What types of documents can Turing Verify check?

Turing Verify supports diplomas, university degrees, transcripts, professional certifications (AWS, CPA, CFA, PMP, CompTIA), government IDs (national IDs, driver licenses, healthcare IDs), insurance cards, employment verification letters, offer letters, and trade-association credentials.

How accurate is Turing Verify at detecting fake documents?

Turing Verify runs a 50-pattern forensic analysis framework called V50-MASTER+ID. It examines visual, typographic, metadata, data-integrity, and AI-generation signals, and returns a confidence score per pattern so reviewers can audit the verdict instead of getting a black-box answer.

How long does document verification take?

Most documents finish in under 30 seconds. The pipeline runs visual forensics, metadata inspection, internal data-logic checks, and registry cross-reference in parallel, far faster than the 3-to-14 days a manual registrar verification typically takes.

Is Turing Verify free to use?

Yes. The free tier includes 3 verifications per month. Paid plans start at EUR 9 per month (Personal, 15 verifications), EUR 29 per month (Pro, 150 verifications), and EUR 99 per month (Business, 500 verifications with API access). Enterprise pricing is custom.

Is Turing Verify GDPR-compliant?

Yes. Inference runs on EU-resident infrastructure. Documents are processed in memory and not retained unless the user explicitly opts in. The DPA and sub-processor register are public on the Trust page.

Who uses Turing Verify?

HR and talent-acquisition teams screening candidate credentials, university admissions and registrar offices verifying transcripts and foreign degrees, banks and fintechs running KYC, insurance teams detecting claims fraud, and licensing boards authenticating professional credentials.

Can Turing Verify detect AI-generated fake documents?

Yes. The pipeline targets diffusion-model and GAN signatures, synthetic-text patterns, and statistical anomalies in pixel distributions, failure modes that purely visual reviewers miss.

What is Plaid and how does it verify bank accounts?

Plaid is an open banking API that connects an application to a user's bank account with the user's permission. The user authenticates directly with their bank inside Plaid's flow; Plaid then returns account ownership, real-time balance, transaction history, and identity data to the requesting app. It replaces the older micro-deposit and bank-statement workflow for instant verification at account opening, lending, and ACH origination.

What is the difference between Plaid and Yodlee?

Plaid is the developer-friendly option with cleaner APIs, faster onboarding, and predictable pricing; it dominates fintech building speed-to-launch. Yodlee has deeper historical coverage and broader global footprint (APAC, Middle East, parts of Europe and emerging markets) and is the more common choice for cross-border or enterprise lending. Plaid is rapidly expanding globally as of 2026 but Yodlee still leads outside the US.

How does asset verification work for mortgages?

Asset verification confirms the borrower's funds exist in the named account and belong to the borrower. The 2026 pattern: the borrower authorizes Plaid (or another aggregator like Finicity, MX, or Akoya) to connect their bank account. The aggregator returns 12 to 24 months of balance and transaction history plus account ownership. The lender uses this in lieu of paper bank statements, which are forgeable. The GSEs (Fannie Mae, Freddie Mac) accept this digital verification under their day-1 certainty / asset-verification programs.

Are micro-deposits still used for bank verification?

Yes, as a fallback when the bank does not support open-banking aggregation or when the user prefers not to share login credentials. The aggregator sends two small deposits (cents) to the account; the user reports the amounts; the system confirms account control. The flow takes 1 to 3 business days vs instant with API verification. Modern fintechs offer both: open-banking aggregation as the default, micro-deposits when the user opts out or the bank is unsupported.

Is open banking the same as PSD2?

PSD2 is the European Union directive (Payment Services Directive 2) that mandated regulated open banking access for EU banks. The US has no equivalent federal mandate as of 2026, though the CFPB Section 1033 rulemaking (finalized in October 2024 and entering phased compliance through 2026 to 2030) is establishing similar consumer-permissioned data access. Plaid and similar aggregators operate in the US under bilateral data agreements with banks and increasingly under FDX-standard API specifications.

Where does forensic AI fit if Plaid covers the bank already?

When the borrower or applicant uploads a PDF bank statement instead of authorizing direct connection. Some loan programs still accept paper statements; some borrowers refuse open-banking connections; some banks fall outside the aggregator's coverage. For those cases, forensic AI inspects the uploaded statement for PDF producer mismatch, ELA anomalies on numeric fields, and template-pattern violations. The statements that fail forensic checks are referred to the open-banking path or to manual review.

