What is reverification, and why does it matter?

Establish trust with your users by implementing reverification at key touchpoints.

An image of 3 face icons, representing reverification.
Read time:
Share this post
Table of contents
⚡ Key takeaways
  • Reverification is the process of re-verifying the identity of a customer or user who has already verified their identity.
  • It can be a good idea to reverify customers when they change key account information, documents expire, the user initiates a high-risk action, and more.
  • Reverification is a requirement for some industries, and it can also protect your company and customers.

For businesses that conduct identity verification for new users and customers — whether because they’re required to do so by law or simply want to realize some of the other benefits that verification offers — it can be tempting to think of verification as a one-time thing. 

A customer opens a new account, you verify their identity. End of story, right?

The truth is that initial verification is, in most cases, just the beginning of the verification story. For a variety of reasons, it probably makes sense for you to periodically reverify your users throughout your relationship with them.

Below, we define reverification, walk through how it works, and take a look at the different types of reverification you may want to leverage in your business. 

What is reverification?

Reverification is the process of re-verifying the identity of a customer or user who has already verified their identity.

When does reverification take place? Ultimately, that will depend on the specifics of your business, your user expectations, the industry you operate within, and any laws or regulations you are subject to. 

That said, some common points where reverification can be a good idea include:

  • When key account information is changed: When a user changes important account information, such as their password or contact information, it may be innocent, but it can also be a sign of account takeover or fraud. 
  • When a document has expired: If your business engages in document verification during your initial onboarding process, it’s important to ensure these documents stay up to date. 
  • When a user initiates a high-risk action: If a user attempts to engage in any kind of activity that carries risk of money laundering or other financial crimes, reverification can be a good idea. Examples might include when a customer attempts to make a large transaction, transfer a large sum of money to another account, or make a transaction that appears to be designed to evade AML detection.
  • When a borrower wants to apply for a new loan: If an existing borrower wants to borrow a new loan (or refinance an existing loan), key information such as the borrower’s income and credit report will likely need to be reverified to ensure they still qualify.
  • When an account is reactivated after a period of dormancy: If an existing user has not logged into their account for a long period of time, reverifying their identity when they reactivate their account can be a good idea to prevent account takeovers. 
  • When you detect suspicious activity: When you detect suspicious activity, reverification can help you distinguish between legitimate and fraudulent transactions. For example, a user logging in from a suspicious IP address or geolocation data that indicates the user is logging in from an abnormal jurisdiction (or one with a high risk of money laundering).
  • If your business experiences a data breach or fraud: If it is possible that user data has been compromised, you may want to reverify user identity to root out cases of potential fraud or account takeover.
  • When laws and regulations change: If your business is subject to laws and regulations that dictate identity verification requirements, such as AML and KYC regulations, you may need to periodically reverify existing users when these laws change. 

In most cases, reverification is an automated process that is triggered if and when certain criteria (such as those discussed above) are met. It is not typically a manual process, though it may involve manual review as necessary. 

For more information about how reverification works specifically within Persona, click here

Why is reverification important?

If your business is subject to Know Your Customer (KYC) regulations, reverification isn’t something that’s just nice to have — it’s a requirement. Along with identity verification and customer due diligence (CDD), continuous monitoring is the third required piece of KYC programs. While continuous monitoring is often taken to refer to transaction and activity monitoring, it also includes periodic reverification and ongoing screening against various lists (such as adverse media reports, sanctions lists, and politically exposed persons lists).

But even if your business isn’t subject to KYC regulations, reverification and ongoing monitoring just make sense. Verifying someone’s identity only gives you a snapshot of who they are at that moment in time. Reverification makes it possible to stay on top of any changes or evolutions that happen over time.

Types of reverification

Reverification can take many different forms, depending on your needs and the specific information that is being reverified. This includes:

1. Document reverification

If your identity verification process involves document verification, it will likely be important to periodically reverify these documents. 

Examples of documents that may need to be reverified include:

  • Proof of address 
  • Proof of income
  • Proof of employment 
  • Proof of insurance
  • Proof of ownership
  • Proof of professional certification
  • Proof of education
  • Business documents
  • and more

For documents that have expiration dates, document reverification typically occurs when the existing document has expired or is approaching expiration. For those that do not expire, many businesses reverify according to a pre-set schedule (for example, every 6 or 12 months, etc.) or when a user attempts to make changes to their account information.

2. Government ID reverification

As with the documents discussed above, government-issued IDs may also need to be reverified. This often occurs when the system notes that an ID has expired, when a customer proactively updates an ID that is about to expire, or when suspicious activity may indicate that an account has been taken over by a bad actor.

