Skip to main content
Didit 融资 750 万美元,打造身份与欺诈基础设施
Didit
UBO 验证 · 欧盟 AML 方案

发现所有所有者。验证每个 UBO。

一个工作流程即可发现入驻公司的所有最终受益所有人 (UBO),并对每个 UBO 进行完整的 KYC。每个 UBO $0.33,每月免费 500 次验证。

免费开始阅读文档
投资方
Y CombinatorRobinhood Ventures
GBTC Finance
Bondex
Crnogorski Telekom
UCSF Neuroscape
Shiply
Adelantos

全球2,000多家组织信赖。

一幅电影般的深色抽象合规插图, 在纯黑画布上,四个浮动的半透明深色玻璃面板以 3D 透视呈现,由一条发光的 Didit 蓝色垂直线穿过,并由四个发光的扫描支架框住。每个面板都带有一个微小的浅白色抽象图案(所有权树、百分比阈值、节点网络、注册记录),代表 UBO 发现。

KYB 的真正含义

公司不是客户。其 UBO 才是。

监管机构希望了解每个入驻公司背后的自然人,而不仅仅是 注册摘录。Didit 会拉取实体信息,追踪所有权链,对每个 UBO 进行 $0.33 的 KYC,并针对 1,300 多个 AML 列表筛选公司和所有所有者。 一个工作流程,一张发票,一个审计包。每月免费 500 次验证。

工作原理

从注册到验证用户,仅需四步。

  1. 步骤 01

    创建工作流程

    选择您需要的检查项, 身份、活体检测、人脸比对、制裁、地址、年龄、电话、电子邮件、自定义问题。在仪表板中将它们拖入流程,或将相同的流程发布到我们的 API。根据条件进行分支,运行 A/B 测试,无需代码。

  2. 步骤 02

    集成

    使用我们的 Web、iOS、Android、React Native 或 Flutter SDK 进行原生嵌入。重定向到托管页面。或者直接通过电子邮件、短信、WhatsApp 等任何方式向您的用户发送链接。选择适合您技术栈的方式。

  3. 步骤 03

    用户完成流程

    Didit 负责托管摄像头、灯光提示、移动设备切换和辅助功能。当用户在流程中时,我们会实时评估 200 多个欺诈信号,并根据权威数据源验证每个字段。两秒内即可获得结果。

  4. 步骤 04

    您收到结果

    实时签名 Webhook 可确保用户获得批准、拒绝或发送审核的那一刻,您的数据库保持同步。按需轮询 API。或者打开控制台检查每个会话、每个信号,并以您的方式管理案例。

专为 UBO 发现而构建 · 基础设施定价

一个实体。N个UBO。一个审计包。

真正的 UBO 工作不是单一检查,而是一个配方。根据工作流程切换每个模块。实体记录链接到每个 UBO 会话、每个 AML 命中和每个签名时间戳。
阅读文档获取API密钥
01 · 注册信息拉取

拉取实体信息。无论注册地在哪里。

Companies House、Registro Mercantil、Handelsregister、Receita Federal、OpenCorporates备用, 覆盖220多个司法管辖区。一次调用即可返回高级职员、股本、注册地址、状态和存续信息。
商业验证模块
02 · 股权结构树

追踪链条。揭示所有UBO。

直接股东、通过持股的间接所有权、无所有权的控制权、名义持有人检测、高级管理人员备用。图表直接导入监管包。
工作流编排器
03 · 每个UBO的关联KYC

每个所有者$0.33的KYC。

每个发现的UBO都会获得一个托管的/v3/session/, 身份验证、被动活体检测、人脸1:1比对、设备与IP、AML。入门级安卓设备可在两秒内给出结果。支持14,000多种证件,覆盖220多个国家。
用户验证模块
04 · 实体+个人AML

筛选公司和每个UBO。

1,300多个制裁、政治公众人物 (PEP) 和负面媒体名单。每日更新,支持14种语言。实体命中和UBO命中会自动开启案件。
AML筛选模块
05 · 股权政策

与您司法管辖区相符的UBO规则。

默认阈值为25%;高风险客户类别可根据工作流收紧至10%或5%。名义持有人检测、投票权控制、高级管理人员备用均已编码到无代码工作流构建器中。
工作流编排器
06 · 证据包

