免费
每月 $0。无需信用卡。
- 免费 KYC 套件(身份验证 + 被动活体检测 + 人脸匹配 + 设备与 IP 分析), 每月 500 次,永久有效
- 黑名单用户
- 重复检测
- 每次会话 200+ 欺诈信号
- Didit 网络中可重复使用的 KYC
- 案件管理平台
- 工作流构建器
- 公开文档、沙盒、SDK、MCP(模型上下文协议)服务器
- 社区支持


全球2,000多家组织信赖。

不该支付的,却支付了
据反保险欺诈联盟估计,美国保险公司每年损失约3080亿美元。其中大部分是由于理赔时未对索赔人进行身份核查,也未对证据进行鉴定。Didit通过一个工作流程弥补了这两个漏洞, 每笔理赔0.53美元,每月免费500笔。
选择您需要的检查项, 身份、活体、人脸匹配、制裁、地址、年龄、电话、电子邮件、自定义问题。在仪表盘中将它们拖入流程,或通过我们的API发布相同的流程。根据条件进行分支,运行A/B测试,无需代码。
通过我们的Web、iOS、Android、React Native或Flutter SDK进行原生嵌入。重定向到托管页面。或者直接通过电子邮件、短信、WhatsApp等任何方式向您的用户发送链接。选择适合您技术栈的方式。
Didit负责托管摄像头、灯光提示、移动设备切换和无障碍功能。当用户在流程中时,我们实时评估200多个欺诈信号,并根据权威数据源验证每个字段。两秒内即可出结果。
实时签名webhook确保用户获批、拒绝或送审时,您的数据库即时同步。按需轮询API。或者打开控制台检查每个会话、每个信号,并按您的方式管理案例。
Didit · 声明形状
Didit · 声明人验证
索赔 · 4 / 5
与政策匹配
Didit · 文档 OCR + 防篡改
Didit · 被动活体检测 · iBeta L1 PAD
Didit · AML + 人脸搜索
AML 筛选
人脸搜索 · 历史索赔人
Didit · Webhook · X-Signature-V2
{
"session_id": "claim-8821",
"vendor_data": "claim-8821",
"status": "In Review",
"face": { "similarity_score": 0.42 },
"aml": { "status": "In Review",
"hits": [{ "list": "PEP" }] },
"face_search": { "matches": [
{ "session_id": "claim-7710",
"similarity": 0.94 }
] }
}$ curl -X POST https://verification.didit.me/v3/session/ \
-H "x-api-key: $DIDIT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"workflow_id": "wf_claim_verify",
"vendor_data": "claim-8821",
"metadata": { "policy_id": "POL-44120" }
}'{ "session_url": "verify.didit.me/..." }// X-Signature-V2 verified upstream
if (payload.status === "Approved") {
releasePayout(payload.vendor_data);
} else if (payload.status === "In Review") {
routeToSiu(payload.face_search.matches);
}状态:已批准 · 已拒绝 · 审核中 · 未完成You are integrating Didit into an insurance carrier's claim workflow at first notice of loss (motor, health, property, travel, business interruption). Goal: catch ghost claims, deepfake video evidence, forged supporting documents, sanctions hits on the claimant, and organised-injury rings before the payout enters the queue. One API call. One signed webhook. Five fraud signals.
WHY THIS SHAPE
- The Coalition Against Insurance Fraud estimates fraud costs the US industry around $308 billion / year (2022 figures). Most of that walks in through claims with no identity check on the claimant and no document forensics on the evidence.
- Five signals settle the question on most claims: (1) the claimant is the policyholder, (2) the claimant is alive and present (not a deepfake), (3) the supporting documents are not tampered or templated, (4) the claimant is not on a sanctions list, (5) the claimant has not already filed N near-identical claims across your portfolio.
- One Didit /v3/session/ call bundles all five. $0.33 KYC + $0.20 AML = $0.53 per claim. Face Search 1:N is free per search. 500 verifications free every month.
PRE-REQUISITES
- Production API key from https://business.didit.me (sandbox key in 60 seconds, no credit card).
- A webhook endpoint with HMAC SHA-256 verification of the X-Signature-V2 header using your webhook secret.
- A Workflow Builder workflow bundling ID Verification + Passive Liveness + Face Match 1:1 (with the policyholder portrait as comparison target) + AML Screening + Face Search 1:N (gallery scoped to prior claimants on your account).
- Reference to the policy ID and policyholder portrait on file from your Policy Administration System (PAS) — passed as metadata on the session.
