requiring the account holder to confirm their live face before the booking is confirmed. Behavioural Biometrics detects account handoff on the rider side. A person who did not create the account and is not familiar with its interaction history behaves differently from the registered holder.
Surge Price Manipulation
Coordinated groups of driver accounts cluster in a single area, sometimes using GPS spoofing to appear there without being physically present, to create artificial scarcity and trigger surge pricing. Fraud Hub surfaces cross-account coordination signals: accounts sharing device fingerprints, registering from the same address, or showing correlated GPS clustering are grouped and flagged as a coordinated ring. 1:N Facial Deduplication confirms whether multiple accounts in the cluster share the same underlying identity. A single person operating a surge ring across several driver profiles is identified and collapsed.
In-App Social Engineering
A fraudster uses trip context, the passenger's name, destination, or payment details visible in the app, to coerce personal information or a payment outside the platform. Fraud Hub monitors interaction anomalies during active trips, including unusual in-app messaging patterns and trip deviations that correlate with known social engineering sequences. Behavioural Biometrics provides a background signal: a driver interacting with the app in ways that deviate from their normal trip-management behaviour, including extended stops, unusual input patterns, or off-route activity, contributes to a real-time risk score.
Rider Onboarding and Payments
Rider Bot Account Creation
Automated scripts mass-register rider accounts to harvest promotional credits and first-ride discounts, often cycling through thousands of phone numbers and email addresses from residential proxy pools. Device Fingerprinting identifies emulator signatures, headless browser patterns, and proxy rotation at the moment of first contact, before the registration even reaches the verification step. Behavioural Biometrics confirms the absence of natural human interaction: scripted sign-up flows move with mechanical consistency that genuine users never produce.
Stolen Card / CNP Fraud
An attacker links a stolen payment card to a new or existing rider account, intending to fund fraudulent trips before the card is reported and the chargeback is raised. Device Fingerprinting scores the device adding the card against known fraud-associated hardware signatures. A handset with an existing fraud history adding a high-value card triggers an immediate risk flag. Fraud Hub monitors the velocity and pattern of card additions across all accounts from the same device cluster, surfacing card-testing rings that add multiple cards in quick succession.
Promo Multi-Accounting
A single person registers multiple rider accounts to multiply per-user discount credits and promotional ride vouchers, using name variations and different email addresses to avoid obvious duplication. 1:N Facial Deduplication checks every new rider selfie, where biometric verification is configured, against the full enrolled rider database, so the same face cannot hold two accounts regardless of the name used. Device Fingerprinting catches the accounts that do not go through biometric verification, linking registrations that share a device to a single underlying user.
Chargeback Fraud
A rider completes genuine trips over multiple weeks, then disputes all payments simultaneously, claiming the card was used without their authorisation, to recover fares for real journeys they took. Fraud Hub scores accounts on dispute pattern history, flagging riders whose chargeback rate and timing deviate from the normal distribution for their account age and trip volume. Behavioural Biometrics contributes consistent in-app behaviour data that confirms the account holder was actively using the account throughout the disputed period, creating an evidence record that contradicts the fraud claim.
Underage Rider Registration
A minor registers as a rider using a parent's identity document or a borrowed account, bypassing age restrictions on the platform. Age Verification extracts the date of birth from the submitted document and flags any registration where the document age does not meet the minimum threshold. Facial Biometrics confirms the live applicant's approximate age against the document. A teenager presenting an adult family member's ID does not produce a matching face, and the mismatch triggers a manual review flag.
SIM Swap to Hijack Rider Account
An attacker social-engineers the mobile carrier into porting the account holder's phone number to a SIM they control, intercepting SMS-based verification codes to take over the rider account. MFA configured through an authenticator app eliminates phone-number dependence entirely. TOTP codes are generated on the device itself and cannot be intercepted through a SIM swap. Biometric Face Match adds a biometric layer to account recovery flows so that a stolen phone number alone is insufficient to reset access. The attacker must also produce the verified account holder's live face.
Geolocation Spoofing at Rider Sign-Up
A rider in a restricted market or a jurisdiction with higher pricing declares a false address and pairs it with a VPN to access promotional pricing or a market they are not supposed to be in. Device Fingerprinting detects active VPN clients and GPS spoofing applications at the OS level, and flags the discrepancy between the declared location and the device's actual network signals. Address Verification cross-references the declared address against independent data sources. A fabricated address in a low-cost market leaves no utility, credit, or telco footprint to support it.
