Verifyo vs Onfido: Verifier-Private vs Document-Bound KYC

The buyer comparing Verifyo and Onfido tends to start where every vendor wants them to: a feature matrix. Document coverage in 195+ countries, biometric matcher latency, SDK weight, supported documents — every row gets a tick. What the matrix does not show is the question that decides the buy: where does the user's PII live after the onboarding check, and what does year-one capital become on the balance sheet? A buyer who compares verifyo vs onfido on the matrix answers neither.

The Onfido buyer's question, plainly

An integrating platform under UK MLR 2017 Regulation 28 or FATF Recommendation 10(a) must identify the customer and verify the customer's identity using "reliable, independent source documents, data or information" (1) (2). Onfido solves that obligation; Verifyo solves it too. The difference is architectural, not regulatory. This comparison is published by Verifyo: we name the wedges where Verifyo wins on architecture and pricing, and the gaps where Onfido covers services Verifyo does not. The kyc obligation is the same either way; the identity verification stack underneath it is not.

Two wedges run through the rest of the comparison. Wedge 1 is architectural — verifier-private attestation vs document-bound stack — where users' PII lives after the check. Wedge 2 is commercial — Hold-to-Use vs per-check pricing — what year-one capital becomes. Scope gaps run the other way: Entrust IDV covers services the verifier-private design at Level 1 does not, and the next sections name them honestly.

Onfido in 2026: an Entrust identity verification platform

On 9 April 2024 the acquisition of Onfido completed (7) (13). Onfido was re-branded Entrust IDV; the legal name persists as "Onfido, an Entrust company". Terms were not disclosed; press reports placed the deal at $400M–$650M. The business moved from a stand-alone identity verification firm into a wider identity-security portfolio.

The combined platform pairs document verification, biometric verification, and trusted-data verification on a single SDK integration (8). The company positions the stack as an AI-powered identity-verification platform with passive fraud detection signals, named Global Verification Platform of the Year in the 2026 FinTech Breakthrough Awards (14). The firm markets Workflow Studio as a no-code journey designer where buyers orchestrate checks across the IDV roadmap (9).

Onfido's first post-acquisition filing, for the fiscal year ending January 2024, reported revenue of £86.8 million (down 10% year-on-year), a 19% staff reduction to 224 people, and operating losses cut by 60% (12). The company is mid-scale and integrated into the parent's identity-security suite — a stable identity verification provider serving regulated industries at scale.

What document verification and biometric verification actually transfer

Onfido's stack pairs document verification with biometric verification on every check. It extracts identifiers from the documents the user uploads — name, date of birth, document number, document country — alongside a verification decision. Biometric verification, the matched-selfie step, runs against the document photo with liveness detection against presentation attacks. The integrating platform receives the decision and the extracted record, and stores the underlying file. The processes repeat per platform: document images travel to each receiving platform, the record sitting on each platform's servers.

Under GDPR Article 28, the integrating platform is the controller and the IDV vendor is the processor; the documents and biometric record become the platform's responsibility once delivered (3). A user verified on Platform A re-submits the same documents to Platform B because Platform B runs its own Onfido check. Multiply across the platforms users touch in a year and document re-submission becomes the dominant cost users absorb — the verification flow repeats per platform, and the friction is the document-bound design.

The IDV stack bundles passive fraud detection signals as a separately metered add-on. Trusted-data verification draws on third-party brokers and watchlist sources the company contracts; fraud prevention sits inside the broader identity-centric security suite. A buyer evaluating Onfido is buying capable fraud detection alongside the document and biometric pipeline, paid separately.

Verifier-private identity verification: the attestation flow

Verifier-private identity verification means the user verifies once with an issuing verifier — a regulated KYC operator that runs identity and biometric checks on the user's documents, plus sanctions, PEP, criminal, barred-persons, military, and adverse-media screening before signing a Zero-Knowledge KYC attestation. Integrating platforms query it by wallet and receive a verified-status response: identity-pseudonym, KYC level, status, document country, age booleans, six AML booleans. The platform receives proof of compliance, not a copy of the user's documents. This is the approach we take at Verifyo — a single Zero-Knowledge KYC attestation proving compliance status without transferring PII.

The architectural difference is mechanical. Compliance evidence becomes the attestation, not the underlying documents. What the platform holds reduces from a copy of every onboarded user's documents to a status reference. GDPR Article 5(1)(c) requires that personal data be "adequate, relevant and limited to what is necessary" (3); Article 25 requires technical measures by default so only necessary data is processed (4). The ICO is direct: "If you are holding more data than is actually necessary for your purpose, this is likely to be unlawful" (5). The verifier-private design is the canonical Article 25 pattern; see traditional KYC vs Zero-Knowledge KYC for the full primer.

The user-experience consequence follows. The reusable-attestation model removes one structural cause of drop-off in the user experience: verified users do not re-upload identity documents on every platform. A single check feeds many platforms — the verification solution returns a boolean, and the boolean is the regulator-relevant evidence the platform needs. Compare the user experience of one verification against N-platform document submissions, and the reusable-attestation experience produces measurable drop-off improvement.

