VerifyNow
API-first KYC for South African fintech startups.
Home Affairs ID, face match, AML/PEP, AVS and CIPC wired into a single REST API — so your FSCA-licensed neobank, wallet, payment service provider or lending platform can onboard a customer in under a minute, and keep a FIC-grade audit trail doing it.
In short: what VerifyNow does for a South African fintech
A defensible fintech onboarding workflow in South Africa combines Home Affairs SA ID verification, face match + liveness, AML/PEP/sanctions screening, bank account verification, CIPC for business customers, and — depending on product risk — document authentication and consumer trace. FSCA-licensed fintechs, NCR-registered credit providers, SARB-supervised e-money issuers and PSPs all remain FICA accountable institutions and own their Risk Management & Compliance Programme and reporting to the FIC.
VerifyNow’s scope: Home Affairs SA ID verification, face match / liveness, AML/PEP/sanctions screening (190+ countries), bank account verification (AVS), CIPC company and director verification, document authentication, consumer trace, phone trace and white-label API — all under POPIA-compliant consent with a full audit trail. VerifyNow does not issue credit bureau reports, does not run SAPS criminal record checks and does not verify qualifications; credit data is sourced from a registered credit bureau, criminal clearances from SAPS or an authorised provider, and qualifications from the issuing institution or SAQA.
Who ships with VerifyNow
Fintech teams that need real-time, API-delivered KYC without a dozen vendor contracts or a six-month integration.
Neobanks & wallets
Onboard a retail customer with ID + face match + AML before the first transaction. SARB-supervised where e-money is issued.
Payment service providers
Onboard merchants and sub-merchants with CIPC + AVS + AML/PEP under PASA, SARB and FICA Schedule 1 obligations.
Lending platforms (NCR)
KYC the borrower with Home Affairs ID + AVS; obtain credit bureau data separately from a registered bureau for affordability.
E-money issuers
SARB-supervised EMIs pair VerifyNow KYC with their RMCP for wallet and prepaid-card issuance.
Open-banking aggregators
Resolve account holder identity against the account they are connecting via AVS and Home Affairs ID.
Embedded-finance APIs
Offer your partner a branded KYC step via the white-label VerifyNow API, one endpoint per verification primitive.
Six endpoints behind every onboarding
Each service is a single API call. Labelled by source so your compliance team can see what VerifyNow delivers and what must come from elsewhere.
Home Affairs SA ID Verification
Real-time HANIS-sourced identity verification returning name, date of birth, ID status and the Home Affairs photograph for downstream face match.
Face Match & Liveness
Match a live selfie against the Home Affairs photograph. Core of remote fintech onboarding and step-up on high-risk transactions.
Bank Account Verification (AVS)
Confirm account number, branch and holder details before a payout, debit-order or wallet top-up.
AML / PEP / Sanctions (190+ countries)
Screen customers and directors against PEP and international sanctions lists at onboarding and on an ongoing basis.
CIPC Company & Director Verification
Resolve the business customer for KYB: registered name, status, registration number, directors and their AML screening.
Document Authentication
Authenticate ID documents (OCR + tamper detection) when customers submit passports or IDs as part of the onboarding flow.
Sourced separately from VerifyNow
- • Credit bureau reports / affordability: obtained from a registered South African credit bureau under NCA Section 19(3) and the lender’s own affordability assessment.
- • SAPS criminal record clearance: obtained from SAPS or an authorised provider where your fit-and-proper or director-screening process requires it.
- • Qualification verification: obtained from the issuing institution or SAQA for FAIS representative fit-and-proper.
A real-time onboarding flow, end to end
One typical retail fintech sign-up, chained through the VerifyNow API from consent capture to activation.
- 01
Consent + ID collection at sign-up
Customer enters their SA ID and accepts a POPIA consent statement. The VerifyNow API records the consent reference against the verification job.
- 02
Real-time Home Affairs ID verification
One API call returns Home Affairs status, name, DOB and photograph under 10 seconds. The Home Affairs photograph becomes the anchor for biometrics.
- 03
Face match + liveness
Customer captures a selfie in your branded flow. VerifyNow runs liveness and matches it to the Home Affairs photograph before account activation.
- 04
AML/PEP screening
The same API call (or an async webhook) screens the verified identity against PEP and international sanctions lists across 190+ countries.