Examples of government IDs that may need to be reverified include:

3. Selfie reverification

Selfie verification has become a common component of many companies’ identity verification processes. It works by requiring a user to take and upload a selfie, which is analyzed for liveness detection and compared against either a photo ID, such as a driver’s license, or a previously taken selfie. 

This same process can be used for reverification purposes. Often, selfie reverification is helpful in instances of suspicious activity, or when you believe a user account may have been in some way compromised. Likewise, many delivery apps that handle age-restricted goods (such as tobacco or alcohol) leverage selfie verification to ensure that the customer is of legal age each and every time an order is placed — as required by law.

4. Continuous reports

When a business initially onboards a new customer or client, a part of the verification process often involves screening that individual against certain lists and reports. This might include sanctions lists, watchlists, politically exposed persons (PEPs) lists, adverse media reports, and more.

Of course, these lists are always changing. Someone who is not on a sanctions list today may find themselves on a sanctions list tomorrow, pending political developments, etc. Periodic reverification of users should therefore involve rescanning them against these lists.

As a note, businesses subject to KYC regulations are required to engage in continuous monitoring, which includes continuous reports.

Challenges of reverification

Reverification plays an important role in protecting both your business and users from the risk of fraudulent activity. Unfortunately, it does not come without its challenges, which you will need to be cognizant of as you design your reverification processes. One such challenge is friction.

Reverification, by necessity, introduces friction at key moments when a user interacts with your business. It’s this friction that helps root out bad actors and prevent fraudulent activities from occurring. Unfortunately, this friction can occasionally frustrate legitimate users who may not understand why they are being asked to reverify their identity.

The good news is that reverification doesn’t need to be a heavy lift. In many cases, selfie reverification can be an efficient and effective means of confirming whether an account has been compromised — and one that can be completed in just seconds. Likewise, documents and IDs — especially digital IDs — can often be reverified in seconds when doing so becomes necessary. 

Likewise, reverification is at this point almost expected by customers, especially when it comes to highly sensitive activities such as banking, investing, and healthcare. In many instances, a lack of reverification can actually lead a customer to lose trust in a business’s safety and security protocols. 

Free white paper
See how experts evaluate verification solutions

Reverification and your business

Regardless of the industry you operate within, periodically reverifying your users can be a powerful way of mitigating fraud, protecting your customers, and building trust in your business. 

Here at Persona, we’ve built our Verifications solution to be highly customizable. Use Dynamic Flow to design the reverification process that makes sense for your business, whether that involves document verification, selfie verification, database verification, or other strategies. Set the internal logic that triggers reverification for your users, as well as the follow-up required when reverification fails.

Interested in learning more? Start for free or get a demo today.

Frequently asked questions

What is document reverification?

Document reverification is simply the process of reverifying the documents you used to initially verify a user’s identity. It often occurs when the relevant documents have expired, when key account information is edited by the user, or according to a preset schedule.

What is asset reverification?

If your business verifies an individual’s net worth as a part of the onboarding process, doing so will usually involve an analysis of the various assets that they own — including stocks and bonds, real estate, savings and checking accounts, and more. Asset reverification is simply the process of reverifying the user’s net worth, including the ownership of any assets.

Asset reverification is often necessary for businesses operating in the lending industry.

What happens when reverification fails?

What happens if an account fails reverification will depend on the internal processes you have established to handle such cases. Often, it will result in the account being locked pending a manual review of the case.

Continue reading

Continue reading

Automate school account recovery requests with risk-based identity verification tools
Automate school account recovery requests with risk-based identity verification tools

Automate school account recovery requests with risk-based identity verification tools

Learn how online identity verification can help you automate and simplify your school’s account recovery process.

Guide to KYB in banking
Guide to KYB in banking

Guide to KYB in banking

A strong Know Your Business (KYB) program is the best way for banks and financial institutions to protect against fraud and other financial crimes.

How to detect ghost students and prevent student aid fraud
How to detect ghost students and prevent student aid fraud

How to detect ghost students and prevent student aid fraud

Online identity verification can help schools stop ghost students who steal student aid funds and disrupt classes.

Perpetual KYC: The future of customer due diligence

Perpetual KYC: The future of customer due diligence

Perpetual KYC (pKYC) is one of the best ways to protect customers. Learn what it is, what it looks like, and why it's important.

CDD vs EDD: What’s the difference?

CDD vs EDD: What’s the difference?

Explore how CDD and EDD work and learn when each is necessary.

Let your users Verify, and Reverify, and Reverify again.

Let your users Verify, and Reverify, and Reverify again.

Reverification of individuals in Persona, enabled by Accounts.

Ready to get started?

Get in touch or start exploring Persona today.