Skip to main content
Didit Raises $7.5M to Build the Infrastructure for Identity and Fraud
Didit
Asia-Pacific

Identity verification
built for Sri Lanka Flag of Sri Lanka

National Identity Card and biometric e-Passport on one session, face-matched against a live selfie, AML-screened across the Securities and Exchange Commission of Sri Lanka, global sanctions, and PEP registers. $0.33 full KYC, 500 free every month.

Start freeRead the docs
Backed by
Y CombinatorRobinhood Ventures
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Trusted by 2,000+ organizations worldwide.

Country brief

How identity verification works in Sri Lanka.

The fraud surface and the frameworks an engineering or compliance lead needs before scoping an integration.
Fraud landscape
Sri Lanka faces three identity-fraud pressures: synthetic-NIC attacks exploiting the transition from the old 9-digit to the newer 12-digit National Identity Card format, document forgery on the older laminate NIC, and cross-border fraud involving the large Sri Lankan diaspora in the Middle East and Europe. Didit scores 200+ real-time fraud signals on every session, face morph, replay, injection, document tampering, device intelligence, IP geolocation.
Compliance frameworks
  • Financial Transactions Reporting Act No. 6 of 2006 (FTRA)
  • Banking Act No. 30 of 1988
  • Securities and Exchange Commission Act No. 19 of 2021
  • Personal Data Protection Act No. 9 of 2022 (PDPA)
  • Prevention of Money Laundering Act No. 5 of 2006 (PMLA)
  • APG Mutual Evaluation Framework
  • FATF 40 Recommendations
Regulators

Who supervises identity verification in Sri Lanka.

These are the supervisors a Sri Lanka verification flow has to answer to. One Didit hosted flow + one audit log covers every one of them, no separate integration per agency.

  • CBSL

    Central Bank of Sri Lanka, prudential supervisor for licensed commercial banks, specialised banks, and licensed finance companies. Issues Customer Due Diligence and KYC requirements under the Banking Act No. 30 of 1988.

  • FIU-Sri Lanka

    Financial Intelligence Unit, operating within CBSL. Receives Suspicious Transaction Reports and oversees AML/CFT enforcement under the Financial Transactions Reporting Act No. 6 of 2006 (FTRA).

  • SEC-SL

    Securities and Exchange Commission of Sri Lanka, supervises capital-market participants, broker-dealers, and collective investment schemes under the SEC Act No. 19 of 2021. Issues KYC compliance requirements and publishes Administrative Sanctions.

  • DRP

    Department for Registration of Persons, issues the National Identity Card and maintains Sri Lanka's civil population registry. The authoritative identity data source for NIC-based verification flows.

  • Department of Immigration and Emigration

    Issues biometric e-Passports and manages immigration records. Governs cross-border identity verification under the Immigrants and Emigrants Act and enforces the Personal Data Protection Act No. 9 of 2022 (PDPA) for identity data.

Verification flow · One API

Four modules. One verification.

ID, biometric, AML, and a Sri Lanka database cross-check, composed on one workflow, billed per success, returned in one report.
Read the docsGet an API key
01 · ID

Capture and read the ID.

Captured on any phone, auto-classified, OCR-parsed, and template-verified.

  • National Identity Card (both 9-digit and 12-digit smart NIC formats), biometric e-Passport (with NFC chip read), Driving Licence, and Senior Citizen ID Card.
  • Returns: full name, date of birth, document number, expiry, MRZ.
Read the docs
Stage 01Capture and read the ID
  • National Identity Card (9-digit and 12-digit smart NIC)
  • Biometric e-Passport, chip read
  • Driving Licence · Senior Citizen ID Card
02 · Biometric

Match the face. Prove it's a real person..

Selfie confirmed live and matched against the ID portrait.

  • Duplicate check: 1:N face search across existing users. Free.
  • Active liveness ($0.15) for elevated-risk flows, user turns or blinks.
Read the docs
Stage 02Match the face. Prove it's a real person.
  • Selfie on any phone or laptop camera
  • Mobile-handoff QR when the user starts on desktop
03 · AML

Screen for sanctions, PEPs, and adverse media.

1,300+ global sanctions, PEP, and adverse-media lists, plus Sri Lankan watchlists:

  • Parliament of Sri Lanka, PEP Level 1 (members of parliament).
  • Bar Association of Sri Lanka (BASL), PEP Level 2 (legal officials).
  • United National Party (UNP), PEP Level 3 (major political party figures).
  • United National Front (Sri Lanka), PEP Level 3 (political coalition figures).
  • Ceylon Electricity Board (CEB), PEP Level 3 (state enterprise officials).
  • Sri Lanka Ports Authority (SLPA), PEP Level 3 (port authority officials).
  • Sri Lanka Freedom Party (SLFP), PEP Level 3 (major political party figures).
  • SEC-SL Administrative Sanctions, regulatory enforcement notices from the Securities and Exchange Commission.
  • UTHR(J), Sri Lanka, Warnings (human rights and civil-society enforcement notices).
  • UN Security Council Consolidated Sanctions List, global designations.
  • OFAC Specially Designated Nationals (SDN), US Treasury designations.
  • APG (Asia/Pacific Group on Money Laundering), mutual evaluation watchlist.

