TrueSecurix TrueSecurix
Fraud prevention API

Catch fake identities before onboarding.

Fraudsters open accounts with AI deepfake selfies, forged IDs, and tampered bank statements. TrueSecurix scores the risk in one API call and hands your team the evidence behind every verdict. Fakes get flagged or held for review; a real customer is never auto-rejected on a guess. Only hard checksum math can flag outright.

0.0%
real users auto-rejected*
0 missed
deepfakes on our held-out test*
math
decides, AI advises

*Measured on a held-out split the model never trained on: 90 real selfies and 120 deepfakes across 10 generators (face-swap, diffusion and GAN families). Caught means flagged or routed to human review; the real-user figure is the auto-reject rate (about a third of genuine selfies route to review, none are auto-rejected). Deepfake false-positive is selfie-measured. Full method and numbers on the benchmarks page.

POST /v1/verify
selfie.jpg
aadhaar.jpg
FLAG
95
document.verhoeffinvalid
decisionflag
consensus_familiesdeterministic

FLAG is deterministic: the Aadhaar Verhoeff checksum is mathematically invalid. AI signals only advise; uncertain selfies route to review, never auto-reject.

See it in action

Watch fraud get stopped in about a second.

A fake face, a forged ID, a tampered document. See how TrueSecurix flags them, with a risk score, a decision, and the evidence.

Built for Lending apps Neobanks Crypto exchanges Gig platforms KYC providers
The problem

Onboarding became the easiest door to walk through.

Generative AI made a convincing face and a clean-looking ID a thirty-second job. A fraud ring opens hundreds of accounts, drains loans, and disappears before a human ever looks. Legacy liveness checks were never built for synthetic media.

Legally required on every signup. Recurring volume, forever.
Tuned for Indian faces and document formats.
A risk signal for your team, never a black-box auto-reject.
Response
{
  "risk_score": 95.0,
  "decision": "flag",
  "document": { "is_tampered": true,
               "verdict": "structural_fail" },
  "consensus_families": 0,
  "recommendation": "Deterministic document check failed (checksum invalid). Escalate to fraud review.",
  "evidence": [ ... ]
}
How it works

One call. A verdict you can act on.

01

Send the submission

Post the selfie and ID image to the verify endpoint with your API key. One HTTPS endpoint, call it from any stack; a Python SDK is available.

02

We analyse

A forensic engine checks the face for AI generation, the ID for forgery, and financial documents for tampered numbers. The checksum and balance math make the call. AI only adds a hint.

03

You decide

Get a risk score, a pass / review / flag decision, and the evidence. Approve the clean, review the rest.

Use cases

A fraud layer for every onboarding flow.

The same API drops into any KYC or verification pipeline you already run. Here is the fraud each team faces, and what TrueSecurix adds.

Digital lending & NBFCs

Synthetic borrowers and tampered salary slips drain loan books before the first EMI. We reconcile the statement's own arithmetic and score the selfie, so a fabricated income never clears underwriting.

Neobanks & wallets

Deepfake selfies open mule accounts at scale. We flag AI-generated and face-swapped faces at signup and match the selfie to the ID photo, before the account moves money.

Crypto & Web3

AI-generated IDs and injected selfies beat liveness to pass exchange KYC. We add a deepfake and document forgery gate on top of your existing check, with evidence for every flag.

Gig & marketplaces

Fake driver and worker identities put your users and brand at risk. We verify that the person behind the profile is real and matches the document they submitted.

Insurance

Manipulated claim photos and synthetic policyholders inflate payouts. We spot spliced, recycled and AI-edited images before a claim is approved.

KYC & onboarding providers

Add a deepfake and document-forensics layer to the verification product you already sell, through one API, with a decision your customers can audit.

Coverage

What we catch today.

Deepfake selfies & face mismatch

AI-generated / face-swapped selfies, caught across 10 generators in our held-out test, plus ArcFace matching of the selfie against the ID photo.

Forged ID documents

Aadhaar (Verhoeff), PAN and passport (MRZ) are validated by checksum math, so this check cannot raise a false alarm.

Tampered bank statements & payslips

Inflated income or edited balances. We re-run the statement's own arithmetic, and if the totals don't add up, you have proof instead of a hunch.

