Skip to main content
Didit Raises $2M and Joins Y Combinator (W26)
Didit
Insurance Claim Fraud

Catch claim fraud with five fraud signals. One workflow at first notice of loss.

Verify the claimant is the policyholder, block deepfake video evidence, detect forged documents, screen against sanctions lists, find organised injury rings — in one /v3/ session. $0.53 per claim, 500 free every month.

Start freeRead the docs
Backed by
Y Combinator
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

Trusted by 2,000+ organizations worldwide.

A dark abstract claim-fraud stack — four floating translucent dark-glass panels in 3D perspective on pure black, threaded by a luminous Didit Blue vertical line and framed by glowing scanner brackets. Each panel carries one tiny pale-white abstract motif (claim form, deepfake face overlay, tampered photo with magnifying glass, ascending bar chart with the high-risk score isolated).

What gets paid that shouldn't

Ghost claimants. Templated reports. Deepfake video evidence.

The Coalition Against Insurance Fraud estimates US carriers lose around $308 billion a year. Most of it walks in through claims with no identity check on the claimant and no forensics on the evidence. Didit shuts both gaps in one workflow — $0.53 per claim, 500 free every month.

How it works

From sign-up to verified user in four steps.

  1. Step 01

    Create the workflow

    Pick the checks you want — ID, liveness, face match, sanctions, address, age, phone, email, custom questions. Drag them into a flow in the dashboard, or post the same flow to our API. Branch on conditions, run A/B tests, no code required.

  2. Step 02

    Integrate

    Embed natively with our Web, iOS, Android, React Native, or Flutter SDK. Redirect to a hosted page. Or just send your user a link — by email, SMS, WhatsApp, anywhere. Pick what fits your stack.

  3. Step 03

    User goes through the flow

    Didit hosts the camera, the lighting cues, the mobile hand-off, and accessibility. While the user is in the flow, we score 200+ fraud signals in real time and verify every field against authoritative data sources. Result in under two seconds.

  4. Step 04

    You receive the results

    Real-time signed webhooks keep your database in sync the moment a user is approved, declined, or sent to review. Poll the API on demand. Or open the console to inspect every session, every signal, and manage cases your way.

Built for claims · Priced like infrastructure

Five fraud signals. One workflow. $0.53 per claim.

Claim fraud is a composition — claimant identity, document forensics, deepfake defence, sanctions screen, cross-claim search. Toggle each module per line of business in the Workflow Builder.
Read the docsGet an API key
01 · Claim shapes

The patterns a fraud team sees daily.

Motor staged-loss claims where damage predates the policy. Ghost claims where the claimant isn't the policyholder. Deepfake video evidence. Reused template police reports with edited fields. Inflated Business Interruption (BI) invoices. Organised injury rings filing the same loss across carriers. Same Workflow Builder workflow surfaces every variant.
Workflow Orchestrator module
02 · Claimant KYC

The claimant is the policyholder.

One /v3/session/ call captures ID Verification ($0.15), Passive Liveness ($0.10), and Face Match 1:1 against the policyholder portrait on file ($0.05). Bundle priced at $0.33. iBeta Level 1 PAD certified, sub-two-second verdict on entry-level Android. Catches every ghost-claim attempt where the claimant is not the policyholder.
User Verification module
03 · Document forensics

Tamper. Template. Metadata. All checked.

Document Optical Character Recognition (OCR) extracts every field from supporting evidence — police reports, repair quotes, medical invoices, photos of loss. Pixel-level tamper detection flags edited regions, template matching catches reused PDF skeletons, EXIF metadata checks catch dates that don't match the loss event. High tamper score = flip to In Review automatically.
ID Verification module
04 · Deepfake defence

Deepfakes don't pass Passive Liveness.

iBeta Level 1 Presentation Attack Detection (PAD) certified against the full ISO/IEC 30107-3 catalogue. Blocks AI-generated deepfakes of the policyholder, silicone or latex masks, screen replays of a prior selfie, and printed photos. The model is re-tested at iBeta every year as new attack vectors appear.
Liveness module
05 · Sanctions + cross-claim search

Sanctions hits + organised-ring detection.

AML Screening ($0.20 per check) hits every claimant against 1,300+ sanctions, Politically Exposed Persons (PEP), and adverse-media lists in 14 languages, refreshed daily. Face Search 1:N (free per search) compares the claimant's selfie against your gallery of prior claimants — organised injury rings surface as clusters of high-similarity matches across the portfolio.
AML Screening module
06 · Webhook decision + audit pack

Signed verdict. Per-module signals. Audit pack.

A signed webhook lands with Approved, In Review, or Declined plus per-module signals — face similarity, AML hit list, face-search match list. Verify X-Signature-V2 with Hash-based Message Authentication Code (HMAC) SHA-256. The decision payload is the audit pack — pull the full version any time via GET /v3/session/[id]/decision/.
Webhook reference
Integrate

One session. One signed verdict. Five fraud signals.

