Veriff Captures Sessions, Not Trajectories

1. Vendor and Product Reality

Veriff, founded in Tallinn, Estonia in 2015 and now operating globally with offices across Europe and North America, is one of the leading commercial vendors in the digital identity verification (IDV) category, alongside Onfido (now part of Entrust), Jumio, Persona, Socure, and Sumsub. Its platform serves financial institutions, fintech challengers, marketplaces, mobility platforms, gaming and gambling operators, and the long tail of regulated digital businesses required to comply with KYC, AML, eIDAS, and equivalent identity-assurance regimes across jurisdictions. The verification flow is video-first: a live capture of the user's face from multiple angles, a synchronized capture of the identity document under varying lighting, an active liveness check, and a continuous collection of device, network, and behavioral telemetry throughout the session.

The technical signal density is genuine and is Veriff's principal differentiator. Where document-photo-only competitors collect a still image of a face and a still image of a document, Veriff collects a video frame stream, micro-motion data, document-tilt sequences, glare evolution, screen-replay detectors, and behavioral patterns of how the user navigates the flow. Backend ML models fuse the signals into an authenticity assessment, a fraud-risk score, and a structured decision (approve, decline, resubmit, or escalate to manual review). The platform handles hundreds of document types across more than two hundred jurisdictions, and the decision pipeline is calibrated against fraud feedback loops at scale. Within the per-session frame, the architecture is rigorous and competitive.

The competitive frontier in IDV is exactly this signal richness: more video, more passive signals, better liveness, faster decisions, broader document coverage. Veriff sits at the leading edge of that frontier. The architectural shape, however, is shared across the category. A verification is an event. The event has a start, a capture phase, a decision, and a termination. The output of the event is a yes/no/refer plus an evidence package retained for audit. Subsequent verifications of the same person at the same provider are new events with their own evidence packages. Continuity is, at most, a claim joined to a customer record, not a property of the verification architecture.

2. The Architectural Gap

The structural property Veriff's architecture does not exhibit is biological trajectory across sessions. The platform records, for any given verification, that the captured face matched the document with confidence X, that the liveness signal exceeded threshold Y, and that the device signal was consistent with a live human in jurisdiction Z. It does not maintain — and architecturally cannot retrofit within its current model — a per-individual biological trajectory whose continuity across sessions is the load-bearing assertion. The session is the unit of trust; nothing connects the sessions into a trajectory whose evolution is itself the evidence.

The gap is most visible against sophisticated synthetic-identity and deepfake attacks. Generative models improve at producing biometric presentations consistent enough within a single session to satisfy per-session liveness and matching. A face that holds geometric consistency for ninety seconds of video can defeat per-session analysis even at the high end of the signal-richness frontier, and the arms race is asymmetric: defenders add a signal, attackers add a generator stage. What no current generation pipeline produces is a trajectory of biological evolution across sessions separated by months — natural aging, weight fluctuation, hairline change, lighting habit drift, behavioral pattern development, micro-expression pattern stability paired with macro-feature evolution. These are properties of an actual biological person living time, not properties an attacker can synthesize without continuous access to the legitimate individual's accumulated history.

Session-based verification also fails to leverage its own history in legitimate cases. A returning user verified six months ago provides no more trajectory evidence to the next verification than a first-time user. The system treats every encounter as if it has no prior knowledge of the person. The accumulated sessions are archived data subject to retention policy rather than trajectory inputs whose continuity is itself the assertion. Confidence does not accumulate; it resets. The structural opportunity to build identity assurance over time — and to flag a discontinuity as a signal in its own right — is forfeited by an architecture that treats each session independently.

Veriff cannot patch this from within the current architecture because the platform was designed as a high-signal-density verification event service, not as a substrate that maintains a per-individual biological field whose continuity is the credentialed property. Adding a customer database that stores prior session scores does not produce trajectory in the dynamical sense; it produces a log of past decisions joined to a claimed identifier. Adding ML-based "returning user" recognition does not produce governed continuity; it produces a similarity check between two sessions. The continuity required is an architectural shape — a deterministic biological field with named components, defined evolution rules, governed sketch representations, and continuity-discontinuity scoring — and the verification architecture does not exhibit that shape.

3. What the AQ Biological-Identity Primitive Provides

The Adaptive Query biological-identity primitive specifies that identity in a conforming system be represented as a continuity-credentialed biological trajectory rather than a per-session classification. The trajectory is not a database of session records and not a stored template; it is a deterministic field whose components are biological signals reduced to stable sketches, whose evolution is governed by defined rules consistent with how a biological person actually changes over time, and whose continuity property is the load-bearing assertion under which subsequent observations are admitted. Each session contributes observations that the field absorbs under governed update rules. The first session establishes the baseline. Subsequent sessions either extend the trajectory consistently, in which case confidence accumulates, or exhibit a discontinuity, in which case the system raises an out-of-trajectory flag whose semantics are distinct from a bad-liveness flag or a poor-match flag.