The verifier-private architecture changes the flow contract; it does not extend the Level 1 scope. The Level 1 attestation bundle is identity document verification, age attestation, wallet-ownership binding via Zero-Knowledge KYC, and the six-check AML screening set. The scope-gap mapping in the next section sets out what falls outside it.

Scope-honest mapping: what each provider verifies today

Both Verifyo and Onfido verify identity documents. Both run biometric checks — Onfido directly, Verifyo via the issuing verifier. Both feed AML screening sets that overlap on sanctions screening and PEP coverage; AML coverage is symmetric across both providers. Platforms whose customers sit primarily in identity-only and AML-screening scope, and whose verification solution covers identity verification, AML screening, and crypto-adjacent integration, find both providers solve the MLR 2017 Regulation 28 and FATF Recommendation 10(a) obligation. Architecture and pricing become the decisive criteria, not scope. Both providers feed the customers an integrating business onboards.

Onfido offers address verification through third-party sources; Verifyo does not offer this today. For the services both providers cover, the verifier-private architecture and Hold-to-Use pricing remove the recurring per-verification cost. Under MLR 2017 Regulation 28(2)(b), residence checks require reliable sources, and the platform contracts third-party brokers for street-level lookups (8). The Verifyo attestation exposes a self-declared residence_country field (ISO-2) but does not run street-level checks.

Onfido offers ongoing monitoring of the business relationship; Verifyo does not offer this today. For the services both providers cover, Verifyo's verifier-private architecture and Hold-to-Use pricing remove the recurring per-verification cost. FATF Recommendation 10(d) and MLR 2017 Regulation 28(11) require ongoing monitoring; higher tiers bundle continuous re-screening. Verifyo issues attestations at verification time and refreshes on the documented expiry cadence; the ongoing customer due diligence obligation sets out the mechanism. The same pivot applies to KYB: Onfido offers KYB and business verification through the business-onboarding line; Verifyo does not offer this today, and Verifyo's verifier-private architecture removes the recurring cost.

Two further gaps round out the mapping. Neither verification solution covers Travel Rule data exchange today under the FATF Recommendation 16 horizon (June 2025 update, compliance effective end of 2030) (6). Broader EDD workflows under MLR 2017 Regulation 33 sit inside the platform's higher tiers. The CDD framework lays out the grammar both providers answer to.

Pricing: held asset vs recurring expense

Onfido's pricing is quote-based; the company does not disclose per-check rates publicly. Document, biometric, and fraud-detection checks are separately metered. The per-check fee scales with each customer onboarded; the integrating business's compliance capital is paid away as a recurring service expense — once spent, it is gone. The per-check pricing solution that dominates the cohort treats compliance capital as a recurring business expense — the standard model in the document-bound identity verification solutions cohort (Onfido / Entrust IDV, Veriff, Sumsub).

Verifyo charges no per-verification fee. Hold-to-Use means platforms hold MTO tokens to access the API; tokens are held — not staked, burned, or locked — and remain fully owned and transferable. MTO holding is a fixed business cost line, not a recurring opex item. Holdings scale by monthly-query tier: Free (0–30, 0 MTO), Starter (31–5,000, 2,500 MTO), Growth (5,001–50,000, 25,000 MTO), Pro (50,001–100,000, 75,000 MTO), Business (100,001–500,000, 200,000 MTO), Enterprise (500,001–1,000,000, 500,000 MTO), Super (1,000,001+, contact sales). When MTO trades above $2.00, the holding adjusts daily to maintain a $2.00-per-query anchor.

A platform onboarding 100,000 new customers per month under Onfido's quote-based pricing pays roughly $150,000 to $350,000 annually at the $1.50–$3.50 per-check range — third-party estimates from Finexer, Didit, and Be-Verified, not Entrust-published rates. 100,000 verifications per month is typical for high-volume industries — exchanges, gaming, neobanks. The capital is paid away. The same platform on the Pro tier (50,001–100,000 monthly queries) holds 75,000 MTO — a $150,000 commitment at the $2.00 spot anchor — and that capital stays on the balance sheet, fully owned and transferable. After the initial period the platform keeps using the API without new recurring payments as long as it holds the required MTO. The initial commitment is not a recurring KYC payment but an asset purchase that keeps the API accessible — the reason Verifyo can be described as free in long-term economic terms.

The main risk is asset value, not recurring service cost. If MTO price falls, the cost-effective outcome can become less favourable only during the initial period; the service remains accessible as long as the platform holds the required MTO. The company offers a free trial of Workflow Studio for small business buyers; per-check pricing is disclosed post-quote only. Verifyo offers a permanent Free tier (0–30 monthly queries, no MTO required), a permanent volume band, not a trial.

MTO token value can rise or fall. Illustrative figures in this article are not a forecast or an expected return. This article is not investment advice.