Earnings and Payouts
Payout Account Takeover
An attacker who has gained partial account access, through phishing or a leaked password, attempts to redirect the driver's accumulated earnings to a bank account they control. Biometric Face Match requires a live biometric match to the enrolled KYC record before any payout destination change is processed. A password alone is insufficient to redirect earnings. A payout destination change from an unfamiliar device triggers additional Device Fingerprinting risk signals, creating a second barrier that credential theft alone cannot clear.
Money Mule Payouts
A driver account is used, knowingly or after being recruited through a fake job offer, to receive illicit funds presented as platform earnings and forward them to a third party. Transaction Monitoring detects third-party funding patterns and rapid outbound transfer sequences that do not match the account's normal earnings profile. AML Screening runs continuously against the driver's identity record, so if the account holder appears on a watchlist or adverse media after onboarding, the payout flow is flagged before funds move.
Structuring Payouts
A driver or criminal using a driver account splits earnings withdrawals into amounts consistently below AML reporting thresholds, a pattern designed to move large sums without triggering automated alerts. Transaction Monitoring analyses payout patterns over rolling time windows rather than individual transactions: consistent sub-threshold amounts from the same account produce a structuring signal that single-transaction monitoring misses. AML Screening cross-references accounts displaying structuring behaviour against watchlists, ensuring the pattern is connected to the underlying identity risk it may represent.
Fake Trip Earnings Inflation
Colluding rider-driver pairs generate artificial trips between themselves, completing and rating journeys that never occurred, to inflate driver earnings or drain rider credits. Fraud Hub correlates device signals across both accounts and flags pairs that share hardware, register from the same location, or complete trips with zero meaningful GPS displacement. Transaction Monitoring adds an earnings-to-trip-distance ratio check: a driver logging high earnings against implausible trip durations or distances is flagged for Trust and Safety review.
Fraudulent Payout Destination Addition
An attacker with temporary access, through a session token or a briefly unlocked device, adds their own bank account as a secondary payout destination before the account holder notices. Biometric Face Match requires a biometric step-up for every new payout destination addition, meaning session access or an unlocked phone is not enough to redirect earnings. Device Fingerprinting flags destination additions from unfamiliar devices as high-risk events, ensuring the risk signal is recorded even where the biometric step-up is configured as a secondary rather than primary control.
Money Laundering via Driver Earnings
Illicit funds are introduced through fake trips or inflated earnings records and extracted as driver payouts, using the platform's payout infrastructure as a layering mechanism. Transaction Monitoring monitors earnings-to-trip ratios, payout velocity, and income source concentration, flagging accounts where the earnings pattern cannot be explained by genuine trip activity. AML Screening ensures the driver identity is checked continuously against sanctions lists and adverse media, so a driver who becomes a laundering vector after a clean onboarding is caught when their risk profile changes.
Account Maintenance
Password Reset Account Takeover
An attacker who has compromised a driver's email or phone number uses the reset flow to take over the account, relying on the platform treating a password reset as sufficient proof of identity. Biometric Face Match requires a live selfie matched to the enrolled KYC record as part of the reset flow. Email and phone compromise alone cannot unlock the account. MFA configured through an authenticator app adds a device-bound second factor that cannot be intercepted through SIM swap or email access.
Identity Detail Change to Evade Screening
A driver who has received an AML flag attempts to alter their registered name, date of birth, or address to create a cleaner profile and avoid the consequence of the original screening result. AML Screening is triggered automatically whenever a core identity field is changed. The updated profile is re-screened immediately rather than waiting for the next scheduled review cycle. Document Verification requires re-submission and re-authentication of identity documents for any change to name or date of birth, making unilateral alterations to core fields impossible without a full re-verification.
Licence Expiry Evasion
A driver's driving licence, work permit, or vocational licence expires after onboarding, but without active monitoring the platform has no mechanism to detect the lapse until an incident occurs. Document Verification extracts confirmed expiry dates from every verified document at onboarding and stores them against the driver profile. Configurable alert thresholds trigger an automated notification to the compliance team and a re-verification request to the driver before the expiry date is reached, so the platform acts before the lapse, not after the liability.
