Face Match vs the Alternatives: Choosing Biometric Verification

Face matching — biometric 1:1 comparison — verifies that the person presenting a selfie is the same individual pictured on their identity document. It is not the same thing as facial recognition, face deduplication, or document-only verification, and each approach answers a different question.

Choosing the wrong method for your use case either under-assures — letting through impersonators — or over-engineers, adding friction and cost where simpler checks would do. This guide maps out the four common approaches, what each one proves, when to use each, and how to combine them for stronger guarantees.

Key takeaways

• 1:1 Face Match ($0.05) compares a live selfie to a reference image — typically the photo extracted from a government ID. It answers: is this person the document holder?
• 1:N Face Search (free) checks one face against a stored database — deduplicating accounts or matching against a blocklist. It answers: have we seen this face before?
• Document-only verification extracts and validates the document without a selfie. It answers: is this a genuine document — but cannot confirm the person presenting it is the holder.
• Database checks confirm identity through a government or bureau registry. They prove the identity record exists but cannot confirm the presenting person matches it without a biometric.
• Pair face match with liveness to confirm the selfie is of a live person, not a photograph of the document holder.
• Didit's Face Search 1:N is free — deduplication and blocklist matching add no per-call cost.

What face matching does

A 1:1 face match takes two images and returns a similarity score: does face A belong to the same person as face B?

In identity verification, face A is a selfie captured during onboarding. Face B is the portrait extracted from the presented ID document. If the score clears a threshold, the match passes. If it falls below, the result is flagged for review or declined.

The face match step is what connects the document to the person. Without it, you have verified that a genuine document exists; you have not verified that the person holding it is its rightful owner. That distinction is the gap impersonation attacks exploit.

Why it matters

Document fraud has two broad shapes. In the first, the document itself is fake — forged, altered, or generated. Document verification catches this. In the second, the document is genuine but the presenter is not the holder — a stolen passport, a borrowed ID, an impersonation. Face matching catches the second type; document verification alone does not.

At $0.05 per check, face matching is one of the cheapest layers in an identity verification stack. The cost of skipping it — an impersonated account opening — is typically orders of magnitude higher. It belongs in every flow where a document is checked.

The four approaches compared

1:1 Face Match — "is this person the document holder?"

The selfie-vs-document comparison is the foundational biometric check in remote KYC. The user takes a selfie; the engine extracts the portrait from the ID photo; a similarity model scores the match.

Strengths: catches impersonation directly; inexpensive; composable with every other module. Limitation: it only verifies against the document photo. If a fraudster has obtained a genuine document under a fake identity, the face match passes. Combine with database validation and AML screening for synthetic identity detection.

Didit's Face Match 1:1 costs $0.05 per check and runs inside the same hosted session as ID Verification and Liveness.

1:N Face Search — "have we seen this face before?"

Face Search compares one face against a stored set — your enrolled user base, a blocklist, or both. It answers deduplication and watchlist-matching questions:

• Has this person already registered under a different identity?
• Is this face on an internal blocklist of banned users?
• Is this face appearing across multiple accounts at unusual frequency?

1:N search is not facial recognition in the surveillance sense — it operates on faces your platform has already enrolled with consent, not a general population database. The distinction matters for both user trust and legal compliance.

Didit's Face Search 1:N is free — no per-call charge for deduplication or blocklist matching against your enrolled population.

Document-only verification — "is this a genuine document?"

Document-only flows skip the selfie entirely. The user photographs their ID; the engine authenticates the document — checking security features, MRZ consistency, template matching, and tamper detection. No face comparison is performed.

This is appropriate where the regulatory requirement is document authenticity only, or where a separate biometric step happens out-of-band (e.g., a live branch interview). It does not confirm that the presenter is the document holder and should not be used as a substitute for face match in remote digital onboarding.

Database validation — "does this identity record exist?"

Database checks query government registries, credit bureaus, or telco databases to confirm that the name, document number, and date of birth match a record in an authoritative source. They prove the identity exists in a registry; they do not prove that the person submitting the check is that identity.