Severity-scored. Ongoing monitoring ($0.07/user/yr) re-checks daily and fires a webhook on new hits.

Read the docs
Stage 03Screen for sanctions, PEPs, and adverse media

Screen for sanctions, PEPs, and adverse media , see the docs for the full module surface.

04 · Registry

Database validation for Sri Lankan identities.

  • There is no public government database validation API for Sri Lanka currently exposed as a standalone Didit service, the Department for Registration of Persons (DRP) civil registry does not currently offer a public consumer API open to third-party integrators.
Read the docs
Stage 04Database validation for Sri Lankan identities

Database validation for Sri Lankan identities , see the docs for the full module surface.

Documents covered

Every Sri Lanka document Didit accepts.

One row per accepted credential, flag, document name, document type. Live from the Didit Business Console.
Authoritative datasets

Civil-registry and AML coverage for Sri Lanka.

One card per dataset Didit cross-checks against, civil registries on the Database Validation API plus the global AML watchlist pool. Each card links to the technical docs.
aml-screening

AML lists screened in Sri Lanka

1,300+ sanctions, Politically Exposed Persons (PEP), and adverse-media lists, plus the country's regulatory watchlists and PEP registries.

Read the AML coverage docs
Compliant by design

Open a new country in one click. We do the hard work.

We open the local subsidiaries, secure the licenses, run the penetration tests, earn the certifications, and align with every new regulation. To ship verifications in a new country, flip a toggle. 220+ countries live, audited and pen-tested every quarter, the only identity provider an EU member-state government has formally called safer than in-person verification.
Read the security & compliance dossier
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Information security · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned by design
FAQ

Common questions about Sri Lanka.

What does Didit ship?

Didit is the infrastructure layer for identity and fraud. One Application Programming Interface (API), 25+ composable modules across four product lines:

  • User Verification (KYC, know your customer), Identity Document Verification, liveness, face match, Anti-Money Laundering (AML) screening, Internet Protocol (IP) analysis. $0.33 per full bundle.
  • Business Verification (KYB, know your business), registry, Ultimate Beneficial Owner (UBO), officers, entity AML, plus a linked KYC session per UBO.
  • Transaction Monitoring, real-time rule engine, case management, Suspicious Activity Report (SAR) workflow.
  • Wallet Screening (KYT, know your transaction), on-chain wallet risk at $0.15 per check, or bring your own screening provider and run it inside Didit.

Compose any module into a workflow with the visual no-code builder, ship in 5 minutes, 500 verifications free every month, forever.

How is Didit different from a single-product Know Your Customer (KYC) vendor?

Most identity vendors sell one slice, a KYC check, an Anti-Money Laundering (AML) list, a wallet screen. Didit ships the infrastructure underneath all of them, and the gap shows up on six axes:

  • Pricing. Public price on every module, $0.33 for a full KYC, 500 verifications free every month, no minimums, no contracts. Single-product vendors hide six-figure minimums behind a sales call.
  • Access. Sandbox in one click, self-serve from day one, production keys on signup. Single-product vendors gate the sandbox behind a contract, months to evaluate.
  • Developer experience. Public docs, a Model Context Protocol (MCP) server for Claude Code and Cursor, and native Software Development Kits (SDKs) for Web, iOS, Android, React Native, and Flutter. Integrate in 5 minutes with an AI agent or in a working afternoon by hand.
  • User experience. Highest pass rates in the market, sub-2-second end-to-end inference, country-specialised capture flows, 48+ languages out of the box.
  • Flexibility. One /v3/ Application Programming Interface (API) composes 25+ modules across KYC, Know Your Business (KYB), Transaction Monitoring, and Wallet Screening (KYT, know your transaction). A KYB session spawns a linked KYC for every Ultimate Beneficial Owner (UBO); a flagged transaction spawns a step-up KYC remediation, same session, same webhook contract, same audit trail. Single-product vendors sell one shape of KYC and stop there.
  • AI-era fraud. 200+ real-time fraud signals scored on every session, deepfake, injection, synthetic-ID, document forgery, face-morph, device intelligence, replay. Single-product vendors treat deepfake and injection detection as roadmap items, not defaults.

