Verifyo vs Sumsub After Sumsub's May 2026 Travel Rule Launch
The Sumsub Travel Rule self-service launch — what changed in May 2026
On 26 May 2026, Sumsub launched the Sumsub Travel Rule Self-Service Setup (1), a self-service activation tier on top of its existing Travel Rule SDK. Sumsub's solution targets smaller VASPs and crypto companies whose users previously paid the enterprise-implementation timeline tax. Sumsub states a VASP can now reach its first compliant transfer "without relying on a customer success manager, solutions engineer, or a six-week onboarding process." The launch removes a real onboarding-friction tax that priced smaller VASPs out of FATF Recommendation 16 readiness — the same friction that priced them out of fraud-prevention scale at Layer 1, where conversion rates collapse when new users churn at the document-upload step.
The changes are concrete. The implementation fee is reduced to zero. Activation happens through an SDK with preset configurations and built-in decision logic that Sumsub provides out of the box. Sumsub cites over 2,100 VASPs (2) in its cohort (its own product page cites 1,050+ in the client directory; both numbers are Sumsub-stated), and states the SDK reduced user drop-offs by up to 35%. The SDK itself has been generally available since June 2025 (3); the May 2026 announcement is the self-service tier of an existing product.
The friction reduction is real, and we do not contest the launch. The reframe begins one layer above: self-service shortens the customer journey to a first compliant transfer for new users, but it does not change what crosses VASP boundaries on every qualifying transaction once inside.
The Travel Rule problem in two layers: onboarding friction vs data transfer
Layer 1 is the onboarding-friction layer. A VASP wants to join a Travel Rule cohort, and the historical cost is an enterprise contract plus a six-week implementation. The outputs Sumsub now provides are SDK-based activation, preset configurations, and built-in decision logic that smaller VASPs can deploy without dedicated engineering. The metric — speed-to-first-compliant-transfer. Sumsub's self-service launch is a clean win that reduces friction at the entry point.
Layer 2 is the data-transfer layer. Once a VASP is inside a Travel Rule cohort, each qualifying transaction triggers a data transfer to a counterparty VASP. The inputs are verified identity records of the users on both sides — name, distributed-ledger address, account number on the originator; matching beneficiary records on the receiving side. The outputs are identity documents the counterparty platform retains and remains exposed to over time.
The metric is different at Layer 2: how much identity surface area is exposed per transfer, and to how many parties — the regulatory risk customers carry once their records sit on a counterparty's stack. FATF's June 2025 update to Recommendation 16 (7) (the originating standard) anchors the regime; in the EU, Regulation (EU) 2023/1113 (8) binds CASPs and the EBA Guidelines (9) enable supervisors to interpret the TFR consistently across CASPs and set what makes a trusted counterparty.
The FCA reminds UK firms (10) they "remain responsible for achieving compliance with the Travel Rule, even when using third-party suppliers" (US: 31 CFR 1010.410(f) (11), $3,000 baseline). Self-service onboarding optimises Layer 1 without touching Layer 2. We have set out the calendar-KYC-vs-transaction-Travel-Rule distinction elsewhere — Sumsub's launch reaches the layer above.
How Sumsub's stack addresses Layer 1 onboarding friction
Document verification mechanics at Layer 1
Sumsub's identity verification flow is the commercial spine of the platform. The SDK lifts identity documents users present — passports, driver's licences, and government-issued IDs are the documents Sumsub's SDK handles — and runs OCR against captured fields. Government-database matching cross-references extracted data where government databases are available, and the SDK helps engineering teams new to KYC by handling the verification step in a single API call. Liveness detection, facial recognition, and biometric authentication add a face-match stage against the document portrait. The sequence is the standard document-verification flow most identity verification providers offer, with high accuracy on government-issued IDs the binding metric on document-verification accuracy.
Where document fraud detection happens in Sumsub's stack
Sumsub's fraud detection rules run inside the SDK at the verification check itself. Device intelligence, behavioural patterns, and document fraud detection rules surface before the verification process completes, with automated fraud detection feeding the platform's risk rating engine — identity-fraud heuristics and fraud signals that flag suspicious users at the verification step. Risk scoring and risk assessment run in the same workflow, with manual review available for high-risk users. Sumsub provides biometric checks and face matching as part of the verification workflows the SDK handles. Capterra reviewers cite Sumsub's comprehensive feature breadth (6) — KYC, KYB, transaction monitoring, ongoing AML, address verification — in one platform; G2's 4.6 over 109 verified reviews (5) tells a similar story, and Sumsub's customer-success function shows up as a recurring strength.