Fraudulent Bank Account Addition
An attacker with temporary access to a driver's session adds their own bank account as a withdrawal destination, intending to capture future earnings without the driver's knowledge. Biometric Face Match requires a biometric step-up for adding any new payout destination. A live face match to the enrolled KYC record is required, not just a valid session. Device Fingerprinting flags additions from unfamiliar devices as elevated-risk events, creating an additional signal for the compliance team even in cases where the biometric check passes.
Support Channel Social Engineering
An attacker contacts customer support impersonating the account holder, using PII obtained from a data breach or social media, to get account details changed, limits raised, or a verification step waived. Biometric Face Match is required for any account change actioned through a support interaction: no amount of PII knowledge substitutes for the enrolled driver's live face at the point of change. Fast ID enables a rapid biometric re-verification link to be sent to the account holder's device during a support interaction, confirming identity in seconds without requiring a full re-KYC flow.
Continuous Session Takeover
An attacker uses a stolen session token to access an authenticated driver account and make changes, adding payout destinations, altering contact details, or extracting data, without triggering a new login. Behavioural Biometrics monitors interaction patterns continuously: a different person operating an authenticated session produces measurable deviations in typing cadence, touch patterns, and navigation behaviour. When the deviation crosses a configured sensitivity threshold, Device Fingerprinting provides a corroborating signal and the session is challenged with a step-up re-authentication request.
Regulatory Review Evasion
A driver reduces or pauses suspicious activity in the period leading up to a scheduled DBS review or background check, then resumes the behaviour once the scheduled review is complete. AML Screening operates on an event-driven basis rather than a calendar cycle. Adverse media hits, watchlist changes, and transaction anomalies trigger alerts in real time regardless of where the account sits in a scheduled review timetable. Document Verification monitoring means licence and permit expiry alerts fire on the document's actual date, not on a compliance team's review schedule, removing the calendar-gaming opportunity entirely.
Suspension and Deactivation
Re-application Under New Identity
A deactivated or banned driver re-applies to the platform using different identity documents or by submitting a close associate's identity, intending to return under a clean profile while their ban remains active. 1:N Facial Deduplication checks every new applicant's selfie against the full database of enrolled driver biometrics, including all deactivated and rejected accounts. The same face cannot clear the biometric check under a new name or with new documents. The deactivation record is matched and the new application is flagged before it reaches the document verification stage.
Balance Extraction Before Deactivation
A driver who anticipates a compliance action, or has received a warning communication, initiates a full earnings withdrawal immediately before requesting account closure, attempting to move all funds before any hold is applied. Transaction Monitoring flags full-balance withdrawal events that follow a compliance communication within a configurable time window, enabling an automatic hold before the funds clear. Biometric Face Match is required for above-threshold withdrawals, creating a biometric record of the withdrawal attempt that becomes part of the compliance evidence chain.
Pre-SAR Account Closure
A driver requests account closure and invokes GDPR data erasure rights simultaneously, intending to destroy the transaction history and identity record that would otherwise support a Suspicious Activity Report. Regulatory retention obligations override erasure requests: Transaction Monitoring and AML Screening both retain their records for the jurisdiction-mandated period regardless of the closure request. A final SAR eligibility check runs as part of the closure workflow before the account is deactivated, ensuring that a closure request triggered by a compliance event does not prevent the filing of a required report.
Ghost Account Reactivation
A suspended driver attempts to reactivate their account after a period of dormancy, using retained login credentials or a device that was not included in the original deactivation action. Device Fingerprinting cross-references the activating device against the deactivation record, flagging hardware previously associated with the banned profile before the biometric check is even requested. Biometric Face Match then requires a live face match against the full account history including the deactivation record. A suspended driver cannot slip back through under their original identity, regardless of the device used.
Biometric Identity Swap at Re-application
A deactivated driver submits new identity documents at re-application, claiming their original ID was lost or stolen, hoping that a different document set will allow them to pass verification as a new applicant. Facial Biometrics at iBeta Level 3 matches the current selfie against the originally enrolled biometric record: the face is the constant, not the document. Regardless of what new documents are presented, the biometric match to the deactivated identity profile triggers the flag. Document substitution alone cannot defeat a biometric-anchored deactivation record.
