Identity verification in Malaysia
Document verification, biometric liveness and AML screening for businesses operating in Malaysia — at $0.30 per verification.
Documents supported
(Government IDs from 220+ countries)
Average verification time
Countries covered
(Government-issued IDs validated)
Market overview
Three statutory pillars define Malaysia's KYC/AML perimeter. The first is Act 613 (AMLATFPUAA 2001), the umbrella criminal and preventive statute covering money laundering, terrorism financing, proceeds of unlawful activities, and targeted financial sanctions. The Minister of Finance has designated BNM as the competent authority under the Act, and BNM in turn has delegated day-to-day competent-authority functions to its Financial Intelligence and Enforcement Department (FIED). FIED receives all Suspicious Transaction Reports (STRs) and Cash Threshold Reports (CTRs) and runs the national financial-intelligence function. The second pillar is BNM's Policy Document suite on AML/CFT/CPF and Targeted Financial Sanctions (TFS), reissued on 5 February 2024 and taking effect on 6 February 2024. The
Supported documents
Didit templates cover national IDs, passports, residence permits and regional documents — plus 14,000+ documents globally for cross-border flows.
Regulators
AML supervisor
JPN / Ministry of Home Affairs
regulated
Central civil registration and identity database. Maintains national registry of all citizens and permanent residents. Source of truth for identity verification. MyKad (smart card with biometrics and
Government of Malaysia (backed by NACSA)
regulated
National digital identity platform. Verifies identity directly against JPN government database without storing personal data. Integrated with all mobile operators, 15 banks/fintechs (MoUs), and immigr
CTOS Digital Berhad
regulated
Major credit bureau and identity verification provider. Provides identity verification and credit checks using NRIC. Regulated by BNM. eKYC services available.
SSM
open
Companies Commission. Business register with online search available.
Government & regulated databases
Compliance framework
AML framework
Supervised by Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001
Act 613 is the operative statute reporting institutions must comply with. Part IV imposes customer due diligence, record-keeping, and reporting obligations on any reporting institution listed in the First Schedule — a list that BNM can expand by order. It criminalises money laundering (Section 4), terrorism financing (Section 4A), and failure to report suspicious transactions. Penalties extend to up to 15 years imprisonment and fines of up to five times the sum laundered for individuals, with se
Data protection
Supervised by National DPA
For onboarding flows, credit-bureau data is a useful but secondary signal — Malaysian regulators require document and biometric verification as the primary identity-proofing mechanism, with credit bureaus serving affordability and fraud checks rather than identity assurance.
Use cases
Neobanks, EMIs, payment institutions, lenders, brokerages.
BNM's original 2020 e-KYC Policy Document permitted remote onboarding but was narrowly focused on individual customers and retail accounts. The 15 April 2024 revision widened the perimeter to cover legal persons (corporate onboarding) and tightened the technical bar. Key requirements include:
Exchanges, custodians, wallets, on/off-ramps.
The Securities Commission Malaysia (SC) regulates Malaysia's capital markets under the Capital Markets and Services Act 2007 (CMSA). The SC issues its own Guidelines on Prevention of Money Laundering and Terrorism Financing for Reporting Institutions in the Capital Market Sector, which are the funct
Sports betting, online casinos, age-gated platforms.
In January 2019, the Minister of Finance issued the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019, which prescribed both digital currencies and digital tokens as securities under the CMSA where certain criteria are met. The order came into
Gig platforms, delivery, creator economy, e-commerce.
The Labuan Financial Services Authority (LFSA) regulates Malaysia's offshore financial centre, the Labuan International Business and Financial Centre (Labuan IBFC), under the Labuan Financial Services and Securities Act 2010 and the Labuan Islamic Financial Services and Securities Act 2010. Labuan h
Biometric liveness
Identity in Malaysia is anchored on the MyKad (Kad Pengenalan Malaysia) — the national smart identity card issued by JPN (Jabatan Pendaftaran Negara, the National Registration Department) under the Ministry of Home Affairs. MyKad is mandatory for all Malaysian citizens aged 12 and above. It carries a 12-digit NRIC (National Registration Identity Card) number, a contact chip with fingerprint biometrics, a photograph, and metadata supporting multiple applications (driving licence, health, e-purse)
CERTIFICATIONS
Our platform meets the highest international standards for information security, data privacy, and biometric accuracy.
Full EU data protection compliance
Information security management
PAD (liveness + face match)
TRUSTED WORLDWIDE
Join thousands of companies that trust Didit for their verification needs
Didit’s NFC + active biometrics technology blocks the most advanced fraud scenarios, offering a level of security equivalent to or superior to in-person verification.
Spanish Financial Sandbox
CNMV, SEPBLAC & Spanish Treasury — Conclusions Report
Didit is an exceptionally valuable partner, delivering a stable and highly adaptable solution”.
Vuk Adžić
Head of the E-Business Department at Crnogorski Telekom
Didit offered us a robust technology with a simple implementation and adaptability to different markets”.
Fernando Pinto
CEO & CoFounder at TucanPay
Thanks to Didit we have been able to reduce manual processes and improve data extraction accuracy”.
Diana Garcia
Trust & Safety Executive at Shiply
Didit’s integration slashed verification times and costs, freeing resources for other projects”.
Guillem Medina
COO at GBTC Finance
Didit removed KYC costs, enabling faster scaling with high verification standards and less fraud.”
Paul Martin
VP Marketing & Growth at Bondex
Didit’s secure, user-friendly verification boosts customer trust and optimizes our process.”
Cristofer Montenegro
Executive assistant to the CEO at Adelantos
Didit ensures a precise, secure digital onboarding without slowing negotiations or client time.”
Ernesto Betancourth
Gerente de riesgos at CrediDemo
FAQ
Yes. Malaysia permits remote KYC onboarding under its national AML framework, including document verification, biometric liveness and video identification where required by regulation.
Didit verifies all major national IDs, passports and residence permits issued in Malaysia, plus 14,000+ document types globally for cross-border flows.
Didit charges $0.30 per verification with 500 free checks per month. No contracts, no minimums. Competitors typically charge $1.00–$2.50+ per verification.
Yes. Didit screens against 1,000+ global watchlists including PEP databases, sanctions lists (EU, UN, OFAC, OFSI), and adverse media — covering all AML obligations in Malaysia.
Most regulated sectors in Malaysia require or strongly recommend biometric liveness detection for remote onboarding. Didit provides ISO 30107-3 PAD Level 2 certified liveness.
Yes. Didit supports document verification, liveness, AML screening and ongoing monitoring aligned with Malaysia’s crypto regulatory framework, including EU Travel Rule compliance where applicable.
Yes. Didit provides document-based age verification and identity confirmation suitable for Malaysia’s iGaming regulatory requirements.
500 free verifications per month. No contracts, no minimums. $0.30 per verification after the free tier.