Open the claim session against the bundle workflow. Read the signed verdict. The per-module signals + match list are right there in the payload.
POST /v3/session/Claim
$ curl -X POST https://verification.didit.me/v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "wf_claim_verify",
    "vendor_data": "claim-8821",
    "metadata": { "policy_id": "POL-44120" }
  }'
201Created{ "session_url": "verify.didit.me/..." }
Hold the payout until the webhook lands status: Approved.docs →
POST /webhooks/diditVerdict
// X-Signature-V2 verified upstream
if (payload.status === "Approved") {
  releasePayout(payload.vendor_data);
} else if (payload.status === "In Review") {
  routeToSiu(payload.face_search.matches);
}
200OKstatus Approved · Declined · In Review · Not Finished
Verify X-Signature-V2 before reading the payload.docs →
Agent-ready integration

Ship claim-fraud defence in one prompt.

Paste into Claude Code, Cursor, Codex, Devin, Aider, or Replit Agent. Fill in your stack. The agent wires the workflow, opens the session, reads per-module signals, routes In Review claims to your Special Investigations Unit.
didit-integration-prompt.md
You are integrating Didit into an insurance carrier's claim workflow at first notice of loss (motor, health, property, travel, business interruption). Goal: catch ghost claims, deepfake video evidence, forged supporting documents, sanctions hits on the claimant, and organised-injury rings before the payout enters the queue. One API call. One signed webhook. Five fraud signals.

WHY THIS SHAPE
  - The Coalition Against Insurance Fraud estimates fraud costs the US industry around $308 billion / year (2022 figures). Most of that walks in through claims with no identity check on the claimant and no document forensics on the evidence.
  - Five signals settle the question on most claims: (1) the claimant is the policyholder, (2) the claimant is alive and present (not a deepfake), (3) the supporting documents are not tampered or templated, (4) the claimant is not on a sanctions list, (5) the claimant has not already filed N near-identical claims across your portfolio.
  - One Didit /v3/session/ call bundles all five. $0.33 KYC + $0.20 AML = $0.53 per claim. Face Search 1:N is free per search. 500 verifications free every month.

PRE-REQUISITES
  - Production API key from https://business.didit.me (sandbox key in 60 seconds, no credit card).
  - A webhook endpoint with HMAC SHA-256 verification of the X-Signature-V2 header using your webhook secret.
  - A Workflow Builder workflow bundling ID Verification + Passive Liveness + Face Match 1:1 (with the policyholder portrait as comparison target) + AML Screening + Face Search 1:N (gallery scoped to prior claimants on your account).
  - Reference to the policy ID and policyholder portrait on file from your Policy Administration System (PAS) — passed as metadata on the session.

STEP 1 — Open the claim-verification session
  POST https://verification.didit.me/v3/session/
  Headers:
    x-api-key: <your api key>
    Content-Type: application/json
  Body:
    {
      "workflow_id": "<wf id bundling ID + Liveness + Face Match + AML + Face Search 1:N>",
      "vendor_data": "<your claim id, max 256 chars>",
      "callback": "https://<your-app>/claims/verify/callback",
      "metadata": {
        "policy_id": "<your policy id>",
        "line_of_business": "motor",
        "loss_date": "2026-04-12"
      }
    }

  Response: 201 Created with a hosted session URL. Send it to the claimant by email / Short Message Service (SMS) / inside the claims app. The claim stays in HOLD on your side until the signed webhook lands.

STEP 2 — Read the signed webhook
  Didit POSTs the verdict. Verify X-Signature-V2 (HMAC SHA-256 of the raw body) BEFORE reading the JSON.

  Payload (excerpted):
    {
      "session_id": "<uuid>",
      "vendor_data": "<your claim id>",
      "status": "In Review",
      "id_verification": { "status": "Approved" },
      "liveness": { "status": "Approved" },
      "face":     { "status": "Approved", "similarity_score": 0.92 },
      "aml":      { "status": "In Review", "hits": [{ "list": "PEP" }] },
      "face_search": {
        "matches": [
          { "session_id": "claim-7710", "similarity": 0.94, "vendor_data": "claim-7710" }
        ]
      }
    }

  Session status enum (exact case, Title Case With Spaces): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.

STEP 3 — Branch on the verdict
  Approved      → release the claim into the standard payout queue.
  In Review     → route to the Special Investigations Unit (SIU) with the per-module signals + face-search match list as the case file.
  Declined      → decline + open file. Block the payout. The decision payload is the audit pack.
  Not Finished  → resend the session link.