STEP 1 — Open the claim-verification session
POST https://verification.didit.me/v3/session/
Headers:
x-api-key: <your api key>
Content-Type: application/json
Body:
{
"workflow_id": "<wf id bundling ID + Liveness + Face Match + AML + Face Search 1:N>",
"vendor_data": "<your claim id, max 256 chars>",
"callback": "https://<your-app>/claims/verify/callback",
"metadata": {
"policy_id": "<your policy id>",
"line_of_business": "motor",
"loss_date": "2026-04-12"
}
}
Response: 201 Created with a hosted session URL. Send it to the claimant by email / Short Message Service (SMS) / inside the claims app. The claim stays in HOLD on your side until the signed webhook lands.
STEP 2 — Read the signed webhook
Didit POSTs the verdict. Verify X-Signature-V2 (HMAC SHA-256 of the raw body) BEFORE reading the JSON.
Payload (excerpted):
{
"session_id": "<uuid>",
"vendor_data": "<your claim id>",
"status": "In Review",
"id_verification": { "status": "Approved" },
"liveness": { "status": "Approved" },
"face": { "status": "Approved", "similarity_score": 0.92 },
"aml": { "status": "In Review", "hits": [{ "list": "PEP" }] },
"face_search": {
"matches": [
{ "session_id": "claim-7710", "similarity": 0.94, "vendor_data": "claim-7710" }
]
}
}
Session status enum (exact case, Title Case With Spaces): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.
STEP 3 — Branch on the verdict
Approved → release the claim into the standard payout queue.
In Review → route to the Special Investigations Unit (SIU) with the per-module signals + face-search match list as the case file.
Declined → decline + open file. Block the payout. The decision payload is the audit pack.
Not Finished → resend the session link.
STEP 4 — Document forensics on supporting evidence (separate sub-flow)
For each supporting PDF / image uploaded (police report, repair quote, medical invoice, photo of loss), run Didit Document Optical Character Recognition (OCR). The OCR response surfaces:
- Field-level extracted text (claim amount, names, dates)
- Tamper score per region (pixel-level edits)
- Template match against prior submissions (reused PDF skeleton)
- EXIF / metadata mismatch (date in photo vs date of loss)
A high tamper score or a template match against a prior claim flips the case status to In Review.
STEP 5 — Pull the full decision for the case file
GET https://verification.didit.me/v3/session/{session_id}/decision/
Headers:
x-api-key: <your api key>
Returns the full decision payload — per-module signals, raw face-similarity scores, AML hit list with source list per match, face-search candidate list with scores. Use this as the audit pack for any dispute.
WEBHOOK EVENT NAMES
- Sessions: standard session webhook. One endpoint, status field tells you the lifecycle.
- Verify X-Signature-V2 (HMAC SHA-256) on every payload.
CONSTRAINTS
- Session statuses use Title Case With Spaces. Never UPPER_SNAKE_CASE — that's the Transactions API.
- The Face Match comparison target is the policyholder portrait from your Policy Administration System (PAS). A deepfake of the policyholder cannot pass when Passive Liveness is also in the workflow.
- Face Search 1:N gallery is scoped to YOUR account — Didit does not search across carriers. To collaborate across an industry pool, use a shared workflow_id pointing at a multi-carrier gallery you own.
- 200+ fraud signals are surfaced on every session at no extra cost — read them off the decision payload, don't re-query.
- Default retention is the standard 5-year insurance horizon; adjust per workflow if your jurisdiction differs.