Sumsub's stack at Layer 1 is broadly deployed, well-reviewed, and a defensible path when a smaller VASP wants biometrics, liveness detection, and document verification under one provider. What it does not change is Layer 2 — the data-transfer step itself.
Where verifier-private attestation reframes Layer 2
The architectural privacy wedge sits at Layer 2. Zero-Knowledge KYC produces a verifier-private counterparty attestation: the receiving platform verifies it cryptographically without re-receiving the underlying PII. The standards foundation is concrete. W3C Verifiable Credentials Data Model 2.0 (16) enables selective disclosure as a baseline privacy primitive. IETF RFC 9901 (SD-JWT) (17) enables verifier-private credential presentation as a Standards Track protocol, and EUDI Wallet ARF discussions still treat full ZKP as a leading-edge architectural posture, not a settled standard (18) (19) — the identity assurance system that follows. This is the approach we take at Verifyo — a single Zero-Knowledge KYC attestation that proves compliance status without transferring personal data, building on the architectural difference between traditional KYC and Zero-Knowledge KYC we have set out elsewhere.
What changes at the data-transfer layer is the surface area exposed — the fraud surface that follows once identity records sit on a counterparty's stack. Under Sumsub's Travel Rule SDK, the originating VASP transmits verified identity verification records to the counterparty VASP; those identity documents are retained on the receiving side and exposed to onward breach risk for the users whose records crossed. Unlike Sumsub, under a verifier-private architecture the originating VASP produces a Zero-Knowledge KYC attestation; the counterparty verifies the proof; the underlying PII does not move — reduced data exposure across the verification flow, with the receiving platform a trusted counterparty under the EBA framing without holding the records. 21 Analytics (13) frames it directly: "The Travel Rule is, inherently, a two-VASPs-game." Neither architecture solves the hosted-vs-unhosted wallet issue (14) Elliptic describes or the sunrise issue Notabene documents (12), but the data-exposure question is a Layer 2 one — and FATF's 2025 targeted update (15) sets the scale.
We are not claiming Verifyo offers a live Travel Rule product Sumsub does not. Travel Rule data exchange is not offered today; it is on our roadmap. The architectural question we are building toward is what data needs to move at all.
Feature and scope comparison: identity verification, AML screening, and document verification
Both providers cover natural-person identity verification, document verification, and anti money laundering screening of the users a VASP onboards at the Level 1 equivalent. The comparison table below helps compliance teams map the scope; the four scope-pivot blocks set the honest framing at each verification type boundary.
| Capability | Sumsub | Verifyo (Level 1 — Standard KYC) |
|---|---|---|
| Document verification | Yes — SDK, OCR, database matching, liveness, biometrics | Yes — document verification, document country captured |
| AML screening | Yes — sanctions, PEP, criminal, barred, military, adverse media; Compliance Plan adds ongoing AML | Yes — six AML booleans in the attestation |
| Age attestation | Yes | Yes — age_over_18, age_over_21 booleans |
| Wallet ownership binding | No | Yes — cryptographic proof linking wallet to identity |
| What the receiving platform holds | Raw identity records (PII) | Verifier-private attestation (no PII transferred) |
| Business verification (KYB) | Yes | No — natural persons only |
| Address verification | Yes — Compliance Plan add-on | No — residence_country self-declared, not verified |
| Ongoing AML monitoring | Yes — Compliance Plan | No — attestation refreshes on expiry cadence |
| Transaction monitoring | Yes — Sumsub AML suite | No — identity infrastructure only |
| Travel Rule data exchange | Yes — Self-Service Setup (May 2026) + SDK (June 2025) | Roadmap — not live today |
| Network reach | Sumsub states over 2,100 VASPs | 190+ blockchain support; attestation reusable across platforms |
Business verification: not in our scope today
Sumsub offers business verification (KYB); Verifyo does not verify businesses today — we verify natural persons only. Many businesses operating across jurisdictions need both natural-person identity verification and KYB on a single verification provider, and Sumsub's solution covers that scope at Level 1+. Business verification (KYB) is a Sumsub scope we do not contest.
AML screening: where both providers run the same checks
Both providers run sanctions, PEP, criminal, barred, military, and adverse-media watchlist screening at the verification step against equivalent databases — the anti money laundering coverage is the same, and both KYC providers return equivalent risk signals on the users they screen as part of customer due diligence. The wedge does not sit at the AML screening step itself.