Manipulated photos

Tampered, spliced or recycled images submitted as proof of identity or address.

On the roadmap
PDF tamper forensics SOON
Detect re-saved / edited PDFs even when the numbers reconcile.
More document formats SOON
Every bank statement, payslip and GST layout.
Live video liveness SOON
Real time deepfake and injection defense.
Model coverage

Trained on the attacks fraudsters actually use.

A detector is only as current as the generators it has seen. Our held-out evaluation spans 10 generators across the three families producing real synthetic-identity fraud today, and we add new families as they appear.

Family 01

Face swap

One person's face mapped onto another's video or photo. The most common attack against liveness and selfie KYC.

Family 02

Diffusion

Entirely AI-generated faces and documents from modern text-to-image and image-to-image diffusion models. No real person behind them.

Family 03

GAN

Generative adversarial faces from the StyleGAN lineage, the synthetic portraits behind large-scale fake-account rings.

Detection retrained on new generators as they emerge, not frozen to a benchmark.
See the full method and numbers
0.0%
Real customers auto-rejected on the held-out set (about a third route to review)
0
deepfakes missed across 10 generators on our held-out set
2
Independent families must agree before any AI flag, no single model decides
0 FP
Deterministic checks are math, they cannot false-positive
The false-positive problem

Why it won't auto-reject a real customer

A false positive happens when a system makes a confident decision from a guess. So we never let it. Math decides; AI only advises; everything uncertain goes to a human.

01
Deterministic-first

Only checksum, format and MRZ math (Aadhaar Verhoeff, PAN, ICAO-9303) can auto-flag a document. Math can't be wrong, so it can't false-positive.

02
Multi-signal consensus

No single AI model can flag alone. A confident flag needs 2 or more independent signal families to agree at calibrated high confidence.

03
Three-band routing

Pass, review or flag, never a blind yes or no. A customer we are unsure about goes to a 30-second human review instead of a rejection.

04
Quality-aware

Blurry or compressed images widen the review band automatically. We never reject someone just because their photo came out bad, which is where most false rejections actually come from.

About two-thirds of real customers clear instantly; the rest get a fast human review, never a silent reject. Every threshold is versioned and tuned on real fraud, not set once and forgotten.

Proof, not promises

One call. Sub-second. Auditable.

Built for a risk team that has to defend every decision. Fast to integrate, and every verdict carries its own evidence.

1 call
Send the selfie, ID, or bank statement to /v1/verify. Get back a score, a pass / review / flag decision, and the evidence behind it.
Read the API docs
~0.4s
Median time for a selfie check on our hardware. Document checksum and balance math return in milliseconds. The service is stateless and scales horizontally.
Auditable
Every check writes an immutable record with the score, decision, evidence, and the calibration and threshold version that produced it. Re-tuned on real data, not a one-time claim.

Built to be checked, not believed. Across 10 deepfake generators (face-swap, diffusion and GAN), on data it had never seen, it caught every fake and auto-rejected zero real customers. So don't take our word for it: point it at your own fraud, free for your first 100 verifications, and watch it catch what slips past your current checks before you pay a rupee.

Security & compliance

Built for a regulated buyer, hosted in India.

Identity data is the most sensitive data you hold. We treat it that way: analysed in memory and never stored as files, transmitted over encrypted connections, isolated per tenant, and written to an immutable audit log. Our infrastructure runs in India, so your data stays in-country.

Data residency in India
Aligned with India's DPDP Act, 2023
Aligned with RBI KYC directions
Data processing agreement on request
API keys hashed, tenant isolation
Immutable, versioned audit log
Read the security overview
Live in production

The protections guarding your customers' data today.

Data residency in India Live
In-memory processing, no file storage Live
DPDP Act, 2023 alignment Live
Encryption in transit (TLS, HSTS) Live

Evaluating us for production? We complete your security questionnaire and provide a data processing agreement and our security overview on request.

Integration

One detection layer, three ways to wire it in.

However your verification flow is built, TrueSecurix slots in without a rebuild. Pick the pattern that fits your architecture.

01

Gate before costly checks

Put a deepfake and forgery gate up front. Fakes are filtered before they reach expensive downstream KYC, liveness or manual review, cutting cost and reviewer load.