每个实体一个ZIP包。直接用于审计。

注册摘录、股权结构图、每个UBO的KYC结果、实体+个人AML命中、签名HMAC时间戳。存储在欧盟。可根据需求从业务控制台或API导出。
合规概览
集成

一份KYB记录。N份已签名的KYC。一个webhook。

打开实体。循环UBO会话。读取每个会话的签名结果。聚合。完成。
POST /v3/session/每个UBO
$ curl -X POST https://verification.didit.me/v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "wf_ubo_kyc",
    "vendor_data": "acme-trading::ubo::1",
    "metadata": { "entity_id": "acme-trading", "ownership_pct": “36.0” }
  }'
201创建时间{ "session_url": "verify.didit.me/..." }
每个发现的 UBO 循环一次调用。在 entity_id 处聚合。文档 →
GET /v3/session/{sessionId}/decision/审计
$ curl https://verification.didit.me/v3/session/$SID/decision/ \
  -H "x-api-key: $DIDIT_API_KEY"

# 返回:完整证据, 文档、
# 生物识别相似度、AML 命中、
# 设备 + IP 风险、200+ 信号、
# 负载上的 HMAC 签名。
200确定状态:已批准 · 已拒绝 · 审核中 · 已重新提交
每日对所有已批准人员进行持续 AML 复查。无需第二个端点。文档 →
代理就绪集成

一键部署 UBO 发现 + KYC 流程。

粘贴到 Claude Code、Cursor、Codex、Devin、Aider 或 Replit Agent 中。填写您的技术栈。代理将构建工作流,循环 UBO 会话,连接 webhook,并打开证据包。
didit-integration-prompt.md
You are integrating Didit into an Ultimate Beneficial Owner (UBO) verification flow for an obliged entity (fintech, bank, EMI, payments PI, crypto exchange, marketplace, gaming operator). Three obligations on every onboarded company:

  1. Pull the legal entity from the registry — name, officers, share capital, registered address, status.
  2. Walk the ownership chain — surface every natural-person UBO above the 25% threshold (or whoever exercises control without ownership).
  3. Know Your Customer (KYC) each UBO + screen the entity AND each UBO against 1,300+ sanctions, Politically Exposed Persons (PEP), and adverse-media lists.

Bundle pricing (live, verified 2026-05-16):
  - User Verification (KYC) bundle: $0.33 per person (Sessions API call — ID + Liveness + Face Match + Device & IP + AML)
  - AML Screening standalone: $0.20 per check on the entity, or bundled into each UBO KYC
  - Ongoing AML Monitoring: $0.07 per person per year (automatic — no extra endpoint)
  - First 500 verifications free every month, forever

PRE-REQUISITES
  - Production API key from https://business.didit.me (sandbox key in 60 seconds, no credit card).
  - Webhook endpoint with HMAC SHA-256 verification of the X-Signature-V2 header.
  - A workflow_id from the no-code Workflow Builder that bundles ID Verification + Passive Liveness + Face Match 1:1 + Device & IP Analysis + AML Screening.
  - Business Verification (Know Your Business (KYB)) module enabled in the Business Console. KYB is the entry point — it returns the entity record + the discovered UBOs that drive the rest of the flow.

STEP 1 — Open the KYB record on the legal entity

  Business Verification spawns the entity check, pulls officers + share capital + registered address from the local registry (220+ jurisdictions supported), runs entity AML on 1,300+ lists, and surfaces every natural-person UBO above your configured threshold (default 25%).

  When the KYB completes, the response contains an array of discovered UBOs — name, date of birth, nationality, ownership percentage, role (direct shareholder, indirect via holding, control without ownership, nominee, senior-management fallback).