Where Onfido / Entrust IDV genuinely wins

Onfido is a real and capable identity verification vendor. Document coverage spans 195+ countries — the global coverage advantage matters for any business whose users span emerging-market jurisdictions (8). The biometric matcher has matured over a decade, and document accuracy on edge-case identity documents is recognised in the 2025 Gartner Magic Quadrant. G2 reviewers (4.4 / 5, captured 10 June 2026) praise SDK integration ease, smooth onboarding, and reliable customer support (10). Capterra reviewers (4.6 / 5, 30 reviews, captured 10 June 2026) report 93% positive sentiment and ease-of-use 4.5 / 5 (11). Integration ease across these industries is a recurring theme, and regulated business categories range from banking and financial services to gaming. Entrust IDV is integrated with the wider identity portfolio — relevant to enterprises with EDD workflows on the parent group's authentication or PKI infrastructure, a mature verification solution at scale.

The same aggregates flag known pain points factually. False positives on valid identity documents — the biometric matcher generates friction on edge-case IDs where document quality is borderline, occasionally requiring manual review. Capterra reviewers note specific document types — older national IDs and certain residence permits — as the categories generating the most resubmission. Capterra's value-for-money sub-rating sits at 4.2 / 5, aligned with the quote-based pricing's opacity at low volumes. Compare the Capterra and G2 aggregates and the verdict is consistent. None of this is a failure of architecture; it is the inherent friction of the document-bound stack at scale.

Choosing: a buyer-decision verdict

Choosing between Onfido and Verifyo turns on what services the platform needs and what year-one capital it wants to spend. Platforms across regulated industries — banking, financial services, gaming, crypto exchanges — face the same MLR 2017 obligation. Where the scope items include KYB, address verification, or EDD workflows, Entrust IDV is the right solution today; the scope advantage is real, and the verification solution must match the brief. Industries where address verification is statutory (UK banking and consumer finance) make scope the decisive factor. Where the scope items are identity verification, AML screening, and crypto-adjacent integration, the verifier-private architecture and Hold-to-Use pricing should be evaluated on those merits. A verifier-private integration produces the same regulator-relevant evidence in one step; onboarding capital becomes a held asset, and verified users get one verification with many platform acceptances. Some platforms will run both — Entrust IDV for scope-required workflows, the verifier-private design for identity and AML — where architectural privacy and Hold-to-Use pricing earn their place.

The decision is architectural before it is commercial. Where the user's PII lives and what year-one capital becomes are the two questions worth asking; buyers who compare these architectures get a clearer signal than the matrix offers. For the parallel against a different document-bound vendor, the verifyo vs sumsub comparison runs the same wedges.

Sources

1. FATF. Recommendation 10 — Customer Due Diligence. FATF Recommendations 2012, updated October 2025. https://www.fatf-gafi.org/content/dam/fatf-gafi/recommendations/FATF%20Recommendations%202012.pdf.coredownload.inline.pdf
2. UK Government. The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Part 3. https://www.legislation.gov.uk/uksi/2017/692/part/3
3. European Parliament and Council. Regulation (EU) 2016/679 (GDPR), Article 5(1)(c) — Data minimisation. https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng
4. European Parliament and Council. Regulation (EU) 2016/679 (GDPR), Article 25 — Data protection by design and by default. https://eur-lex.europa.eu/eli/reg/2016/679/oj/eng
5. Information Commissioner's Office (ICO). Principle (c): Data minimisation — UK GDPR guidance. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/data-protection-principles/a-guide-to-the-data-protection-principles/data-minimisation/
6. FATF. Recommendation 16 — Wire transfers / Travel Rule update. June 2025. https://www.fatf-gafi.org/en/publications/Fatfrecommendations/update-Recommendation-16-payment-transparency-june-2025.html
7. Entrust. Entrust Completes Acquisition of Onfido. Press release, 9 April 2024. https://www.entrust.com/company/newsroom/entrust-completes-acquisition-of-onfido-creating-a-new-era-of-identity-centric-security
8. Entrust. Identity Verification (IDV) Solutions product page. https://www.entrust.com/products/identity-verification
9. Entrust. Workflow Studio — Mission Control for Identity Verification product page. https://www.entrust.com/products/identity-verification/studio
10. G2. Entrust IDV, formerly Onfido — Reviews. Captured 10 June 2026. https://www.g2.com/products/entrust-idv-formerly-onfido/reviews
11. Capterra (Gartner Digital Markets). Entrust IDV Software Ratings. Captured 10 June 2026. https://www.capterra.com/p/200047/Onfido/
12. Biometric Update. Onfido files first financials following Entrust acquisition. 5 February 2025. https://www.biometricupdate.com/202502/onfido-files-first-financials-following-entrust-acquisition
13. UKTN. Entrust completes acquisition of ID verification startup Onfido. 9 April 2024. https://www.uktech.news/growth-strategy/exit-strategy/entrust-completes-onfido-acquisition-20240409
14. FinTech Magazine / GlobeNewswire. 10th Annual FinTech Breakthrough Award Winners. 19 March 2026. https://www.globenewswire.com/news-release/2026/03/19/3259172/0/en/A-Decade-of-FinTech-Innovation-10th-Annual-FinTech-Breakthrough-Award-Winners-Announced.html