The trust-slope component is load-bearing. Trust is not a binary state set per session; it is a slope over the trajectory whose value at any instant reflects the integrated continuity history. Long, well-evolved trajectories carry higher slope and tolerate higher friction in any single session without resetting confidence. Short or interrupted trajectories carry lower slope and require richer per-session evidence to extend. The slope decays under defined rules in the absence of new sessions, so a long-dormant identity does not retain trust indefinitely — but it decays gradually, not instantly, consistent with the actual half-life of biological recognizability. Cross-component coupling means that document-evidence updates couple to facial-evolution updates couple to behavioral-pattern updates under defined rules, so a partial discontinuity in one component can be compensated by continuity in others under governed weighting rather than under heuristic blending.

The privacy property is structural rather than procedural. The trajectory is maintained through stable sketches — compact, non-invertible representations whose continuity is computable but whose underlying biometric is not reconstructable — so the data retention required to support the trajectory does not amount to retaining session video or raw biometric templates. The primitive is technology-neutral with respect to sketching scheme, signal source, and storage substrate, and composes hierarchically: per-individual fields participate in per-population fields under defined aggregation rules. The inventive step is the structural specification of identity as a continuity-credentialed trajectory under governed evolution and stable sketching, with trust-slope as the load-bearing scalar, rather than as a per-session decision joined to a claimed identifier.

4. Composition Pathway

Veriff integrates with the AQ biological-identity primitive as the high-density signal source feeding the trajectory rather than as the verification endpoint. What stays at Veriff: the video-capture pipeline, the document classifiers, the liveness models, the device-and-network telemetry stack, the global jurisdiction coverage, the manual-review operations, and the entire customer-facing relationship with regulated businesses. Veriff's investment in capture quality and signal density — exactly the dimension where it competes — remains its differentiated layer, and is precisely the input the trajectory substrate needs to extend confidently.

What moves to AQ as substrate: the per-individual biological field whose components are sketched, persisted, and evolved across sessions under governed rules, and whose trust-slope is the credentialed scalar exposed to the customer's downstream decision systems. The integration points are well-defined. Veriff's per-session capture results in observations emitted into the trajectory-update layer rather than terminating at a per-session decision payload. The update layer reduces signals to stable sketches, applies governed evolution to the field, computes the post-session trust slope, and exposes both the per-session decision and the trajectory state. Decisions to the customer shift from "this session passes with score X" to "this session extends a trajectory of length L with slope S, post-session slope S′, with discontinuity components D against tolerated bands B."

The new product surface is continuity-based identity assurance for use cases per-session verification cannot serve structurally. High-value-account access, repeated KYC refresh under regulatory cadence, returning-customer authentication for marketplaces, mobility-platform driver re-verification, gaming-platform self-exclusion enforcement, and cross-jurisdictional portability of identity assurance all benefit from a substrate whose property is continuity rather than richer single-event capture. Veriff's commercial position improves rather than erodes: per-session capture quality becomes more valuable, not less, because it is now feeding a layer that converts it into trajectory assurance no competitor in the per-session category can match without an equivalent substrate. The deepfake defense becomes structural rather than statistical, and the structural defense is the one regulators are converging on as synthetic-identity attacks scale.

5. Commercial and Licensing Implication

The fitting arrangement is an embedded substrate license: Veriff embeds the AQ biological-identity primitive into its verification platform and offers trajectory-based assurance as a tier above per-session decisioning, sub-licensed to its enterprise customers as part of the platform subscription. Pricing aligns with how regulated customers actually consume continuous identity assurance — per-trajectory-under-management or per-monitored-individual-month rather than purely per-verification — and creates an annuity-shaped revenue layer above the transactional verification line. The shift also reduces customer acquisition friction for high-value accounts that find pure per-event pricing punitive at scale.

What Veriff gains: a structural answer to the deepfake-arms-race critique that increasingly dominates regulator and analyst commentary on IDV, defensible differentiation against Onfido/Entrust, Jumio, Persona, Socure, and Sumsub by elevating the architectural floor from richer-capture to persistent-trajectory, a forward-compatible posture against eIDAS 2.0, the EU Digital Identity Wallet, FATF Recommendation 16 updates, and SEC and FinCEN regimes converging on continuous-assurance requirements, and a path to trajectory-portability standards that lock in the customer relationship even as point verifications commoditize. What the customer gains: continuity-based assurance that hardens against synthetic identity attacks no per-session signal stack can defend against alone, accumulated identity confidence that survives across verifications rather than resetting at each one, and privacy-preserving retention through stable sketching that satisfies data-minimization regimes better than retained video stores. The trajectory belongs to the customer's authority taxonomy, not to Veriff's database, so the substrate is portable across platform decisions — paradoxically making Veriff stickier because its signal-density advantage is what differentiates its access to a substrate the customer values. Honest framing — the AQ primitive does not replace IDV; it gives IDV the continuity substrate it has always needed and never had, converting a per-event decisioning business into a continuous-assurance platform anchored on a structural property no competitor replicates by capturing more signals in the moment.