STEP 2 — Loop: open one KYC session per discovered UBO

  POST https://verification.didit.me/v3/session/
  Headers:
    x-api-key: <your api key>
    Content-Type: application/json
  Body:
    {
      "workflow_id": "<wf id with KYC + AML modules>",
      "vendor_data": "<your entity-id>::ubo::<ubo-index>",
      "callback": "https://<your-app>/kyb/ubo/callback",
      "metadata": {
        "purpose": "ubo_verification",
        "entity_id": "<your internal entity id>",
        "ubo_name": "<full name as discovered>",
        "ownership_pct": "<percent rounded to one decimal>"
      }
    }

  Response: 201 Created with the hosted session URL. Send the UBO an email or text with the URL — they complete the verification on their phone, hosted by Didit, no app install. Sub-2-second median verdict.

STEP 3 — Read the signed webhook on each UBO KYC completion

  Didit POSTs to your callback. Session statuses are Title Case With Spaces:

  Body (excerpted):
    {
      "session_id": "<uuid>",
      "vendor_data": "<entity-id>::ubo::<ubo-index>",
      "status": "Approved",
      "id_verification": { "status": "Approved" },
      "liveness": { "status": "Approved" },
      "face": { "status": "Approved", "similarity_score": 0.94 },
      "ip_analysis": { "status": "Approved" },
      "aml": { "status": "Approved", "hits": [] }
    }

  Status enum (exact case): Approved | Declined | In Review | Resubmitted | Expired | Not Finished | Kyc Expired | Abandoned.

  Verify the X-Signature-V2 header BEFORE reading the body — HMAC SHA-256 of the raw bytes with your webhook secret.

  Aggregate at the entity level: the entity is onboarded only when EVERY UBO returns Approved AND the entity AML returns no blocking hit.

STEP 4 — Retrieve the full decision later

  GET https://verification.didit.me/v3/session/{sessionId}/decision/
  Headers:
    x-api-key: <your api key>

  Returns the full decision payload: document scan + extracted Machine-Readable Zone (MRZ), biometric similarity, AML hit list with source-watchlist references, device + IP risk signals, 200+ fraud signals, HMAC signature on the entire payload.

  Use this to assemble the per-entity evidence pack a supervisor expects to see: registry extract + ownership chart + per-UBO decision + entity AML + signed timestamps.

STEP 5 — Ongoing AML monitoring is automatic

  Every approved person (entity officer, UBO) is re-screened DAILY against the same 1,300+ lists. There is NO separate endpoint to call.

  When a previously-approved UBO crosses an AML threshold:
    - The session status changes to "In Review" or "Declined" automatically.
    - A signed webhook fires with the new hits + a link back to the original onboarding evidence.
    - A case opens in the Business Console for your compliance team.
    - File a Suspicious Activity Report (SAR) directly from the case if your jurisdiction requires it.

  Cost: $0.07 per person per year on heavy-volume accounts (single-digit dollars on a million-UBO base — orders of magnitude cheaper than a manual review queue).

WEBHOOK EVENT NAMES
  - Sessions: status changes flow through the standard session webhook (verify X-Signature-V2).
  - The KYB entity check fires the same webhook on completion.

CONSTRAINTS
  - Session statuses use Title Case With Spaces (Approved, In Review). Never UPPER_SNAKE_CASE on a session.
  - The 25% UBO threshold is a default; configure your own per workflow (some jurisdictions require 10% or 5% for high-risk client categories).
  - When no person meets the threshold, the AML package allows you to fall back to a senior-management UBO — surface that explicitly in the metadata.
  - Default record retention is 5 years post-relationship per the EU AML package (extensible up to 10 years per member-state guidance).
  - 200+ fraud signals are evaluated on every KYC session at no extra cost — surface the score via the session decision payload, do not re-query.

Read the docs:
  - https://docs.didit.me/sessions-api/create-session
  - https://docs.didit.me/sessions-api/retrieve-session
  - https://docs.didit.me/core-technology/aml-screening/overview
  - https://docs.didit.me/core-technology/aml-screening/continuous-monitoring-aml-screening
  - https://docs.didit.me/integration/webhooks

Start free at https://business.didit.me — sandbox key in 60 seconds, 500 verifications free every month, no credit card.
需要更多上下文?请参阅完整的模块文档。docs.didit.me →
合规性设计

