Skip to main content
Authentication enhancement and forgery prevention functions allow you to customize the security level and verification methods of identity authentication in ID check projects. You can build optimal identity verification processes that meet customer security requirements through ID forgery prevention, face authentication, additional authentication options, meta-information-based verification, etc.
Function Application by Identity Authentication Method
  • 🪪 ID document: ID photo-based identity authentication
  • 🧠 Knowledge-based: User input information-based identity authentication
Some options have interdependencies, so other options must be activated first to activate specific functions. For example, Selfie Process must be activated to use Face Duplicate Check.

Tab Structure

Authentication enhancement and forgery prevention settings consist of two tabs:
ID forgery prevention and face authentication related options
  • ID forgery prevention: MRZ check, driver’s license barcode (PDF417) check, ID liveness, streaming capture
  • Face authentication: Selfie process, face duplicate check, selfie liveness, face-based age verification

ID and Face Based

Set ID forgery prevention and face authentication related options.
ID and face based settings

ID Forgery Prevention

You can set security options to block forgery and fraud attempts during the identity verification process.

MRZ Check

Scans MRZ (Machine Readable Zone) existing on IDs to verify information accuracy. (e.g., bottom of passport)
MRZ check settings
SettingDescription
Name ThresholdCan proceed only when similarity exceeds the threshold when comparing MRZ with user-entered name.
Generally, when name order is changed, similarity of about 85 points is calculated. If typos are a concern, you can implement a stricter authentication system by setting a higher threshold.

Driver’s License Barcode (PDF417) Check

Scans barcodes of US, Mexico, and Canada driver’s licenses to verify information accuracy.
Driver's license barcode check settings
Supported Countries
  • United States (USA)
  • Mexico (MEX)
  • Canada (CAN)

ID liveness - ID Copy Detection

Can specifically detect forgery methods (presentation attacks) that frequently occur in ID-based authentication.
ID liveness settings
PipelineDescription
Screen ReplayDetects if ID is displayed on monitor or other displays
Paper PrintoutDetects if it is a paper printout form such as color print
Portrait ReplacementDetects if a photo is pasted on an actual ID
Detection Processing Method per pipeline: Each pipeline (Screen Replay / Paper Print / Portrait Replacement) can have its detection processing method configured independently.
ProcessingDescription
Retry — Request RetryBlocks subsequent progress and requests retry. (Rejected if retries accumulate. Default: 3 times)
Warning — Proceed After RecordingLeaves a record on the submission and proceeds. Warnings can be reviewed in submission detail.
When Retry and Warning occur simultaneously in settings between pipelines, it proceeds with Retry.
Apply Warning on Upload New in 2026-04 Each pipeline with Retry selected now exposes a sub-checkbox Apply Warning on Upload. When checked, the pipeline’s Retry is converted to Warning only when the user submitted the ID via Upload mode, because Upload-mode users have no way to recapture.
  • The checkbox can be configured independently per pipeline (e.g., enabled for Screen Replay and Paper Print but not for Portrait Replacement).
  • The checkbox appears only when Retry is selected. It is hidden when Warning is selected.
  • Submissions auto-converted to Warning under Upload mode appear in the Custom Policy list with the following values.
FieldValue
userDataTypeID_card_uploaded
relatedEngineID Liveness Screen replay
See the April 2026 update for details.

Expired ID New in 2026-04

Controls how submissions with an expired identification document are handled. Previously expired IDs were always rejected; you can now route them into Retry or Warning to match your policy.
Expired ID processing method setting screen
Processing Method for Expired IDs:
ProcessingDescription
Retry — Request Retry (default)Asks the user to resubmit their ID.
Warning — Proceed After RecordingBypasses both the Step 1 and Step 2 Expired ID conditions, records a Warning, and lets the submission continue through approval. The automatic Step 2 expiry-date reject is replaced with Approved + Warning.
Submissions approved in Warning state leave the following Warning data on the dashboard.
User DataRelated Engine
ID CardExpiry validation
User InputExpiry validation
A Warning condition has also been added to the Custom Policy Trigger list, so you can use expired-ID warnings as a trigger in your custom rules.
Example: older Korean passports whose expiry_date has already passed may still need to be accepted for hikorea lookups and internal records. Setting Expired ID to Warning lets those submissions through with only a Warning recorded, instead of being blocked at intake. See the April 2026 update for details.

Liveform Streaming Capture Only

Allows only real-time capture for both ID and selfie and blocks photo uploads to configure a live capture-based submission environment. Click the allow ID upload button to allow ID uploads.
Streaming capture settings
When streaming capture only option is activated, users cannot upload photo files and must submit ID and selfie through real-time camera capture. Must be used together when using active liveness.

Face Authentication

Set user authentication and verification options through face recognition.