Address verification: not in our scope today
Sumsub offers the address checks add-on on its Compliance Plan; Verifyo captures the user's declared country of residence but does not verify a physical address. For the identity document and AML-screening checks both providers cover, our architecture changes what the receiving platform holds.
Ongoing monitoring and transaction monitoring: not in our scope today
Sumsub's Compliance Plan adds ongoing AML monitoring, real-time transaction monitoring, and real-time AML screening across the verification lifecycle — the AML capabilities and AML compliance workflows that round out Sumsub's features at Level 1+. Verifyo does not perform continuous monitoring or transaction monitoring today. For the AML-screening checks both KYC providers cover, Zero-Knowledge KYC changes what the receiving platform holds — compliance requirements stay the same; the case management tools follow from the platform's risk assessment.
Sumsub's scope is broader at Level 1+; Verifyo's architecture changes what crosses to the receiving platform on services both providers cover.
Pricing context: per-verification fees vs the Hold-to-Use model
Sumsub's pricing (4) is public. The Basic tier is $1.35 per verification with a $149 monthly minimum. The Compliance tier is $1.85 per verification with a $299 monthly minimum and offers ongoing AML, address checks, and transaction monitoring with the Compliance Plan support tier. Custom enterprise pricing is available — Sumsub's per-verification pricing for the full Compliance Plan solution scales with the number of users a platform onboards at high volume, with volume discounts at scale. We cite this as a public reference point.
Verifyo's pricing model replaces per-verification pricing with a holdings-based model. Platforms hold MTO tokens to access the API; the required holding scales by monthly-query tier. A Growth-tier platform running up to 50,000 verifications per month holds 25,000 MTO; a Pro-tier platform up to 100,000 verifications per month holds 75,000 MTO. With a conventional KYC provider, the platform's capital is paid away as a service expense — recurring costs without a residual, and operational costs that scale per verification with the customer base.
With Verifyo, the platform's capital is committed into MTO and held in its own wallet — tokens are not consumed by usage, and the capital remains owned by the platform on its balance sheet. This is why Verifyo can be described as free in long-term economic terms: the initial commitment is not a recurring KYC payment, it is an asset purchase that keeps the API accessible. No per-verification fees, no hidden fees — reduced operational costs and a different total cost shape for businesses with high verification volume.
MTO token value can rise or fall. Illustrative figures in this article are not a forecast or an expected return. This article is not investment advice. The main risk is asset value, not recurring service cost. If MTO price falls, the outcome can become less favourable only during the initial period; the service remains accessible as long as the platform holds the required MTO. If price remains stable or rises, the platform retains the capital while still receiving the service.
When Sumsub is the right answer. When Verifyo is the right answer
Where fraud prevention coverage tips the choice
Sumsub's fraud prevention coverage extends beyond identity verification into ongoing AML monitoring, real-time transaction monitoring, and broader fraud detection across the verification lifecycle — fraud prevention features that round out a single-platform offering. Verifyo does not offer this scope today; fraud prevention beyond the verification step belongs to RegTech tools like Chainalysis, Elliptic, or ComplyAdvantage. For the natural-person identity and AML screening both providers cover, the fraud prevention question splits along the same line as the architectural one.
Sumsub is the right answer when a VASP needs broad feature coverage at Level 1+ in one platform — KYB, address checks, ongoing AML monitoring, transaction monitoring, Travel Rule onboarding, and reach across the broader VASP cohort — or when speed-to-first-compliant-transfer at Layer 1 is the binding constraint for compliance teams onboarding many customers across financial services. Sumsub's WEF Unicorn Community membership (20), customer-success function, and customer base of clients across large enterprises and smaller markets make it the defensible choice — the global identity verification provider profile financial institutions and digital services teams reach for when global scale, global reach, and global coverage are top priorities.
Verifyo is the right answer when the platform's primary requirement is minimising what data crosses VASP boundaries on its users, when it is willing to commit capital into a held asset instead of a recurring per-verification expense, and when verifying identity sits within natural-person identity verification, AML screening, age attestation, and wallet ownership binding at Layer 1. The broader cohort of Zero-Knowledge KYC providers is worth weighing, and Sumsub features in the broader vendor comparison too. The two solutions sit on different architectural premises: Sumsub's pricing model and feature footprint serve one set of customers; the architectural choice at Verifyo serves another. The decision belongs to the reader.