Common in fintech and crypto, the same architecture fits marketplaces, iGaming, mobility, and any vertical where you need to know who someone is and what they are doing.

What does it cost? Is anything actually free?

500 verifications free every month, forever, on every account. No credit card. No sales call. No expiry.

Above the free tier, every module has a public per-success price on didit.me/pricing, $0.33 per full KYC bundle, $0.15 per Identity Document Verification, $0.15 per Wallet Screening, $0.20 per Anti-Money Laundering (AML) Screening, $0.10 per liveness, $0.05 per face match, $0.03 per Internet Protocol (IP) analysis.

Pay-as-you-go, no minimums, no overage surprises. Volume discounts kick in automatically as you grow.

Which Sri Lankan regulator covers identity verification on a digital onboarding?

Three regulators sit on top of every Sri Lankan identity-verification flow:

  • Central Bank of Sri Lanka (CBSL), prudential supervisor for licensed commercial banks and finance companies. Sets Customer Due Diligence requirements under the Banking Act No. 30 of 1988 and CBSL AML/CFT directives.
  • Financial Intelligence Unit (FIU-Sri Lanka), operating within CBSL, receives Suspicious Transaction Reports and enforces AML/CFT controls under the Financial Transactions Reporting Act No. 6 of 2006 (FTRA).
  • Securities and Exchange Commission of Sri Lanka (SEC-SL), supervises capital-market participants under the SEC Act No. 19 of 2021 and publishes Administrative Sanctions against non-compliant entities.

Didit ships the hosted flow + the audit log + the watchlist coverage to satisfy all three at the same time, same POST /v3/session/ workflow, same JSON report, same SOC 2 Type 1 + ISO/IEC 27001 evidence pack.

Which documents does Didit accept for Sri Lankan users?

Didit accepts all primary Sri Lankan identity documents on the same session:

  • National Identity Card (NIC), both the older 9-digit format and the newer 12-digit smart NIC issued under the Registration of Persons Act No. 32 of 1968.
  • Biometric e-Passport, ICAO 9303-compliant; NFC chip read on compatible devices.
  • Driving Licence, smart card format since 2019, document-template parsed.
  • Senior Citizen ID Card, accepted as supplementary proof of identity.

All 220+ country foreign passports and national IDs are also accepted, supporting Sri Lanka's large diaspora in the Middle East, UK, and Australia.

Is Didit ready for CBSL-licensed fintech or SEC-regulated broker onboarding in Sri Lanka?

Yes. CBSL's AML/CFT directives and the FTRA 2006 require every licensed bank and finance company to run Customer Due Diligence at onboarding. SEC-SL imposes equivalent KYC obligations on broker-dealers and collective investment schemes under the SEC Act No. 19 of 2021.

Didit covers the full stack on one workflow:

  • Identity Document Verification + Passive Liveness + Face Match 1:1 for the tier-1 onboarding check.
  • AML Screening ($0.20 per check) against the global pool plus Sri Lankan watchlists (Parliament PEP register, UNP/SLFP political party lists, SLPA port authority officials, SEC-SL Administrative Sanctions, UN/OFAC sanctions).
  • Ongoing AML monitoring ($0.07 per user / year) for periodic-review obligations under FTRA 2006.
How long does it take to integrate Didit in Sri Lanka?

5 minutes to a working sandbox, a weekend to a production flow.

  • Sign up at business.didit.me, grab an API key, call POST /v3/session/ with a workflow_id that wires ID Verification + Passive Liveness + Face Match + AML, done.
  • AI-agent path: paste the integration prompt at docs.didit.me/integration/integration-prompt into Claude Code, Cursor, Codex, Devin, Aider, or Replit Agent. The agent provisions the application, builds the workflow, wires the webhook, and runs a smoke test.
  • Five SDKs share the same session model: Web, iOS, Android, React Native, Flutter.

The first 500 verifications every month are free, forever, pilot the full Sri Lanka stack at zero cost before flipping production traffic.

What does Sri Lanka verification cost end-to-end?

Per-module public pricing, pay only for what runs on the session:

  • ID Verification, $0.15 per document check.
  • Passive Liveness, $0.10. Active Liveness, $0.15.
  • Face Match 1:1, $0.05. Face Search 1:N, free.
  • AML Screening, $0.20 per check. Ongoing AML, $0.07 per user / year.

The full KYC bundle (Identity + Passive Liveness + Face Match + IP Analysis) is `$0.33`, same anchor price worldwide. 500 verifications free every month, no credit card. Volume discounts auto-apply above the free tier; Enterprise adds a custom Master Services Agreement (MSA) and data-residency choice.

Related

Related coverage

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page