Selfie Process

You can register user face information through face recognition. When used in ID document pipeline, it compares the portrait on the ID with the user’s Selfie.
Selfie process settings
SettingDescription
ThresholdSets the threshold to apply when comparing portrait with Selfie. (Default: 85 points)
Face OcclusionAuthentication fails when face is covered by glasses, mask, etc. during Selfie authentication. If multiple faces exist in the image, it checks based on the face closest to the camera.
Selfie Process UsageWhen selfie process is activated, you can use additional face authentication functions such as face duplicate check, selfie liveness, face-based age verification, etc.

Face Duplicate Check

You can check for duplicates with already approved person photos. Requires selfie process to be activated.
SettingDescription
ThresholdJudges duplicate criteria through face similarity with approved person photos.
Duplicate Face PolicyDetermines how to proceed with the process after detecting duplicates.
Duplicate Face Policy Options:
  1. Register and Proceed: Records duplicate submissions for the case and continues the process.
  2. Reject if Duplicate: Rejects authentication when duplicates occur above the set count.
To activate face duplicate check function, Selfie Process must be activated first.

Selfie Liveness

You can choose between Active mode (deepfake detection) and Passive mode (texture-based detection). Requires selfie process to be activated.
ModeDescription
Active ModeMode specialized for deepfake detection, performs biometric authentication by requesting specific actions from users.
Passive ModeTexture-based liveness detection, performs biometric authentication with images only without user actions.
SettingDescription
ThresholdSets the pass criteria for each mode. 85 points or above is recommended when having high security policies against forgery.
Mode Selection Guide
  • Active Mode: Can more effectively block deepfakes or presentation attacks, but user experience may become somewhat complex.
  • Passive Mode: User experience is more convenient, but detection rate may be lower than active mode for some advanced attacks.
Passive Face Auto Capture (2026-04)Passive-mode face capture in the liveform now uses Auto Capture — once the user aligns their face with the guide, capture completes automatically without any button press, and the capture standby time is reduced from 2 seconds to 1 second. See the April 2026 update for details.
When using active liveness, streaming capture only option must be used together.
Also, if user’s screen brightness is low, low scores may result.

Face-based Age Verification

A function that analyzes face images to estimate age range and verifies by comparing with set reference age. Provides age range (Low, High) rather than exact age, and verification criteria can be set by applying Buffer.
Face-based age verification settings
SettingDescription
Target ImageSelects the image to measure age information. Can choose between ID portrait or selfie photo.
Reference Age SettingCustomers can directly set a fixed age or choose to compare with age on ID (date of birth based).
Verification Success ConditionsCan set up to 3 conditions by combining Low, Median, High. Each condition verifies considering age range and Buffer.
Age Range and BufferFace-based age verification does not provide exact age but provides age range (Low, High) that the person likely belongs to. When verifying, Buffer can be applied to set verification criteria considering age range errors.
Verification Condition SettingsBy combining and setting Low, Median, High conditions, customers can directly set age verification criteria suitable for service characteristics. For example, stricter conditions can be set when minor blocking is needed.
Usage ScenariosWhen using only selfie (proceeding with face authentication only without ID), it is useful for age verification to block minors. You can implement minor blocking policies by setting target image as selfie photo and reference age as fixed value.
Simulation FunctionA simulation button is provided on the face-based age verification settings screen to test if the set conditions work correctly.

Additional Authentication & Meta Information

Set third-party data source verification and meta-information-based verification options.
Additional authentication & meta information settings

3rd party Data Sources

Set additional verification options using external data sources.

1 Won Account Authentication - Korea

Confirms account possession through 1 won authentication.
1 won account authentication settings
SettingDescription
Depositor NameCan set depositor name up to 4 characters when depositing 1 won.
1 Won Account Authentication Process
  1. User enters account information.
  2. System deposits 1 won to the account.
  3. User confirms and enters the depositor name.
  4. When depositor name matches, account possession confirmation is complete.

Government Data Verification - Korea

Performs government data verification for IDs issued in Korea. Applicable targets:
  • Resident registration number, driver’s license, passport, alien registration card, domestic residence report for foreign nationals of Korean descent, permanent residence card
Government data verification settings
PrecautionsWhen values necessary for authenticity verification are excluded, it is always processed as unverified. To use government data verification, all ID information (e.g., name, date of birth, resident registration number, etc.) must be included.

CURP Third-party Verification - Mexico

Performs Mexico CURP number verification through official external sources.
CURP third-party verification settings
SettingDescription
Full NameSimilarity threshold to apply when comparing user-submitted value with name confirmed based on CURP number
Final Result SelectionDetermines which name to use as final when verification passes
Date of BirthCompares and verifies user-submitted value with date of birth confirmed based on CURP number
GenderCompares and verifies user-submitted value with gender confirmed based on CURP number

Address Proof

Performs location-based address verification.
Address information verification settings

Residency Expiration Date Query - Korea

Queries and verifies Korean government’s residency expiration date information for passports from other countries.
Residency expiration date query settings
Residency Expiration Date Query UsageWhen verifying identity for foreign residents or visa holders, you can query residency expiration date information from Korean government database to verify residency qualifications.

Meta Information-based Detection

Set risk detection options based on IP addresses, regional information, etc.