Sources
(1) Sumsub Newsroom. Sumsub Launches Self-Service Setup for Travel Rule Compliance. 26 May 2026. https://sumsub.com/newsroom/sumsub-launches-self-service-setup-for-travel-rule-compliance
(2) Financial IT. Sumsub Launches Self-Service Setup for Travel Rule Compliance. 26 May 2026. https://financialit.net/news/compliance/sumsub-launches-self-service-setup-travel-rule-compliance
(3) Biometric Update. Sumsub Travel Rule SDK simplifies complex compliance rule for virtual asset transfers. 10 June 2025. https://www.biometricupdate.com/202506/sumsub-travel-rule-sdk-simplifies-complex-compliance-rule-for-virtual-asset-transfers
(4) Sumsub. Pricing. As of May 2026. https://sumsub.com/pricing/
(5) G2. Sumsub Reviews. As of May 2026. https://www.g2.com/products/sumsub/reviews
(6) Capterra. Sumsub Reviews 2026. As of May 2026. https://www.capterra.com/p/188057/KYC-AML-Platform/reviews/
(7) Financial Action Task Force (FATF). Updated Standards on Recommendation 16 on Payment Transparency. June 2025. https://www.fatf-gafi.org/en/publications/Fatfrecommendations/update-Recommendation-16-payment-transparency-june-2025.html
(8) European Parliament and Council. Regulation (EU) 2023/1113 — Transfer of Funds Regulation. 31 May 2023. https://eur-lex.europa.eu/eli/reg/2023/1113/oj/eng
(9) European Banking Authority. Guidelines on information requirements in relation to transfers of funds and certain crypto-assets transfers under Regulation (EU) 2023/1113. 4 July 2024 (applies 30 December 2024). https://www.eba.europa.eu/activities/single-rulebook/regulatory-activities/anti-money-laundering-and-countering-financing-terrorism/guidelines-information-requirements-relation-transfers-funds-and-certain-crypto-assets-transfers
(10) Financial Conduct Authority. FCA sets out expectations for UK cryptoasset businesses complying with the Travel Rule. 17 August 2023. https://www.fca.org.uk/news/statements/fca-sets-out-expectations-uk-cryptoasset-businesses-complying-travel-rule
(11) FinCEN / eCFR. 31 CFR 1010.410(f) — Travel Rule. https://www.ecfr.gov/current/title-31/subtitle-B/chapter-X/part-1010/subpart-D/section-1010.410
(12) Notabene. What is the Sunrise Issue of the Crypto Travel Rule? https://notabene.id/post/what-is-the-sunrise-issue-of-the-crypto-travel-rule
(13) 21 Analytics. Be Travel Rule Compliant: Overcome the Sunrise Issue. 13 July 2022. https://www.21analytics.co/blog/how-to-be-travel-rule-compliant-when-your-counterparties-are-not/
(14) Elliptic. What is the Travel Rule? 14 October 2025. https://www.elliptic.co/blockchain-basics/what-is-the-travel-rule
(15) Financial Action Task Force (FATF). Targeted Update on Implementation of FATF Standards on Virtual Assets and VASPs. 2025. https://www.fatf-gafi.org/en/publications/Fatfrecommendations/targeted-update-virtual-assets-vasps-2025.html
(16) World Wide Web Consortium (W3C). Verifiable Credentials Data Model 2.0 family. W3C Recommendation, 15 May 2025. https://www.w3.org/press-releases/2025/verifiable-credentials-2-0/
(17) IETF. RFC 9901 — Selective Disclosure for JSON Web Tokens (SD-JWT). November 2025. https://datatracker.ietf.org/doc/rfc9901/
(18) EU Digital Identity Wallet ARF GitHub Discussion. Topic G — Zero-Knowledge Proof. https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/discussions/408
(19) Podda, E., Holzmer, P., Amard, A., Sedlmeir, J., & Fridgen, G. Regulatory options for integrating zero-knowledge proofs into the European Digital Identity Wallet. International Review of Law, Computers & Technology, Vol. 39 No. 3, 2024. https://www.tandfonline.com/doi/full/10.1080/13600869.2024.2398915
(20) Sumsub Newsroom. Sumsub Joins World Economic Forum Unicorn Community to Tackle AI Fraud and Advance Inclusive Digital Identity. 12 January 2026. https://sumsub.com/newsroom/sumsub-joins-world-economic-forum-unicorn-community-to-tackle-ai-fraud-and-advance-inclusive-digital-identity/
Want to learn more?
Explore our other articles and stay up to date with the latest in zero-knowledge KYC and identity verification.
Browse all articles