一键开启新国家/地区业务。 我们为您解决难题。

我们负责设立当地子公司、获取许可证、进行渗透测试、获得认证,并与所有新法规保持一致。要在新国家/地区发布验证服务,只需轻点开关。已覆盖220多个国家/地区,每个季度进行审计和渗透测试, 是唯一一个被欧盟成员国政府正式认定比线下验证更安全的身份提供商。
阅读安全与合规性档案
欧盟金融沙盒
Tesoro · SEPBLAC · BdE
ISO/IEC 27001
信息安全 · 2026
SOC 2 · Type I
AICPA · 2026
iBeta Level 1 PAD
NIST / NIAP · 2026
GDPR
EU 2016/679
DORA
EU 2022/2554
MiCA
EU 2023/1114
AMLD6 · eIDAS 2.0
原生符合欧盟标准

数据证明

数据证明
  • $0.00
    每个 UBO 的 KYC, 身份、活体检测、人脸匹配、设备与 IP、AML。
  • 0+
    对实体和每个 UBO 进行制裁、政治公众人物 (PEP) 和负面媒体名单筛查。
  • 0+
    通过企业验证可访问的公司注册机构, 本地注册机构加上 OpenCorporates 备用。
  • 0
    每个账户每月免费验证。
三个层级,一份价目表

免费开始。按使用量付费。可扩展至企业级。

每月 500 次免费验证,永久有效。生产环境按量付费。企业版提供定制合约、数据驻留和 SLA (Service Level Agreements)。
免费

免费

每月 $0。无需信用卡。

  • 免费 KYC 套件(身份验证 + 被动活体检测 + 人脸匹配 + 设备与 IP 分析), 每月 500 次,永久有效
  • 黑名单用户
  • 重复检测
  • 每次会话 200+ 欺诈信号
  • Didit 网络中可重复使用的 KYC
  • 案件管理平台
  • 工作流构建器
  • 公开文档、沙盒、SDK、MCP(模型上下文协议)服务器
  • 社区支持
免费开始
最受欢迎
按用量付费

按用量计费

按实际用量付费。25+模块。公开的模块定价,无每月最低费用。

  • 完整KYC $0.33(身份+生物识别+IP/设备)
  • 10,000+ AML数据集, 制裁、PEP、负面媒体
  • 1,000+ 政府数据源用于数据库验证
  • 交易监控 $0.02/笔交易
  • 实时KYB $2.00/家企业
  • 钱包筛选 $0.15/次检查
  • 白标验证流程, 您的品牌,我们的基础设施
查看完整价格列表免费开始
企业版

企业版

定制MSA和SLA。适用于大批量和受监管项目。

  • 年度合同
  • 定制MSA、DPA和SLA
  • 专属Slack和WhatsApp频道
  • 按需人工审核员
  • 经销商和白标条款
  • 独家功能和合作伙伴集成
  • 指定CSM、安全审查、合规支持
联系我们

免费开始 → 仅在检查运行时付费 → 解锁企业版以获取定制合约、SLA 或数据驻留。

FAQ

常见问题

What is Didit?

Didit is infrastructure for identity and fraud, the platform we wished existed when we were building products ourselves: open, flexible, and developer-friendly, so it works as a real part of your stack instead of a black box you integrate around.

One API covers verifying people (KYC, know your customer), verifying businesses (KYB, know your business), screening crypto wallets (KYT, know your transaction), and monitoring transactions in real time, on a stack built to be:

  • Fast, sub-2-second p99 on every session
  • Reliable, in production with 1,500+ companies across 220+ countries
  • Secure, SOC 2 Type 1, ISO 27001, GDPR-native, and formally attested by Spain's financial regulator as safer than verifying someone in person

The footprint underneath: 14,000+ document types in 48+ languages, 1,000+ data sources, and 200+ fraud signals on every session. The Didit infrastructure dynamically learns from every session and gets better every day.

What is an Ultimate Beneficial Owner, in plain English?

An Ultimate Beneficial Owner (UBO) is the natural person who ultimately owns or controls a company, not the company on the registry, not a holding entity in the middle of the chain, the actual human at the top.

The standard threshold in most jurisdictions is 25% direct or indirect ownership, or anyone who exercises control without ownership (board control, voting rights, signing authority). When no one clears the threshold, regulators expect you to fall back to a senior management UBO, typically the CEO or managing director.