Read the docs:
- https://docs.didit.me/sessions-api/create-session
- https://docs.didit.me/core-technology/face-match/overview
- https://docs.didit.me/core-technology/aml-screening/overview
- https://docs.didit.me/core-technology/face-search/overview
- https://docs.didit.me/integration/webhooks
Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.每月 $0。无需信用卡。
按实际用量付费。25+模块。公开的模块定价,无每月最低费用。
定制MSA和SLA。适用于大批量和受监管项目。
免费开始 → 仅在检查运行时付费 → 解锁企业版以获取定制合约、SLA 或数据驻留。
Didit 是身份和欺诈基础设施, 一个我们自己构建产品时梦寐以求的平台:开放、灵活、对开发者友好,因此它能真正融入您的技术栈,而不是一个需要您围绕其进行集成的黑盒。
一个 API 涵盖了人员验证(KYC,了解您的客户)、企业验证(KYB,了解您的业务)、加密钱包筛选(KYT,了解您的交易)以及实时交易监控, 所有这些都建立在以下基础之上:
底层支持:14,000 多种文档类型,支持 48 种以上语言,1,000 多个数据源,以及每次会话的 200 多个欺诈信号。Didit 基础设施通过每次会话动态学习,并日益完善。
反保险欺诈联盟估计,美国保险公司每年因各类欺诈损失约 3086 亿美元(2022 年研究)。欧洲保险机构 Insurance Europe 报告称,欧盟范围内的保费损失比例也类似。
其中大部分是机会主义行为, 在合法索赔中虚报小额金额。一小部分是专业团伙在不同承保人之间提交相同的损失。这两种形式都有一个共同的弱点:在首次报损时,没有人核实索赔人的身份。
幽灵索赔是指提交索赔的人并非保单持有人。典型模式是:攻击者从数据泄露中购买泄露的客户数据,冒充保单持有人致电保险公司,提交小额损失索赔,并要求将赔款支付到新的银行账户。
当没有生物识别检查将呼叫者与保单上的人关联起来时,这种攻击就会成功。通过与保单持有人的肖像进行 1:1 人脸比对,可在两秒内弥补这一漏洞。
整个流程通常在 30 秒内完成, 拿起身份证件,拍摄证件,拍摄自拍,完成。这是市场上最快的速度。传统的 KYC 提供商完成相同流程通常需要超过 90 秒。
在后端,Didit 在用户完成自拍到您的 webhook 触发的那一刻,p99 响应时间在两秒以内。移动端捕获针对慢速手机和慢速网络进行了优化:渐进式图像压缩、延迟加载软件开发工具包,以及如果用户从网页端开始,通过二维码一键从桌面端切换到手机端。
对于索赔人上传的每份证明文件, 警方报告、维修报价、医疗发票、损失照片, Didit 会运行以下检查:
高篡改分数或模板匹配会自动将索赔从 Approved 变为 In Review。
每个会话都有七种明确的状态之一,因此您的代码始终知道该怎么做:
Approved, 所有检查通过。让用户继续。Declined, 一项或多项检查失败。您可以允许用户重新提交特定的失败步骤(例如,重新拍摄自拍),而无需重新运行整个流程。In Review, 标记为合规审查。在控制台中打开案例,查看所有信号,决定批准或拒绝。In Progress, 用户正在进行中。Not Started, 链接已发送,用户尚未打开。如果长时间未打开,发送提醒。Abandoned, 用户打开了链接但未及时完成。重新激活或使其过期。Expired, 会话链接已过期。创建新会话。每次状态更改都会触发一个签名的 webhook,因此您的数据库始终保持同步。放弃和拒绝的会话是免费的。
生产数据默认在欧盟通过 Amazon Web Services 进行处理和存储。企业合同可以根据监管机构要求,申请在其他区域存储。
全面加密。 所有数据库、对象存储和备份均采用 AES-256 静态加密。所有 API 调用、webhook 和业务控制台会话均采用传输层安全协议 1.3 进行传输加密。生物识别数据使用单独的客户主密钥进行加密。
保留期限由您控制。 默认保留期限为无限期(无限制),除非您配置更短的期限, 每个应用程序 30 天到 10 年之间, 您可以随时从仪表板或 API 删除任何单个会话。
认证:SOC 2 Type 1(Type 2 审计进行中)、ISO/IEC 27001:2022、iBeta Level 1 PAD,以及来自西班牙 Tesoro / SEPBLAC / CNMV 的公开证明,表明 Didit 的远程身份验证比亲自验证更安全。完整报告请访问 /security-compliance。
Didit 默认符合对身份基础设施至关重要的监管机构要求:
详细备忘录、所有证书、所有监管机构函件:/security-compliance。
三种集成路径, 选择最适合您技术栈的:
相同的仪表板、相同的计费、相同的按成功付费价格。分步指南请访问 docs.didit.me/integration/integration-prompt。
每笔索赔:
每笔经过全面筛选的索赔大约 $0.53。 每个账户每月前 500 次验证免费, 在免费层级内试用工作流程。
无最低消费,无年度承诺,无按席位定价。
签名 webhook 是路由信号。当 status: In Review 时,您的后端会将案例路由到特别调查组 (SIU),并将每个模块的信号 + 人脸搜索匹配列表作为开案文件。
通过 GET /v3/session/[id]/decision/ 为分析师拉取完整的决策负载, 人脸相似度分数、AML 命中列表(包含每个匹配的来源列表)、人脸搜索候选列表(包含分数)、文档取证输出。决策负载是任何争议的审计追踪。
根据欧盟的《通用数据保护条例 (GDPR)》,生物识别向量属于特殊类别数据。合法依据是标准的索赔调查合法利益,加上会话开始时的同意流程。
默认保留期限是标准的5 年保险期限, 如果您的司法管辖区或监管机构有不同要求,请根据工作流程进行调整。人脸搜索 1:N 的图库设计为仅限于您的账户, 除非您加入联盟并运行共享的 workflow_id,否则不会进行跨运营商搜索。