Database validation is a complement to biometric matching, not a replacement. The strongest onboarding flow confirms: the document is genuine (document verification), the identity record exists (database validation), and the presenting person matches the document (face match + liveness).

Pairing face match with liveness

A face match that accepts a photograph of the document holder is not secure — an attacker can print the ID portrait and hold it up to the camera. Liveness detection breaks this attack by requiring the selfie to prove the subject is physically present.

The combination — Passive Liveness ($0.10) + Face Match ($0.05) — costs $0.15 total and closes the primary impersonation and photo-spoof vectors simultaneously. It is the standard configuration in Didit's core KYC flow, which runs at $0.33 total (ID Verification $0.15 + Passive Liveness $0.10 + Face Match $0.05 + IP Analysis $0.03).

Didit's liveness engine achieved 0% attack success and 0% IAPAR (Impostor Attack Presentation Accept Rate) across 360 attempts under ISO/IEC 30107-3 Level 1 (iBeta-certified).

Use cases

Fintech account opening — 1:1 face match plus liveness is the minimum biometric bar for regulated account opening. Document verification confirms the ID is genuine; face match confirms the applicant is the holder. At $0.33 for the full core flow, it is 3–5× cheaper than most comparable stacks.

Crypto exchanges and VASPs — FATF Travel Rule and VASP regulations in most jurisdictions require biometric face verification as part of KYC. Face Search 1:N (free) prevents the same verified face registering multiple trading accounts, which is a common layering tactic.

Marketplace and gig platforms — Face Search deduplication catches workers who were removed for policy violations and attempt to re-register. The selfie-vs-ID face match prevents workers from registering under a family member's identity to pass background checks.

iGaming — face match on re-login or transaction confirmation ties the active session to the originally verified identity. Combined with Active Liveness ($0.15), it provides a step-up authentication path for high-value withdrawals.

How Didit helps

Face Match and Face Search run inside Didit's hosted verification session. To enable them:

1. In the Business Console, add Face Match 1:1 and/or Face Search 1:N to your workflow alongside the modules you want to pair them with.
2. Create a session — POST /v3/session/ with your workflow_id, vendor_data, and callback.
3. Redirect the user to session.url — Didit handles selfie capture, face extraction from the document, matching, and result storage.
4. Read results via GET /v3/session/{sessionId}/decision/ or session.status.updated webhook — face match score and search hits are both in the decision payload.

All modules share the same session, so face match, liveness, document verification, and AML screening compose without multiple integrations.

Frequently asked questions

How much does face matching cost?

Face Match 1:1 is $0.05 per check. Face Search 1:N is free. Both are pay-per-success with no minimums, and 500 free verifications per month apply across all modules.

Is face matching the same as facial recognition?

No. Face matching is a consented 1:1 comparison between a selfie and a reference image (your ID photo). Facial recognition typically refers to unconsented 1:N matching against large, general-population databases. Didit's Face Search 1:N operates only on faces enrolled in your workspace with user consent.

Does face matching alone prevent identity fraud?

Face match catches impersonation — a real person presenting someone else's genuine document. It does not catch synthetic identity fraud (a fabricated identity with a generated document) or situations where the document itself is forged. Combine with document verification and database validation for comprehensive coverage.

Do I need liveness if I'm already doing face match?

Yes. Without liveness, an attacker can defeat face match by photographing the document holder's portrait and presenting the print to the camera. Passive Liveness at $0.10 closes this attack.

What does the face match score represent?

The score is a similarity measure between the two face embeddings. Didit's engine returns a pass/fail decision based on a configurable threshold, along with the raw similarity value so you can tune acceptance rates to your risk tolerance.

Ready to get started?

• Learn the modules → Didit docs
• See it in the platform → User Verification
• Check the price → Pricing — Face Match $0.05, Face Search free, 500 free/month
• Start free → business.didit.me