Credential Sale After Deactivation
A suspended driver sells their login credentials to a third party who was not covered by the original deactivation action, allowing an unrelated individual to attempt to access and operate the account. Biometric Face Match at shift start means the credentials are worthless without the suspended driver's live face. The new holder cannot produce a biometric match to the enrolled deactivation record. Device Fingerprinting flags the unfamiliar device attempting activation and routes the case to Trust and Safety, creating an audit record of the attempted credential sale even if the biometric barrier stops the access.
Built For Every Role That Owns The Onboarding Decision
Combine products across identity, compliance, and fraud defence to build a verification stack that meets your regulatory requirements; without rebuilding the integration each time the rulebook changes.
Head of Trust and Safety
Stop account sharing and ghost drivers with shift-start biometric re-authentication at every trip. Cross-session fraud memory prevents banned drivers returning under new identities.
Compliance Officer
Produce a regulator-ready audit trail for TfL, NY TLC, or CPUC in under five minutes. One data processor agreement covers every Shufti product. AML rule sets update continuously, no engineering required.
Head of Engineering
One REST API covers the entire driver and rider lifecycle. Single SDK for iOS, Android, and web. 99.95% delivered uptime. Sandbox available immediately, no sales call required.
Fraud Analyst
Fraud Hub surfaces the reason behind every flag before a case is opened. Cross-session fraud memory links rejected profiles to new applications. Phantom trip and earnings-inflation signals built in.
Everything you need to know in one place
Frequently Asked Questions
TfL mandates identity verification, enhanced DBS clearance via the DBS Update Service (mandatory from 26 February 2024), and right-to-work checks before any driver engagement. Operators must produce a booking register with real-time DBS status cross-referencing on demand. Shufti generates a per-driver audit record covering all three requirements and exports it in the format TfL licence renewals need.
ISO/IEC 30107-3 Level 3 is the highest independent certification tier for presentation attack detection. At shift start, the driver submits a live selfie that Shufti matches against the enrolled KYC biometric. Level 3 certification means the check rejects photo prints, video replays, 3D masks, and deepfake injection, so the only way to pass is to be the verified driver. Credentials alone cannot activate the account.
Shufti's Biometric Face Match runs a passive liveness check and biometric face match against the enrolled KYC record in under 30 seconds. Drivers complete the check on the same device they use for trips, no separate hardware. The result, confidence score, and timestamp are stored in the audit trail. Configurable thresholds determine when a failed check triggers manual review versus automatic hold.
The EU Platform Work Directive (2024/2831), with a member-state transposition deadline of 2 December 2026, restricts one-to-many biometric identification and mandates human-in-the-loop review logs for automated driver decisions. GDPR Article 28 requires a processor agreement covering biometric data. National frameworks, including Germany's PBefG, France's Code des transports, and Spain's VTC regulations, add jurisdiction-specific licensing requirements. Shufti's regulatory coverage map sets out the specific capability and audit artefact for each regime.
Yes. Cross-session fraud memory links biometric profiles from all previous sessions, including deactivated and rejected accounts, to new registration attempts. When a banned driver submits a new selfie, even with different documents or a changed name, the biometric match against the stored deactivation record triggers an alert before the new account is created.
Shufti extracts expiry dates from verified documents at onboarding, including driving licence, PHV or vocational licence, insurance certificate, and work permit, and stores them against the driver profile. Configurable alert thresholds trigger automated notifications to the platform's compliance team and, where configured, initiate a biometric re-verification request to the driver before the expiry date is reached.
Yes. Singapore's PDVL (Private Hire Car Driver's Vocational Licence) requires valid licence, PDVL course completion, and a 6-year refresher cycle, all tracked via document verification and expiry monitoring. UAE's RTA driver permit regime requires document authentication and criminal record clearance. Both are included in Shufti's regulatory coverage map alongside TfL, NY TLC, CPUC, Germany PBefG, and France VTC.
A sandbox environment is available immediately. The single REST API covers document verification, biometric liveness, AML screening, and transaction monitoring, eliminating the multi-vendor integration cycle. Shufti's Journey Builder allows compliance teams to configure verification flows per jurisdiction without engineering involvement once the API is live.
Evaluate Shufti Against Your Current Ride-Hailing Stack
TfL, the EU Platform Work Directive, and FATF Recommendation 16 require a verification architecture that connects driver onboarding identity to ongoing shift-start authentication and continuous AML monitoring. Point-solution stacks cannot share identity records, produce consistent audit trails, or update compliance rules from a single source. Evaluate whether your current stack meets that standard.