Skip to content
  • There are no suggestions because the search field is empty.

ID Verification Flags

Different ID verification flags and their meanings.

Got a flag during ID verification? Don’t panic, no one’s in trouble (promise). These flags just help us double-check that every ID is the real deal. Here’s what each one means and how to handle it like a pro.

Name mismatch

  • When the name in Vetty and the name on the ID don’t quite see eye to eye, you’ll see this flag. It’s often a small mix-up (think: middle initials or an extra space). If you need to adjust the name in Vetty, just email us at support@vetty.co and we’ll fix it up in no time.

Physical document not used

  • The user tried to use a printout, photo, or a version of their ID displayed on a screen instead of the real thing. Since copies can be tricky to verify, our system flags them as possible fraud. We need the actual, physical ID to confirm everything checks out.

Suspected document tampering

This flag pops up when something about the document doesn’t line up with what an official ID should look like.

It could mean:

  • The document includes details or design elements that don’t match an authentic, government-issued ID.

  • The data on the barcode doesn’t match the information shown on the front of the document.

In plain English, our system spotted signs that the document might’ve been edited or isn’t a genuine ID. Don’t worry, this doesn’t automatically mean something shady happened, but it does mean the document couldn’t be verified as authentic.

Suspicious behavior

 

This flag means something about the photos or session raised a few red flags during the verification process. Here’s what might trigger it:

  • Portrait photos appear to be taken off a device screen instead of showing the actual person.

  • Document photos were captured from a device screen rather than the physical ID.

  • Portrait photos look like a printout or a scan, not a live image.

  • Document photos appear to be printed or scanned copies, not the original document.

  • The images show signs of digital editing or alteration.

  • There’s more than one person visible during the verification session (and that’s one too many).

In short: the system spotted something that doesn’t match typical verification behavior. It’s a signal to take a closer look just to make sure everything checks out.

Known fraud

 

This appears when the system spots signs that connect this session to previous fraudulent activity. In other words, something (or someone) here has shown up before — and not in a good way.

It can happen when:

  • The same person, device, or document has appeared in past sessions marked as fraudulent.

  • A slideshow was detected during the session video.

  • Session images were streamed or uploaded from outside Veriff’s, our third-party verification partner, secure flow instead of being captured live.

Bottom line: the system recognized patterns linked to known fraud attempts, and it’s worth a closer look before moving forward.

The person showing the document does not appear to match the document photo

 

Something’s off in the selfie-to-ID match-up. This flag means the person in front of the camera doesn’t seem to be the same person pictured on the document.

You might see this when:

  • The portrait photo and the document photo don’t line up.

  • There are two or more different people involved in the same session for example, selfies and IDs from both Tom and Bob showing up together.

When this happens, it’s a strong signal that the ID might not belong to the person submitting it (or that someone mixed up materials during the session). Either way, it’s worth double-checking before approving.

Data center usage detected

This flag means the user’s network connection was routed through a data center during the verification process instead of a regular home, mobile, or office internet provider.

A data center is a large facility filled with networked computer servers that store, process, and distribute data for organizations. They’re totally legitimate (think: cloud storage and big tech infrastructure), but when someone connects through one during verification, it can sometimes suggest the use of a VPN, proxy, or anonymizing service to hide their true location.

This doesn’t automatically mean fraud, but it does mean the connection came from an unusual source and that’s worth keeping an eye on.

Network and browser time zone mismatch

You'll see this when the time zone of the user’s network doesn’t match the time zone set in their web browser. Meaning the location of their internet connection doesn’t line up with what their browser is telling us. Sometimes it’s harmless (like traveling or using a company VPN), but it can also signal an attempt to disguise the user’s true location.

Session traffic proxied

This flag means that some of the network traffic during the verification session was routed through a proxy server instead of coming directly from the user’s device. It signals that the connection wasn’t entirely direct, which could be totally harmless or a hint that someone’s trying to stay hidden.

A proxy server acts as a middleman between the user and the internet. It transfers data on their behalf and can make it look like the connection is coming from somewhere else. Proxies are often used for privacy or security reasons, but they can also be used to hide a user’s true identity or location.

Session vendor provided name not matching with name on the document

The name provided by the vendor during the verification session isn’t an exact match to the name shown on the ID document.

Restricted IP location  

This flag means the user attempted to complete a verification from an IP address located in a restricted or sanctioned region. In these cases, the session is automatically declined to comply with international regulations. Examples of restricted locations include North Korea, Iran, Crimea, Luhansk, and Donetsk, among others.

Suspicious behavior/identity farming 

This flag appears when there are signs of fraudulent activity connected to identity farming. It’s a tactic where someone else’s legitimate information is being used for shady reasons. When this behavior is detected, the user will be declined for fraud.

Attempted deceit

Our system detected clear signs of fraudulent behavior during the verification process.

It can happen when:

  • A device screen was used. For example, the user displayed their ID on a phone, tablet, or computer screen instead of showing the real document.

  • A printout was presented meaning the user used a printed copy of an ID instead of a valid, government-issued original.

Expired ID documents

    This flag appears when the ID used for verification has expired or when the candidate is under the minimum age requirement.

    • If the document is expired, the candidate will automatically be asked to resubmit a valid, unexpired ID to continue the verification process.
    • If the person is under 18 years old, the verification will automatically fail (IDV Fail). Additional flags may appear if the candidate is under 13, 14, or 16, depending on specific compliance or product requirements.