Identity verification in Canada
Executive summary. Canada regulates identity verification through a federal AML backbone — the PCMLTFA, supervised by FINTRAC — layered on top of a provincial patchwork covering securities, privacy and gambling. There is no federal identity number usable for private-sector verification and no national eID scheme. FINTRAC explicitly blesses three methods for remote onboarding: a document method, a
Documents supported
(Government IDs from 220+ countries)
Average verification time
Countries covered
(Government-issued IDs validated)
Market overview
Population ~40M, overwhelmingly urban. Toronto, Montréal and Vancouver are the three fintech clusters. Banking penetration exceeds 99%, dominated by the "Big Five" (RBC, TD, BMO, Scotiabank, CIBC) plus National Bank and Desjardins in Québec. Neobanks (Wealthsimple, KOHO, EQ Bank, Neo Financial, Brim) run on a sponsor-bank model — federal consumer-driven banking legislation was introduced in 2024 and is still phasing in. Payments fintechs include Nuvei and Lightspeed; remittance is dominated by MSBs and FMSBs including Wise. Regulated crypto platforms include Coinbase Canada, Kraken, Bitbuy, Netcoins, WonderFi, Crypto.com and Shakepay. Ontario opened Canada's first regulated competitive iGaming market on 4 April 2022 under AGCO and iGaming Ontario (iGO). Every other province channels online
Supported documents
Didit templates cover national IDs, passports, residence permits and regional documents — plus 14,000+ documents globally for cross-border flows.
Regulators
d financial institutions and issues AML expectations through Guideline B-8
d by the Office of the Privacy Commissioner of Canada (OPC)
Service Canada
restricted
Social Insurance Number verification. Batch processing only; not available for real-time commercial queries.
Provincial DMVs (varies by province)
regulated
Driver's license verification managed at the provincial level. Access methods and availability vary by province. No unified national system.
Canada Revenue Agency
restricted
Tax verification services. Portal-based access; limited commercial availability.
Government & regulated databases
Compliance framework
AML framework
Supervised by OSFI
AML / CTF. The Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its regulations (PCMLTFR) are the federal source of law. Major amendments on 1 June 2021 introduced the virtual-currency regime, the travel rule and modernised identity-verification methods; further amendments in 2022-2024 extended coverage to mortgage brokers, armoured-car and factoring firms, and tightened PEP and beneficial-ownership expectations.
Data protection
Supervised by National DPA
Retention. PCMLTFR sets a 5-year retention period: 5 years from account closure for account-based records, 5 years from creation for transaction and verification records. PIPEDA imposes data-minimisation — personal information shall not be retained beyond the period needed for the identified purpose
Penalties for non-compliance
- RBC — CAD 7.48M (December 2023). Largest FINTRAC penalty at the time. Arose from a 2022 examination finding failures to submit 16 STRs across 130 reviewed customer files.
Use cases
Neobanks, EMIs, payment institutions, lenders, brokerages.
Sections 105-112 PCMLTFR and the 2023 Methods to verify the identity of persons and entities Guideline set out three permitted methods for individuals. Each must be documented in the reporting entity's compliance programme with a clear test for "authentic, valid and current".
Exchanges, custodians, wallets, on/off-ramps.
Crypto sits on a uniquely Canadian dual track.
Sports betting, online casinos, age-gated platforms.
Ontario (competitive market). Operators register with AGCO and sign an iGO Operating Agreement. The Registrar's Standards for Internet Gaming (amended February 2024) require:
Gig platforms, delivery, creator economy, e-commerce.
Marketplaces are not PCMLTFA reporting entities unless they perform MSB or crypto activity. They are subject to:
Biometric liveness
There is no national biometric certification scheme in Canada — no equivalent of UK DIATF or German AnZuV. But several overlapping requirements effectively force liveness in any remote-onboarding context. FINTRAC. The document method requires the photo ID be "authentic, valid and current" and the reporting entity be satisfied it is dealing with the person depicted. FINTRAC has expressly said a liveness-matched selfie compared to the document photograph satisfies this for remote onboarding. In pr
CERTIFICATIONS
Our platform meets the highest international standards for information security, data privacy, and biometric accuracy.
Full EU data protection compliance
Information security management
PAD (liveness + face match)
TRUSTED WORLDWIDE
Join thousands of companies that trust Didit for their verification needs
Didit’s NFC + active biometrics technology blocks the most advanced fraud scenarios, offering a level of security equivalent to or superior to in-person verification.
Spanish Financial Sandbox
CNMV, SEPBLAC & Spanish Treasury — Conclusions Report
Didit is an exceptionally valuable partner, delivering a stable and highly adaptable solution”.
Vuk Adžić
Head of the E-Business Department at Crnogorski Telekom
Didit offered us a robust technology with a simple implementation and adaptability to different markets”.
Fernando Pinto
CEO & CoFounder at TucanPay
Thanks to Didit we have been able to reduce manual processes and improve data extraction accuracy”.
Diana Garcia
Trust & Safety Executive at Shiply
Didit’s integration slashed verification times and costs, freeing resources for other projects”.
Guillem Medina
COO at GBTC Finance
Didit removed KYC costs, enabling faster scaling with high verification standards and less fraud.”
Paul Martin
VP Marketing & Growth at Bondex
Didit’s secure, user-friendly verification boosts customer trust and optimizes our process.”
Cristofer Montenegro
Executive assistant to the CEO at Adelantos
Didit ensures a precise, secure digital onboarding without slowing negotiations or client time.”
Ernesto Betancourth
Gerente de riesgos at CrediDemo
FAQ
Yes. Canada permits remote KYC onboarding under its national AML framework, including document verification, biometric liveness and video identification where required by regulation.
Didit verifies all major national IDs, passports and residence permits issued in Canada, plus 14,000+ document types globally for cross-border flows.
Didit charges $0.30 per verification with 500 free checks per month. No contracts, no minimums. Competitors typically charge $1.00–$2.50+ per verification.
Yes. Didit screens against 1,000+ global watchlists including PEP databases, sanctions lists (EU, UN, OFAC, OFSI), and adverse media — covering all AML obligations in Canada.
Most regulated sectors in Canada require or strongly recommend biometric liveness detection for remote onboarding. Didit provides ISO 30107-3 PAD Level 2 certified liveness.
Yes. Didit supports document verification, liveness, AML screening and ongoing monitoring aligned with Canada’s crypto regulatory framework, including EU Travel Rule compliance where applicable.
Yes. Didit provides document-based age verification and identity confirmation suitable for Canada’s iGaming regulatory requirements.
500 free verifications per month. No contracts, no minimums. $0.30 per verification after the free tier.