Proxy & VPN Detection

Detects IP-based risk and blocks the IP for 48 hours when risk score is 90 or above.
Proxy & VPN detection settings

VPN & Proxy Pre-verification List

Learn how to view Proxy & VPN detection results.

Device Verification

Identifies unique device information. Checks the information of the device used to access KYC and blocks access if the device is not a mobile device. It preemptively blocks non-mobile device access such as desktops, virtual environments, and bots through 3 verification checks: Browser check, Graphics check, and Screen check.
Device Verification option settings
Verification ItemDescription
Browser checkAnalyzes the browser’s User-Agent value and blocks the request if the accessing device is identified as a desktop PC rather than a mobile device.
Graphics checkDetects the device’s GPU/graphics card through WebGL information and blocks the request if a desktop-only graphics card that cannot be used in mobile devices is detected.
Screen checkAnalyzes the device’s screen information and blocks the request if a number of simultaneous touch points unsupported by mobile devices is detected.
If even 1 out of 3 verification items is FAIL, the user is redirected to an error page. All verifications operate on a blacklist basis.

Device Verification Pre-verification List

Learn how to view Device Verification results.

Regional Pre-screening

A function that controls access by comparing user’s IP country with ID issuing country. By default, it blocks access when user’s IP country differs from issuing country, and detailed policies can be configured through exception settings and target designation.
Regional pre-screening exception settings
Regional pre-screening target settings

Exception Settings

You can set countries to process as exceptions in regional pre-screening.

Pre-screening Exception Countries

When IP address belongs to the country, pre-screening passes even if IP country and issuing country differ. Operation Method:
  • If user’s IP address is included in the exception country list, access is allowed even if IP country and issuing country do not match.
  • For example, if “United States” is added to exception countries, pre-screening passes when accessing from US IP regardless of issuing country.

Issuing Country Pre-screening Exception

When ID issuing country belongs to the country, pre-screening passes even if IP country and issuing country differ. Operation Method:
  • If the issuing country of the ID submitted by the user is included in the exception country list, access is allowed even if IP country and issuing country do not match.
  • For example, if “Korea” is added to exception countries, pre-screening passes when using IDs issued in Korea regardless of IP country.

Target Designation

You can designate targets to apply regional pre-screening. It is not an OR condition, but selects one of IP country based or Issuing country based to designate targets. Setting Options:
CriteriaDescription
IP Country BasedPerforms pre-screening only when accessing from IP addresses of designated countries.
Issuing Country BasedPerforms pre-screening only when using IDs issued from designated countries.
Operation Method:
  • When accessing from IP addresses of countries designated as screening targets or using IDs issued from those countries, always compares IP address and issuing country and blocks access if they do not match.
  • For countries not designated as screening targets, pre-screening check is not performed.
Regional Pre-screening Usage Examples
  • Allow only Korean ID + Korean IP: If “Korea” is designated as issuing country based in target designation, when using IDs issued in Korea, access is only allowed from Korean IP.
  • Specific Country Exception Processing: If “United States” is added to pre-screening exception countries for overseas-residing Koreans, access is allowed even when using Korean IDs from US IP.
  • Specific Issuing Country Exception: If “Passport” is added to issuing country pre-screening exceptions, access is allowed regardless of IP country when using passports.
Exception settings and target designation cannot be used simultaneouslyRegional pre-screening can only be used by selecting one of exception settings or target designation. The two methods cannot be activated simultaneously, so select and set the method suitable for your service requirements.

Email Owner Verification

Performs email ownership verification by sending code during liveform process.
Email owner verification settings
Email Owner Verification Process
  1. User enters email address.
  2. System sends authentication code to the email.
  3. User enters the received authentication code.
  4. When code matches, email ownership verification is complete.

Use Cases

Banks or securities companies can secure the highest level of security by activating multiple authentication options such as government data verification, 1 won account authentication, face duplicate check, etc. Deepfakes or presentation attacks can be effectively blocked through active mode of selfie liveness and ID attack prevention functions.
Companies providing global services can accurately authenticate IDs from each region by utilizing country-specific verification options such as MRZ check (passport), PDF417 barcode check (North American driver’s license), CURP third-party verification (Mexico), etc.
E-commerce or sharing economy platforms can preemptively block fake account creation or ID forgery attempts through forgery prevention options such as Proxy & VPN detection, ID validity verification, mandatory real-time camera capture, etc.

PG/Financial

  • Liveness ON (≥80)
  • Proxy/VPN ON
  • MRZ/PDF417 ON
  • Government data verification ON

Platform/Commerce

  • Streaming capture only
  • Face duplicate check ON
  • Proxy/VPN ON
Excessive security option activation may hinder user experience, so it is important to set appropriate security policy levels suitable for service characteristics.

KYC Process

View basic authentication policies.

Pre-verification List

View VPN & Proxy and Device Verification pre-verification results.

Authentication Data

Learn how to manage authentication data.

Contact Us

Please contact us if you have additional questions.