When your automated flow drops them, fails them, or can’t keep up. Our live agents verify any customer face-to-face on video. For fintech, insurance, telehealth, immigration, and RON. Deepfake-resistant, audit-ready, 24/7.
The same three failure modes show up in every conversion review, regulator letter, and post-mortem. They are the reason a real person on a video call exists as a category.
Generative video and printable templates are now good enough to defeat selfie + ML pipelines for under $20. Synthetic identity fraud is the fastest-growing fraud category in financial services, and automated-only liveness is the line attackers crossed first.
Automated KYC flows lose 30 to 40% of mid-funnel customers to glare, OCR misreads, browser permissions, and selfie retries. The client paid the CAC, then the verifier turned them away.
Visa renewals, RON closings, claims interviews, telehealth onboarding, EPCS prescribers, age-restricted policies, host or driver verification. These need a human reading body language, not a probability score.
Same flow whether the customer is opening a bank account, signing a high-value claim, attending a telehealth visit, or closing on real estate.
Your system fires an API call (or a manual ticket) to schedule, or instantly route the customer to an Arbitrail agent.
Customer joins on Zoom, Google Meet, Teams, or your white-label embedded video. Agent greets in their preferred language.
Agent inspects the document on camera, confirms the photo matches the live person, and runs interactive liveness moves to defeat deepfakes.
Structured result, recording, document captures, agent notes, and sanctions/PEP screening pushed to your stack within minutes.
Compliance-heavy, fraud-sensitive, or edge-case-heavy verifications. The lanes the SaaS incumbents quietly route to a human anyway.
Account opening, large transactions, and high-risk customer onboarding where regulators want a live human in the loop. Banks, lenders, broker-dealers, payments.
High-value claim confirmation, claimant identity at first notice of loss, beneficiary verification, and Special Investigation Unit interviews.
Telehealth onboarding, EPCS prescriber identity proofing, controlled-substance refill checks, and age verification for treatments.
Visa interviews, e-residency onboarding, ESTA-style pre-screening, and recurring visa-holder verifications, in the applicant’s native language.
RON-eligible identity verification for closings, deeds, powers of attorney, and other notarized instruments, with an audit trail courts accept.
Trust-and-safety screening for hosts, drivers, sellers, and tutors, plus age verification for restricted content and I-9 remote.
The automated incumbents do volume well. Where they struggle is exactly where clients escalate: deepfakes, drop-off, and edge cases that need a human.
Use them for the easy 60 to 70%. Use us for the rest, or run us as a fallback when their confidence drops below threshold.
Built to satisfy V-CIP, KYC, claims, and high-stakes onboarding requirements without a 17-vendor stitching project.
Zoom, Google Meet, Microsoft Teams, or your own embedded white-label video.
Passport, national ID, driver’s license, visa, residency permit, employer ID. MRZ and feature checks.
Real-time prompts (turn head, blink, hold doc, read a number) to defeat deepfakes and recordings.
English, Spanish, Tagalog, Mandarin, Bahasa, Vietnamese, Portuguese, French. Others on request.
Sanctions lists, politically-exposed-person, and adverse-media screening bundled with the call result.
Trigger calls, fetch results, and stream events into your stack via REST + webhooks.
Full call recording, agent notes, time-stamped events, and a signed PDF report you can hand to auditors.
Real-time queue for instant calls or pre-scheduled slots for higher-stakes verifications.
Customer sees your name, our agents do the work. Or run visibly as Arbitrail. Your call.
The frameworks our verifications are designed against, and the controls that ship by default with every engagement.
Three reasons regulators, audit committees, and risk teams keep insisting on a human in the loop, and how Arbitrail is built around them.
A trained human watching a live person manipulate a document in their own hands is the line synthetic-identity attackers still cannot cross at scale. That is what regulators (RBI, FCA, several US states, EU AMLD6, DEA EPCS) increasingly require by name.
Drop-off falls sharply when the prompt is in the customer’s first language. We cover English, Spanish, Tagalog, Mandarin, Bahasa, Vietnamese, Portuguese, and French at no premium. Markets where US/EU competitors charge for or do not cover.