Fintech & Lending · Verification Playbook

Bank Account Verification 2026

Plaid, Yodlee, micro-deposits, and the open-banking standard. The 2026 playbook for fintechs, lenders, and underwriters, with the asset-verification flow for mortgages and where forensic AI fits on uploaded statements.

The 2026 instant-verification flow. The user authorizes the aggregator with their bank credentials; the aggregator returns balance, transactions, and ownership in seconds. Micro-deposits are the fallback for unsupported banks.Illustration · Turing Verify

The Turing Verify Forensic Team

May 12, 2026 · 10 min read

Why the bank statement is no longer the primary check

In 2010, a borrower mailed in a stack of paper bank statements. The underwriter eyeballed them, the processor entered the totals, and the loan moved forward. The system depended on the difficulty of forging a printed bank statement. AI changed that. A convincing forged statement in 2026 takes minutes, and the visual checks an underwriter can run in a few seconds catch only the worst examples.

The mitigation that scaled is open banking. Instead of trusting a printed artifact, the lender connects directly to the bank via an aggregator (Plaid, Yodlee, Finicity, MX, Akoya). The user authorizes the connection inside the aggregator’s flow; the aggregator returns balance, transaction history, identity, and account ownership in seconds. The bank’s API is the authoritative source, and the aggregator is the standardized interface across 10,000-plus US financial institutions.

How Plaid verifies an account, step by step

The Plaid Link flow most users have seen at least once:

The application embeds Plaid Link, the user-facing modal. The user picks their bank from the list.
Plaid Link routes the user into an OAuth flow at the bank or, for smaller institutions, a credential prompt. The user authenticates inside the bank’s domain, not the application’s.
The user grants access to the requested scopes: account ownership, balance, transactions, identity, income, or asset history. Each scope has a separate consent prompt in the modern flow.
Plaid returns an access token to the application. The application can then call Plaid’s API to fetch the data the user consented to share.

For account verification specifically, the canonical endpoint is Auth (account and routing number plus account ownership), often paired with Balance (current and available balance) and Identity (name on the account). Together, these answer the lender’s three questions: does the account exist, who owns it, and how much is in it.

Plaid vs. Yodlee: when to pick which

Both connect to bank accounts; both return balance, transactions, and ownership; both have FCRA-compliant consumer-permissioned data flows. The differences are operational.

Plaid wins on API design, documentation, time to launch, and US bank coverage. Most modern US fintechs pick Plaid by default. Pricing is per-API-call with predictable tier structure.
Yodlee wins on global coverage (APAC, Middle East, Europe, emerging markets), on depth of historical transaction data, and on enterprise contract terms. Cross-border lending, global wealth-management aggregation, and large legacy financial services products often choose Yodlee.
Finicity (owned by Mastercard) andMX are the second-tier US options. Akoya is a banks-owned consortium that emphasizes direct, FDX-standard API access without credential sharing.

For US-only fintechs hitting time to market: Plaid. For global lending or wealth platforms: Yodlee. For banks wanting to control how their data leaves the vault: Akoya.

Three verification paths feed one question. Open banking is the modern default; micro-deposits and forensic-AI on uploaded statements cover the edges.

The bank statement was a printed artifact. The bank balance is now an API call. Forgery does not scale against the API.

Asset verification for mortgages

Mortgage lending is the largest single use case for bank-account verification. The GSEs (Fannie Mae and Freddie Mac) accept digital asset verification through their Day-1 Certainty (Fannie) and AIM (Freddie) / Automated Collateral Evaluation programs. The qualifying aggregators are listed by each GSE; Plaid, Finicity, and a small set of others are approved.

The flow:

At loan application, the borrower authorizes the aggregator. The aggregator returns 12 to 24 months of account balance and transaction history.
The lender uploads the aggregator report to the GSE’s automated underwriting system in lieu of paper bank statements.
The GSE’s system accepts the digital report with rep-and-warrant relief on the asset representation; the lender carries less risk if the asset data later proves wrong.
The borrower’s file moves through underwriting faster (days, not weeks) and the loan closes sooner.

For borrowers who decline open-banking connection, the lender falls back to paper statements with 4506-C tax transcripts. See our tax return and W-2 verification guide for the income-side analog.