02

Parallel forensic layer

Run it beside your existing liveness and identity checks. A stateless, sub-second call adds a deepfake verdict to your decision engine with no rebuild and no user friction.

03

Retrospective sweep

Re-scan users you already onboarded to surface synthetic identities that slipped through before you had a deepfake check. Clean up the back book, not just new signups.

One HTTPS endpoint, a Python SDK, and a stateless service that scales horizontally. Most teams are live in a day. Read the API docs.
Pricing

Start free. Scale on a monthly plan.

A monthly plan with verifications included, or pure pay as you go. No seats, no setup fees.

Free
Rs 0
to get started
  • 100 free verifications
  • Full API and dashboard
  • Deepfake and document checks
Start free
Most popular
Starter
Rs 3,999/ month
1,000 verifications included · Rs 4 each
  • 1,000 verifications every month
  • Then Rs 4.50 per extra verification
  • Dashboard, audit log and evidence export
  • 240 requests per minute and email support
Start Starter
Scale
Rs 19,999/ month
7,500 verifications included · Rs 2.67 each
  • 7,500 verifications every month
  • Then Rs 3.50 per extra verification
  • Priority email support
  • 600 requests per minute (higher throughput)
Choose Scale
Enterprise
Custom
banks and large platforms
  • Volume pricing
  • On premise or private cloud
  • Dedicated support and SLA
Contact sales

Prefer no commitment? Pay as you go at Rs 5 per verification, top up any time.

Indicative pricing; final rates depend on volume and region. Annual billing on request, contact us.

FAQ

Questions buyers ask.

How is this different from the liveness check we already run?

Liveness confirms a live human is present. It was not built for AI-generated or face-swapped media that is injected to look live. TrueSecurix adds a forensic layer that scores the face for synthetic generation, matches it to the ID photo, and validates the document itself, so a deepfake that passes liveness still gets caught.

Will it wrongly reject our real customers?

No customer is auto-rejected on a guess. Only deterministic checksum math (Aadhaar Verhoeff, PAN, passport MRZ) can hard-flag a document. AI signals only advise, and need two independent families to agree before a confident flag. Anything uncertain routes to a fast human review instead of a rejection. On our held-out test, zero real users were auto-rejected.

How accurate is it, really?

On a held-out split the model never trained on (90 real selfies and 120 deepfakes across 10 generators), it missed zero deepfakes and auto-rejected zero real users, with about a third of genuine selfies routed to review. We publish the full method, dataset and numbers on the benchmarks page, and we would rather you point it at your own fraud than take our word for it.

Do you store our users' selfies, IDs or bank statements?

No. Submitted images and documents are analysed in memory and never written to disk. For audit we keep only a one-way cryptographic hash of each input, plus the score and decision, never the file or the raw ID number. Full detail is in our privacy policy and security page.

Which documents and IDs do you support?

Aadhaar (Verhoeff checksum), PAN, and passports (ICAO 9303 MRZ) are validated by math. Bank statements and salary slips are checked by re-running their own arithmetic to catch inflated income or edited balances. More document formats are on the roadmap.

How fast is it, and how long to integrate?

One HTTPS call to /v1/verify returns a score, a decision and the evidence, typically in under a second for a selfie and in milliseconds for document math. The service is stateless and scales horizontally. Most teams integrate in a day using the API or the Python SDK.

Where is data hosted, and is it compliant?

Infrastructure is hosted in India, over encrypted connections, with tenant isolation and an immutable audit log. We act as your data processor, offer a data processing agreement on request, and support access and deletion rights. Details are on our security and privacy pages.

Talk to us

Tell us what you're fighting.

Get a walkthrough on your own fraud cases and pricing built for your volume. A real person replies, usually within one business day.

A walkthrough on the fraud you are actually seeing
Volume pricing and an extended pilot if you need it
Straight answers from the people who built it

Prefer email? contact@truesecurix.com

Not ready to talk?

Get launch updates and early-access pricing.

No spam. We use these details only to reply about TrueSecurix. By submitting you agree to our Privacy Policy.

Run it on your own files first.

100 verifications free, no card. Point it at the fraud you are seeing today. You only see the flags; your team makes the call. Pay once it is catching what you were missing.