- 05
Bank account verification on first payout
Before the first outbound payment or payout, AVS confirms the customer's account holder name and ID number match the identity already verified.
- 06
Ongoing monitoring
Periodic AML re-screening picks up new sanctions and PEP list additions. Your RMCP defines the cadence; VerifyNow provides the hook.
FSCA, FICA, SARB, NCR and POPIA
South African fintechs operate under a stack of regulators: the FSCA (financial services licensing, including FAIS for advice and intermediary services), SARB (banking, national payment system, e-money), the NCR (credit providers), PASA (participation in the payment system), and the FIC (FICA / AML). Most fintechs are accountable institutions under FICA Schedule 1, which means they must run a board-approved RMCP (Section 42), perform CDD (Section 21), keep records (Sections 22–23), and file CTRs and STRs where required.
Crypto asset service providers were added to Schedule 1 as Item 22 in the 2022 FICA amendment, bringing them inside the same framework. Payment service providers and e-money issuers face additional SARB directives and the National Payment System Act. Credit providers must register with the NCR and, for affordability, pull credit bureau data from a registered bureau — not from VerifyNow.
Every verification flowing through VerifyNow is processed under POPIA-compliant consent. You remain the responsible party and the accountable institution; VerifyNow supplies the documented verification evidence your compliance and inspection defensibility relies on.
Fintech questions
Is a fintech a FICA accountable institution in South Africa?
Many fintech business models are accountable institutions under FICA Schedule 1 — payment service providers, money remitters, e-money issuers, crypto asset service providers (Item 22), and credit providers registered with the NCR. Accountable institutions must run a Risk Management & Compliance Programme (RMCP) under Section 42, perform CDD under Section 21, and keep records under Sections 22–23. VerifyNow supplies the verification primitives (Home Affairs ID, AVS, AML/PEP, CIPC, face match, document authentication) that your RMCP relies on — you remain the accountable institution.
Does VerifyNow run credit checks, SAPS criminal checks or qualification verification?
No. VerifyNow does not provide credit bureau reports, credit scores or affordability data; it does not run SAPS criminal record checks; and it does not verify qualifications. VerifyNow's scope for a fintech onboarding flow is Home Affairs SA ID verification, bank account verification (AVS), AML/PEP/sanctions screening (190+ countries), CIPC company and director verification, face match / liveness, document authentication and consumer trace — all under POPIA-compliant consent. Credit bureau data must be obtained from a registered South African credit bureau; criminal record clearances from SAPS or an authorised provider; qualification verification from the issuing institution or SAQA.
How fast is the API for real-time onboarding?
Home Affairs SA ID verifications typically return in under 10 seconds end-to-end via the real-time HANIS source, including name, date of birth, ID status and the Home Affairs photograph where available. AVS, AML/PEP and CIPC responses are in a similar range. This makes real-time sign-up flows — including step-up biometric checks via face match — practical for neobank, wallet and lending products without breaking the user journey.
Can VerifyNow support our FSCA licence application and RMCP documentation?
VerifyNow is a verification service, not a regulatory advisor. Your FSCA licence application, RMCP, risk rating methodology and fit-and-proper processes remain your responsibility. What VerifyNow gives you is the documented, reproducible verification evidence — a verification receipt per check, audit log, consent record — that a licensed entity's CDD process depends on and that FSCA or FIC inspectors expect to see on file.
How does VerifyNow handle POPIA for fintech onboarding?
Every verification is executed under an explicit POPIA-compliant consent capture — either through VerifyNow's consent collection flow or the fintech's own front-end with consent artefacts passed into the API. Only the data fields needed for the specific verification are processed, purpose-limited to your CDD obligations, and the audit log records who ran the check, when, and under which consent reference. You remain the responsible party under POPIA.
Does VerifyNow offer a white-label API?
Yes. The VerifyNow API can be white-labelled end-to-end — your own domain, branded verification UI for consent and liveness capture, and branded email receipts — so a customer onboarding into your fintech sees only your product. Every underlying verification (Home Affairs, AVS, AML/PEP, CIPC, face match) runs on the VerifyNow backend. See /white-label for the full scope.
Ship your KYC flow this sprint
Wire Home Affairs ID, face match, AML/PEP, AVS and CIPC into one API call. Free sandbox, R2.99 per credit starter pricing, R1.94 at ultra volumes.