Where forensic AI fits: the uploaded-statement path

Open banking does not cover every case. Three situations recur:

Borrower refuses to share credentials. Some borrowers will not enter bank credentials in an aggregator flow, even with consent.
Bank not supported. Aggregator coverage is excellent for major US banks but uneven for small credit unions, foreign banks, and certain brokerage accounts. International coverage outside the major markets is patchy.
Loan program does not yet accept digital verification. Some specialty loans and most non-QM products still rely on paper statements.

For these cases, the borrower uploads a PDF statement. Forensic AI is the layer that confirms authenticity:

PDF producer metadata. Real bank statements carry the producer string of the bank’s statement system (Fiserv, FIS, Jack Henry, NCR, Open Solutions, or the bank’s internal tooling). A producer of Adobe Photoshop, Microsoft Word, or a generic PDF writer flags immediately.
ELA on numeric fields. Balance and transaction amounts are the most-edited fields on a forged statement; they glow against an otherwise uniform Error Level Analysis background.
Template pattern match. Each major US bank has a characteristic statement layout. Deviations (misaligned columns, font substitution in the header) are detectable.

See our photoshop detection guide for the underlying forensic methods. The same engine that catches diploma forgery catches bank-statement forgery; the field of editing is just different.

The regulatory backdrop: PSD2 and CFPB 1033

Two regulatory regimes shape the 2026 landscape.

PSD2 (Europe). The Payment Services Directive 2 mandates regulated open-banking access in the EU. Banks must expose APIs that licensed aggregators can call with consumer consent. The UK has its own Open Banking Implementation Entity (OBIE) standard, which closely tracks PSD2.
CFPB Section 1033 (US).Finalized in October 2024, the Consumer Financial Protection Bureau’s personal-financial-data-rights rule establishes consumer-permissioned data access in the US. Phased compliance runs 2026 through 2030, starting with the largest depository institutions. The rule formalizes what Plaid and Yodlee have operated under bilateral agreements for years.

The Financial Data Exchange (FDX) standard provides the underlying API specification that US banks and aggregators are converging on, mirroring the OBIE model. The trajectory is toward consumer-permissioned data access as a regulated commodity rather than a negotiated bilateral relationship.

Frequently asked questions

Does Plaid store my bank password?

For institutions on OAuth (most major US banks in 2026), no. The user authenticates with the bank directly and Plaid receives an access token, not credentials. For older credential-based flows, Plaid stores the credentials encrypted; the trajectory under FDX and CFPB 1033 is toward eliminating credential storage entirely.

Is Plaid free?

For consumers, yes. For businesses using Plaid, no. Pricing is per-API-call by product (Auth, Identity, Balance, Transactions, Investments, Liabilities, Income, Assets, Signal). Volume tiers and enterprise contracts apply at scale.

What is FCRA permissible purpose for bank data?

Bank data accessed under consumer consent for a specific lending or financial-services purpose qualifies as a permissible purpose under FCRA when used by a CRA. Most aggregators document the permissible purpose in their consent flow; lenders must keep records of the consent.

Can a borrower lie about which account is their primary?

Yes, and they do. A common pattern is connecting a rarely-used account with cleaner balances rather than the primary checking account. The mitigation is to request all accounts in the household and to look at the volume of inflows and outflows, not just the balance.

What about crypto accounts?

A growing edge case. Plaid and Yodlee both support some major exchanges (Coinbase, Kraken, Gemini) for balance and transaction data. Coverage is uneven and the data shape is different from bank accounts; for crypto-heavy borrowers, expect manual review on top of the aggregator pull.

ShareX / Twitter LinkedIn

Forensic AI on bank statements that fall outside open banking.

For uploaded PDF statements from unsupported banks or borrowers who decline aggregator connections, forensic AI catches forgery on PDF producer, ELA, and template pattern. Free for the first check.

Verify a bank statement →

Keep reading

Fintech & Lending · Verification Playbook

Bank Account Verification 2026

The Turing Verify Forensic Team

May 12, 2026 · 10 min read

Why the bank statement is no longer the primary check

How Plaid verifies an account, step by step

The Plaid Link flow most users have seen at least once:

The application embeds Plaid Link, the user-facing modal. The user picks their bank from the list.
Plaid Link routes the user into an OAuth flow at the bank or, for smaller institutions, a credential prompt. The user authenticates inside the bank’s domain, not the application’s.
The user grants access to the requested scopes: account ownership, balance, transactions, identity, income, or asset history. Each scope has a separate consent prompt in the modern flow.
Plaid returns an access token to the application. The application can then call Plaid’s API to fetch the data the user consented to share.

