Financial Services
Verify the Person, Not Just the Document.
Generative AI can now pass document and liveness checks at account origination and drive account takeover. Polyguard adds identity provenance — binding a verified, present person to each high-risk action — and works alongside the KYC tools you already run.
A New Class of Attack
Generative AI has unlocked two attack patterns that defeat the controls many financial institutions rely on today. The verification tools meant to stop them answer two questions — "is this ID real?" and "is this image synthetic?" — but neither verifies the person.
Synthetic Identity at Account Origination
Face-swapped IDs, deepfaked liveness, and injected camera feeds can pass document and liveness checks. The original ID owner is not the one opening the account.
AI-Assisted Account Takeover
Stolen credentials, intercepted OTPs, remote access, and session hijacking make the transaction look legitimate — but it is not the account holder executing it.
Document Proofing Verifies the Document
Tools that answer "is this ID real?" verify the document. They say nothing about whether the person presenting it is its true owner.
Deepfake Detection Verifies the Media
Tools that answer "is this image synthetic?" detect synthetic media. They will not notice a real human acting as a proxy. The gap is the same: no one is verifying the person.
How a Polyguard Trust Check Works
A one-time enrollment in under two minutes, then a fresh person-to-device verification on demand — through Polyguard Mobile or your own app.
Prove
The user enrolls in the first- or third-party mobile app with a document scan, biometric capture, and location attestation.
Check
The relying party delivers a real-time Trust Check by QR code, push notification, or email, triggering a fresh person-to-device verification.
Consent
The user reviews exactly which proofs are requested, and by whom, with in-app clickwrap of any terms of service needed.
Record
Signed proofs are delivered directly to the relying party, and a non-repudiable audit affidavit is issued.
Polyguard Identity Provenance
Identity provenance is the collection, fusing, and cryptographic signing of contemporaneous sensor measurements that bind a verification to a unique, authentic, real-time participant. A native mobile app produces one signed proof per Trust Check.
Device — Hardware Attestation
Polyguard exchanges hardware-embedded keys with Apple and Android servers to confirm the real-time integrity of the phone's OS, app, camera, and sensors — closing the injection paths that browser-based tools leave open.
Human — On-Device Facial Recognition
On-device, real-time facial recognition captures and matches the face in 3D. The camera frames never leave the device, which keeps insiders out of sensitive verifications and reduces breach risk.
Location — Optical Distance Bounding
Patented high-speed latency measurement, powered by PG-Presence, confirms the person and device are at the same location at the moment of verification — helping prevent spoofing through VPN, remote desktop, laptop farms, or residential proxies.
The New Anti-Fraud Stack
Identity provenance is one of six layers. It sits alongside — and strengthens — the proofing, detection, and monitoring tools you already run.
| Layer | What it answers | Example tools |
|---|---|---|
| Identity proofing | Is this ID real? | Persona, Veriff, Onfido, Jumio, Incode |
| Identity provenance | Is the verified person the source? | Polyguard |
| Liveness & deepfake detection | Is this media real or synthetic? | iProov, Reality Defender, Pindrop |
| Online fraud detection | Does this session look risky? | Sardine, SEON, BioCatch |
| Transaction fraud monitoring | Is this payment fraudulent? | Feedzai, NICE Actimize, Hawk |
| KYC / AML / screening | Is this entity sanctioned or flagged? | LexisNexis, World-Check, Chainalysis |
How It Ships
Production-ready and vendor-agnostic, designed to drop into the stack you already have.
Vendor-Agnostic
Polyguard wraps the identity flow; it does not replace your document-proofing or KYC vendor. Keep Persona, Veriff, Onfido, Jumio, Incode, or your in-house stack.
Two Ways to Build
Use the white-labeled Polyguard Mobile app, triggered from your flows, or drop the iOS and Android SDKs into your existing app — with our backend services or your own.
Certified and Audit-Ready
SOC 2 Type II, aligned with NIST 800-63-4, and GDPR, CCPA, HIPAA, and C2PA-compatible. Signed proofs are non-repudiable business-record affidavits under NY CPLR § 3122-a.
Add Identity Provenance to Your Stack
Verify the person behind account origination and takeover, alongside the KYC and fraud tools you already run.