The point of UBO discovery is to stop bad actors from hiding behind layers of holding companies. Your obliged entity owes a verified human for every company you onboard.

Which rules ask for UBO checks?

Almost every anti-money-laundering regime in the world. The current heavy-hitters:

  • The EU AML package, the new Anti-Money-Laundering Regulation, the AML Directive 6 update, and the AMLA Regulation that creates the new EU-level supervisor. Customer due diligence on legal entities is the core of it.
  • FATF Recommendation 24, the global UBO standard every G20 country signs onto. Mutual evaluations now grade countries on how well their UBO registries work.
  • United States, FinCEN's Customer Due Diligence Rule plus the Corporate Transparency Act's Beneficial Ownership Information report.
  • United Kingdom, the People with Significant Control register on Companies House plus FCA rules for regulated firms.

The shape of the obligation is the same everywhere: identify the natural person behind the company, run identity and AML checks on each, refresh on a risk-based cadence.

How fast is the verification for my end user?

The full flow normally takes under 30 seconds end-to-end, pick up the ID, snap the document, snap the selfie, done. That is the fastest in the market. Legacy KYC providers usually take more than 90 seconds for the same flow.

On the back end, Didit returns the result in under two seconds at p99, measured from the moment the user finishes the selfie to the moment your webhook fires. Mobile capture is tuned for slow phones and slow networks: progressive image compression, lazy software development kit load, and a one-tap hand-off from desktop to phone via QR code if the user starts on web.

Why bother with the ownership tree, isn't the registry enough?

The registry tells you the company exists, who the officers are, and what the share capital says, it does not tell you who actually controls the business.

Three gaps the registry won't close:

  • Nested holdings, Acme Trading SL is owned 60% by Acme Holdings BV, which is owned 80% by a Cayman company, which is owned by a trust. The registry shows the first layer; you owe the human at the end of the chain.
  • Control without ownership, voting agreements, golden shares, nominee arrangements all transfer control without showing on the cap table.
  • Stale data, registries lag months behind real ownership changes. A shareholder agreement signed yesterday will not appear for weeks.

A proper UBO process walks the chain, surfaces every person above the threshold, and verifies each one. The registry is the entry point, not the answer.

What happens if a user fails, abandons, or expires?

Every session lands on one of seven clear statuses, so your code always knows what to do:

  • Approved, every check passed. Move the user forward.
  • Declined, one or more checks failed. You can allow the user to resubmit the specific failed step (for example, re-take the selfie) without re-running the whole flow.
  • In Review, flagged for compliance review. Open the case in the console, see every signal, decide approve or decline.
  • In Progress, user is mid-flow.
  • Not Started, link sent, user has not opened it yet. Send a reminder if it sits too long.
  • Abandoned, user opened the link but did not finish in time. Re-engage or expire.
  • Expired, the session link aged out. Create a new session.

A signed webhook fires on every status change, so your database always stays in sync. Abandoned and declined sessions are free.

Where does my customer data live and how is it protected?

Production data is processed and stored in the European Union by default, on Amazon Web Services. Enterprise contracts can request alternative regions for jurisdictions whose regulators require it.

Encryption everywhere. AES-256 at rest across every database, object store, and backup. Transport Layer Security 1.3 in transit on every API call, webhook, and Business Console session. Biometric data is encrypted under a separate Customer Master Key.

Retention is yours to control. Default retention is indefinite (unlimited) unless you configure shorter, between 30 days and 10 years per application, and you can delete any individual session at any time from the dashboard or the API.

Certifications: SOC 2 Type 1 (Type 2 audit in progress), ISO/IEC 27001:2022, iBeta Level 1 PAD, and a public attestation from Spain''s Tesoro / SEPBLAC / CNMV that Didit''s remote identity verification is safer than verifying someone in person. Full report at /security-compliance.

Is Didit compliant for my industry?