Multi-region delivery hubs (Luzon, Florida, Colombia, Indonesia, Malaysia, Vietnam) for genuine 24/7 coverage. 50 to 60% lower than US/EU human KYC. One Arbitrail SG contract instead of stitching three vendors. An account lead per engagement.
Video KYC has moved from a niche compliance workaround to the default fallback for any KYC pipeline that takes fraud, drop-off, or regulatory exposure seriously. The shift is being driven by three forces simultaneously: deepfake fraud has crossed the threshold where automated-only liveness fails routinely, regulators in major jurisdictions have explicitly recognized or mandated it, and customer drop-off rates on automated-only flows have stayed stubbornly above 30%. This playbook is the operational map.
Video KYC is a real-time identity verification process where a trained human agent meets the customer over live video, inspects the customer’s identity document on camera, confirms the document photo matches the live person, and runs a series of unscripted liveness prompts to verify the customer is genuinely present. The output is a recorded session, a signed verification report, document captures, and structured metadata that satisfies regulator audit requirements.
Three things distinguish video KYC from related concepts. It is not a video selfie. A pre-recorded selfie video is just an automated-with-extra-steps check; deepfakes defeat it. It is not a chatbot interview. An AI agent on a video call is still automated, with the same vulnerability profile. It is not a documents-only check. Document authenticity without a live human cross-check leaves the bind-to-person problem unsolved.
The regulatory map is moving fast. As of 2026, video KYC is explicitly recognized, mandated, or strongly recommended in the following jurisdictions and frameworks. This is not exhaustive, but covers the markets that drive 80%+ of demand.
The pattern is consistent: the regulators that have updated their CDD guidance in the last five years have moved toward explicitly recognizing video as a qualifying method, often with specific operational requirements (recording, liveness checks, agent training). The regulators that have not updated their guidance still typically treat video as an acceptable enhanced due diligence (EDD) method.
The deepfake threshold was crossed in late 2023. By early 2024, generative-video tools costing under $20 in compute could produce face-swap output that defeated automated liveness checks under typical conditions. By 2025, "KYC bypass" was being marketed openly on Telegram as a service for $50 to $500 per successful bypass depending on document quality.
The vulnerability of automated-only liveness is structural, not implementation-specific. Pre-recorded prompts are predictable; even unscripted prompts can be defeated by latent-space generative models given enough training data. The defense is not a better algorithm. The defense is a human watching the customer in real time, running prompts the customer cannot anticipate, and making a contextual judgment that no model has matched at scale.
The defensive design pattern is well understood. Three principles, applied together, defeat the deepfake attack vector reliably.
Generic "turn your head" or "blink" prompts are well-documented and trainable. Effective live prompts are context-specific to what the agent sees: "Hold the document next to your face and read me the date of issue out loud", "Cover the photo with your thumb and tell me your year of birth", "Tilt your head and turn the document so I can see the security feature on the lower left". Each prompt requires the customer to coordinate the live person, the live document, and a verbal answer in real time. Generative models cannot fake the trio simultaneously.
The agent triggers a code (4 to 6 digits) to display on the customer’s screen mid-call. The customer reads the code out loud. The combination of latency, reading rhythm, and lip-sync against the displayed code is currently beyond real-time generative defeat. Implementation requires the agent-side console to control the code reveal.
The trained human agent is the final defense. Agents look for the artifacts that automated systems miss: edge artifacts on face boundaries, latency between question and lip movement, lighting inconsistencies between face and document, micro-expressions that do not match the script. A 12 to 16 hour training program brings most agents to 90%+ deepfake detection. Continuous calibration against captured fraud attempts pushes that to 95%+ over time.
The right architecture for most carriers is hybrid: document-only for low-risk, low-value customers; video KYC for high-risk, high-value, regulated, or repeat-failure cases. The threshold function is well known.