STEP 4 — Document forensics on supporting evidence (separate sub-flow)
  For each supporting PDF / image uploaded (police report, repair quote, medical invoice, photo of loss), run Didit Document Optical Character Recognition (OCR). The OCR response surfaces:
    - Field-level extracted text (claim amount, names, dates)
    - Tamper score per region (pixel-level edits)
    - Template match against prior submissions (reused PDF skeleton)
    - EXIF / metadata mismatch (date in photo vs date of loss)

  A high tamper score or a template match against a prior claim flips the case status to In Review.

STEP 5 — Pull the full decision for the case file
  GET https://verification.didit.me/v3/session/{session_id}/decision/
  Headers:
    x-api-key: <your api key>

  Returns the full decision payload — per-module signals, raw face-similarity scores, AML hit list with source list per match, face-search candidate list with scores. Use this as the audit pack for any dispute.

WEBHOOK EVENT NAMES
  - Sessions: standard session webhook. One endpoint, status field tells you the lifecycle.
  - Verify X-Signature-V2 (HMAC SHA-256) on every payload.

CONSTRAINTS
  - Session statuses use Title Case With Spaces. Never UPPER_SNAKE_CASE — that's the Transactions API.
  - The Face Match comparison target is the policyholder portrait from your Policy Administration System (PAS). A deepfake of the policyholder cannot pass when Passive Liveness is also in the workflow.
  - Face Search 1:N gallery is scoped to YOUR account — Didit does not search across carriers. To collaborate across an industry pool, use a shared workflow_id pointing at a multi-carrier gallery you own.
  - 200+ fraud signals are surfaced on every session at no extra cost — read them off the decision payload, don't re-query.
  - Default retention is the standard 5-year insurance horizon; adjust per workflow if your jurisdiction differs.

Read the docs:
  - https://docs.didit.me/sessions-api/create-session
  - https://docs.didit.me/core-technology/face-match/overview
  - https://docs.didit.me/core-technology/aml-screening/overview
  - https://docs.didit.me/core-technology/face-search/overview
  - https://docs.didit.me/integration/webhooks

Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.
Need more context? See the full module docs.docs.didit.me →
Compliant by design

Open a new country in one click. We do the hard work.

We open the local subsidiaries, secure the licenses, run the penetration tests, earn the certifications, and align with every new regulation. To ship verifications in a new country, flip a toggle. 220+ countries live, audited and pen-tested every quarter — the only identity provider an EU member-state government has formally called safer than in-person verification.
Read the security & compliance dossier
EU financial sandbox
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
Information security · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
EU-aligned by design

Proof numbers

Proof numbers
  • $0.00
    Per fully-screened claim — $0.33 KYC bundle + $0.20 AML. Face Search is free per search.
  • 0+
    Sanctions, Politically Exposed Persons (PEP), and adverse-media lists, refreshed daily.
  • iBeta L1
    Passive Liveness against deepfakes, masks, replays. Re-tested every year.
  • 0
    Free verifications every month, on every account.
Three tiers, one price list

Start free. Pay per usage. Scale to Enterprise.

500 free verifications every month, forever. Pay-as-you-go for production. Custom contracts, data residency, and SLAs (Service Level Agreements) on Enterprise.
Free

Free

$0 / month. No credit card required.

  • Free KYC bundle (ID Verification + Passive Liveness + Face Match + Device & IP Analysis) — 500 / month, every month
  • Blocklisted Users
  • Duplicate Detection
  • 200+ fraud signals on every session
  • Reusable KYC across the Didit network
  • Case Management Platform
  • Workflow Builder
  • Public docs, sandbox, SDKs, MCP (Model Context Protocol) server
  • Community support
Start free
Most popular
Pay per usage

Usage Based

Pay only for what you use. 25+ modules. Public per-module pricing, no monthly minimum fee.

  • Full KYC at $0.33 (ID + Biometric + IP / Device)
  • 10,000+ AML datasets — sanctions, PEPs, adverse media
  • 1,000+ government data sources for Database Validation
  • Transaction Monitoring at $0.02 per transaction
  • Live KYB at $2.00 per business
  • Wallet Screening at $0.15 per check
  • Whitelabel verification flow — your brand, our infrastructure
See full list of pricesStart free
Enterprise

Enterprise

Custom MSA & SLA. For large volumes and regulated programs.

  • Annual contracts
  • Custom MSA, DPA, and SLA
  • Dedicated Slack and WhatsApp channel
  • Manual reviewers on demand
  • Reseller and white-label terms
  • Exclusive features and partner integrations
  • Named CSM, security review, compliance support
Talk to us

Start free → pay only when a check runs → unlock Enterprise for a custom contract, SLA, or data residency.

FAQ

Common questions

Related

Related modules + workflows

Infrastructure for identity and fraud.

One API for KYC, KYB, Transaction Monitoring, and Wallet Screening. Integrate in 5 minutes.

Start freeTalk to us
Ask an AI to summarise this page