Plaid vs. Yodlee: when to pick which

Both connect to bank accounts; both return balance, transactions, and ownership; both have FCRA-compliant consumer-permissioned data flows. The differences are operational.

Plaid wins on API design, documentation, time to launch, and US bank coverage. Most modern US fintechs pick Plaid by default. Pricing is per-API-call with predictable tier structure.
Yodlee wins on global coverage (APAC, Middle East, Europe, emerging markets), on depth of historical transaction data, and on enterprise contract terms. Cross-border lending, global wealth-management aggregation, and large legacy financial services products often choose Yodlee.
Finicity (owned by Mastercard) andMX are the second-tier US options. Akoya is a banks-owned consortium that emphasizes direct, FDX-standard API access without credential sharing.

For US-only fintechs hitting time to market: Plaid. For global lending or wealth platforms: Yodlee. For banks wanting to control how their data leaves the vault: Akoya.

Three verification paths feed one question. Open banking is the modern default; micro-deposits and forensic-AI on uploaded statements cover the edges.

The bank statement was a printed artifact. The bank balance is now an API call. Forgery does not scale against the API.

Asset verification for mortgages

The flow:

At loan application, the borrower authorizes the aggregator. The aggregator returns 12 to 24 months of account balance and transaction history.
The lender uploads the aggregator report to the GSE’s automated underwriting system in lieu of paper bank statements.
The GSE’s system accepts the digital report with rep-and-warrant relief on the asset representation; the lender carries less risk if the asset data later proves wrong.
The borrower’s file moves through underwriting faster (days, not weeks) and the loan closes sooner.

For borrowers who decline open-banking connection, the lender falls back to paper statements with 4506-C tax transcripts. See our tax return and W-2 verification guide for the income-side analog.

Where forensic AI fits: the uploaded-statement path

Open banking does not cover every case. Three situations recur:

Borrower refuses to share credentials. Some borrowers will not enter bank credentials in an aggregator flow, even with consent.
Bank not supported. Aggregator coverage is excellent for major US banks but uneven for small credit unions, foreign banks, and certain brokerage accounts. International coverage outside the major markets is patchy.
Loan program does not yet accept digital verification. Some specialty loans and most non-QM products still rely on paper statements.

For these cases, the borrower uploads a PDF statement. Forensic AI is the layer that confirms authenticity:

PDF producer metadata. Real bank statements carry the producer string of the bank’s statement system (Fiserv, FIS, Jack Henry, NCR, Open Solutions, or the bank’s internal tooling). A producer of Adobe Photoshop, Microsoft Word, or a generic PDF writer flags immediately.
ELA on numeric fields. Balance and transaction amounts are the most-edited fields on a forged statement; they glow against an otherwise uniform Error Level Analysis background.
Template pattern match. Each major US bank has a characteristic statement layout. Deviations (misaligned columns, font substitution in the header) are detectable.

See our photoshop detection guide for the underlying forensic methods. The same engine that catches diploma forgery catches bank-statement forgery; the field of editing is just different.

The regulatory backdrop: PSD2 and CFPB 1033

Two regulatory regimes shape the 2026 landscape.

PSD2 (Europe). The Payment Services Directive 2 mandates regulated open-banking access in the EU. Banks must expose APIs that licensed aggregators can call with consumer consent. The UK has its own Open Banking Implementation Entity (OBIE) standard, which closely tracks PSD2.
CFPB Section 1033 (US).Finalized in October 2024, the Consumer Financial Protection Bureau’s personal-financial-data-rights rule establishes consumer-permissioned data access in the US. Phased compliance runs 2026 through 2030, starting with the largest depository institutions. The rule formalizes what Plaid and Yodlee have operated under bilateral agreements for years.

Frequently asked questions

Does Plaid store my bank password?

Is Plaid free?

What is FCRA permissible purpose for bank data?

Can a borrower lie about which account is their primary?

What about crypto accounts?

ShareX / Twitter LinkedIn

Forensic AI on bank statements that fall outside open banking.

For uploaded PDF statements from unsupported banks or borrowers who decline aggregator connections, forensic AI catches forgery on PDF producer, ELA, and template pattern. Free for the first check.

Verify a bank statement →

Keep reading