Low transaction values, low aggregate exposure, well-documented identity (employment-bound EP holders, government-issued IDs from low-fraud-rate jurisdictions), no specific regulatory mandate. Document-only flows pass these cases through with negligible fraud rate at lower per-check cost.
High-value transactions or aggregates, jurisdictions with a video-KYC mandate (RBI V-CIP for Indian banks, RON for US notarization, EPCS for prescribers), high-fraud-rate document jurisdictions, repeat-failure cases on the document-only flow, age-restricted product onboarding, and any case where a regulator post-mortem would treat document-only as insufficient diligence. Video KYC is also the right answer when the cost of a missed fraud is materially higher than the cost of running the call.
A well-designed video KYC call runs 3 to 7 minutes from connect to close. The structure is consistent across most use cases.
Minute 0 to 1: Greet and confirm. Agent introduces themselves, confirms the customer’s name, confirms the customer’s consent to the recorded session, and explains the steps that will follow. Setting expectations reduces customer friction and improves completion rate.
Minute 1 to 2: Document inspection. Customer holds the primary identity document up to the camera. Agent inspects it on camera (security features, photo, MRZ data), confirms the document type and issuing country, and captures the image.
Minute 2 to 3: Bind to person. Agent asks the customer to hold the document beside their face. Cross-checks the photo on the document against the live customer. Visual judgment, not algorithmic.
Minute 3 to 4: Liveness prompts. Three to five context-specific liveness prompts (per Section 4 above). Including the on-screen code challenge.
Minute 4 to 5: Address proof and final checks. Secondary document inspection if required (proof of address, proof of source of funds), agent completes the structured checklist, and confirms the verification result with the customer.
Minute 5+: Audit packet generation. Recording saves automatically, structured metadata fires to the carrier’s webhook, signed PDF audit report generates within 2 minutes of call close.
Regulator audits of video KYC programs (we have observed dozens) consistently focus on six artifacts. A program that produces all six per call passes the audit. A program that misses any one does not.
Full session recording retained for the regulator-required period (varies by jurisdiction; 5 years is typical; 7 years for some financial services rules). Time-stamped audit trail showing each step of the call (greet, document inspection, liveness, decision). Captured document images with metadata. Agent-prompt log showing which liveness prompts were used. Signed verification report with the agent’s identifier, the decision rationale, and the customer’s consent record. Sanctions and PEP screening output attached to the customer record.
Three patterns we see consistently in carriers implementing video KYC for the first time.
Untrained agents. Generic call center staff with 2 hours of training pass through obvious deepfakes. Programs that do not invest in 12 to 16 hour role-specific training underperform their stated quality bar.
Scripted-only liveness. Carriers that hand agents a fixed three-question script find that fraudsters quickly map the script. The unscripted, context-dependent prompts described above are non-negotiable.
Fragmented recordkeeping. Programs that store recordings in one system, agent notes in another, and screening results in a third produce audit packets that take days to assemble. The right design stores everything as a single linked record per session, retrievable in one query.
Arbitrail Verify is built around this exact playbook. Trained agents (16 hours role-specific plus continuous calibration), unscripted liveness prompts including on-screen code challenges, integrated session recording, structured audit packet generated within 2 minutes of call close. Compliance mapped to RBI V-CIP, FATF Travel Rule, EU AMLD6, FCA, NIST IAL2, HIPAA, DEA EPCS, RON, and MAS Notice 626. Deepfake detection rate measured at 95%+ on adversarial test sets.
Bring your verification volume profile, your highest-friction onboarding step, and the languages your customers actually speak. We scope a POC against your KPIs in 30 minutes, run it for 15 days, and walk if we miss.
What clients ask before bringing Arbitrail Verify in. Anything else, just email and we’ll answer the same day.
Send a message about Arbitrail Verify, book a discovery call, or email us directly. We reply within 24 hours, weekdays.
If you know what you’re looking for, grab a slot on the calendar. No back-and-forth.
Open CalendlyBring your verification volume profile and the languages your customers actually speak. We’ll scope a 15-day POC against your KPIs in 30 minutes.