Didit ships compliant by default for the regulators that matter to identity infrastructure:

  • GDPR + UK GDPR, controller / processor split, full Data Processing Agreement published, lead supervisory authority named (Spain''s AEPD).
  • AMLD6 + EU AML Single Rulebook, 1,300+ sanctions, politically exposed person, and adverse-media lists screened in real time.
  • eIDAS 2.0, EU Digital Identity Wallet aligned; reusable-identity ready.
  • MiCA (Markets in Crypto-Assets), ready for crypto on-ramps, exchanges, and custodians.
  • DORA, Digital Operational Resilience Act, EU financial-services operational resilience.
  • BIPA, CUBI, Washington HB 1493, CCPA / CPRA, US biometric privacy (Illinois, Texas, Washington) and California consumer privacy.
  • UK Online Safety Act, age-gating and child-safety obligations.
  • FATF Travel Rule, originator and beneficiary data on crypto transfers, IVMS-101 interoperable.

Detailed memo, every certificate, every regulator letter: /security-compliance.

How fast can I integrate and start verifying users?
  • 60 seconds to a sandbox account at business.didit.me, no credit card.
  • 5 minutes to a working verification through Claude Code, Cursor, or any coding agent via our Model Context Protocol (MCP) server.
  • A weekend to a production-ready integration with signed-webhook verification, retries, and a remediation flow when a user is declined.

Three integration paths, pick whichever fits your stack:

  • Embed natively with our Web, iOS, Android, React Native, or Flutter SDK.
  • Redirect the user to the hosted verification page, zero SDK.
  • Send a link by email, SMS, WhatsApp, or any channel, zero front-end work.

Same dashboard, same billing, same pay-per-success price for all three. Step-by-step guide at docs.didit.me/integration/integration-prompt.

How is each UBO actually verified?

Each UBO completes the same hosted KYC flow your consumer customers run, opened from a link Didit returns when you create the session. No app install, no extra software for the UBO to deal with.

The flow runs on the UBO's phone:

  • ID Verification, 14,000+ document types across 220+ countries
  • Passive Liveness, iBeta Level 1 anti-spoof certified, defeats deepfakes, masks, screen replays
  • Face Match 1:1, selfie matched to the document portrait
  • Device & IP Analysis, 200+ real-time fraud signals on the session
  • AML Screening, sanctions, PEP, and adverse-media on the UBO's name + date of birth

Sub-two-second median verdict on entry-level Android. The signed result lands on your webhook with the same vendor_data reference you sent in, so wiring each UBO back to its parent entity is a one-line join.

How does ongoing monitoring work, and what does it cost?

Every approved UBO is re-screened daily against the same 1,300+ AML lists used at onboarding. There is no separate endpoint to call, it runs automatically on any session with AML enabled.

When a previously-approved UBO crosses an AML threshold:

  • The session status changes to In Review or Declined automatically
  • A signed webhook fires to your back-end with the new hits and a link back to the original onboarding evidence
  • A case opens in the Business Console for your compliance team to triage
  • File a Suspicious Activity Report (SAR) directly from the case if your jurisdiction requires it

Cost on heavy-volume accounts is $0.07 per person per year, single-digit dollars for a base of tens of thousands of UBOs, orders of magnitude cheaper than the manual review queue most teams build around it.

What evidence does an AML examiner actually see?

One ZIP per onboarded entity, exportable from the Business Console or via the API. Each pack carries:

  • The registry extract for the legal entity, officers, share capital, registered address, status
  • The ownership chart, the chain Didit walked to surface each UBO
  • A per-UBO decision, document scan, biometric similarity, AML hits, device + IP risk signals, 200+ fraud signals, signed timestamps
  • The entity AML result with source-watchlist references
  • The HMAC SHA-256 signature on every payload, so chain-of-custody is provable
  • Reviewer notes from the Case Management surface, who triaged what, when, with what decision

All evidence is stored in the European Union (EU data centres) and retained indefinitely while your subscription is active. Default record retention is 5 years post-relationship per the EU AML package, extensible up to 10 years if your supervisor asks for it.

Related

相关模块 + 工作流

身份与欺诈基础设施。

一个 API 即可实现 KYC、KYB、交易监控和钱包筛选。5 分钟即可集成。

免费开始联系我们
让 AI 总结此页面