What types of documents can Turing Verify check?

Turing Verify supports diplomas, university degrees, transcripts, professional certifications (AWS, CPA, CFA, PMP, CompTIA), government IDs (national IDs, driver licenses, healthcare IDs), insurance cards, employment verification letters, offer letters, and trade-association credentials.

How accurate is Turing Verify at detecting fake documents?

Turing Verify runs a 50-pattern forensic analysis framework called V50-MASTER+ID. It examines visual, typographic, metadata, data-integrity, and AI-generation signals, and returns a confidence score per pattern so reviewers can audit the verdict instead of getting a black-box answer.

How long does document verification take?

Most documents finish in under 30 seconds. The pipeline runs visual forensics, metadata inspection, internal data-logic checks, and registry cross-reference in parallel, far faster than the 3-to-14 days a manual registrar verification typically takes.

Is Turing Verify free to use?

Yes. The free tier includes 3 verifications per month. Paid plans start at EUR 9 per month (Personal, 15 verifications), EUR 29 per month (Pro, 150 verifications), and EUR 99 per month (Business, 500 verifications with API access). Enterprise pricing is custom.

Is Turing Verify GDPR-compliant?

Yes. Inference runs on EU-resident infrastructure. Documents are processed in memory and not retained unless the user explicitly opts in. The DPA and sub-processor register are public on the Trust page.

Who uses Turing Verify?

HR and talent-acquisition teams screening candidate credentials, university admissions and registrar offices verifying transcripts and foreign degrees, banks and fintechs running KYC, insurance teams detecting claims fraud, and licensing boards authenticating professional credentials.

Can Turing Verify detect AI-generated fake documents?

Yes. The pipeline targets diffusion-model and GAN signatures, synthetic-text patterns, and statistical anomalies in pixel distributions, failure modes that purely visual reviewers miss.

What documents should I collect to onboard a new vendor?

Six core documents. W-9 (or W-8 BEN/BEN-E for foreign vendors) for tax reporting. Certificate of formation establishing the legal entity. EIN confirmation letter or equivalent tax-registration record. Certificate of insurance (general liability, workers compensation as applicable). Beneficial-ownership disclosure for KYB-equivalent due diligence. Banking instructions on the vendor's letterhead or via a verified portal. Higher-risk vendors add references, financial statements, and compliance certifications.

How do I verify a W-9?

The IRS TIN Matching service confirms that the name and Taxpayer Identification Number on the W-9 match IRS records. Enroll the business in TIN Matching (free for payers); submit the W-9 information; receive a match or no-match response. The service does not return additional vendor information, only a match/no-match. Pair with business-registry lookup to confirm the entity is real and in good standing in the state of formation.

What is the biggest vendor fraud risk?

Banking instructions fraud, also called vendor impersonation or business email compromise (BEC) targeting AP. The attacker impersonates a real vendor (or compromises the vendor's email) and sends updated banking instructions for an upcoming payment. The payment goes to the attacker. FBI IC3 data places annual US losses from BEC and similar email-based wire fraud well above USD 2 billion. Catching it requires out-of-band confirmation of banking changes, not reliance on the document or email alone.

How does forensic AI fit in vendor KYB?

Three places. First, on the certificate of insurance to confirm it is real and current (insurance certificate fraud is a recurring pattern in construction, transportation, and event vendors). Second, on the W-9 itself (rare but happens). Third, on banking instructions to detect Photoshopped account-number changes. Forensic AI runs PDF producer, ELA, and template-pattern checks; the AI flag triggers out-of-band confirmation.

What is a vendor master file and why does it matter?

The vendor master file is the AP system's record of approved vendors: name, address, tax ID, banking instructions, contract terms. Changes to the master file are the highest-value target for fraud because a single banking-instruction change can redirect every subsequent payment to that vendor. Best practice: segregation of duties so that change-approvers cannot also process payments; out-of-band confirmation of every banking change; documented audit trail of who approved what when.

Do I need to verify beneficial owners of vendors?

Best practice yes, especially for high-value or high-risk vendor relationships. The CDD bank rule does not directly apply to non-bank vendor onboarding, but the same concepts (ownership transparency, sanctions screening) reduce risk of dealing with sanctioned or shell entities. For specific guidance on the FinCEN BOI / CTA status see our beneficial owner identification guide.

Procurement & AP · Vendor KYB

Vendor Onboarding KYB: Beyond the W-9

The W-9 is the minimum, not the verification. The 2026 working playbook for procurement and AP teams: six documents that establish a real vendor, plus the BEC and banking-instruction fraud surface that dominates loss.

The 2026 vendor KYB stack. Six documents establish the entity. Banking-instructions confirmation is the highest-value control. BEC dominates loss.Illustration · Turing Verify

The Turing Verify Forensic Team

May 12, 2026 · 9 min read

W-9 (or W-8 for foreign vendors). Tax identification and certification. Run through IRS TIN Matching for a name + TIN match against IRS records.
Certificate of formation or incorporation. Establishes the legal entity. Verify against the state business registry (Delaware Division of Corporations, California Secretary of State Bizfile, similar).
EIN confirmation letter (CP 575 or 147C). Original IRS issuance or verification letter. EIN-letter forgery is a known fraud pattern; forensic AI on the PDF catches obvious cases.
Certificate of Insurance (COI). General liability, workers compensation, and other coverages required by the contract. Verify by direct contact with the listed insurance carrier or via an automated COI-tracking service.
Beneficial-ownership disclosure. Names and ownership percentages of beneficial owners at 25 percent or more, plus a control person. See our beneficial-owner guide.
Banking instructions. On vendor letterhead or via a verified portal. Out-of-band confirmation before adding to the vendor master.

Higher-risk vendors (large dollar value, international, regulated industry, or new relationship) add references, financial statements, sanctions screening (OFAC, EU, UN), and adverse-media review.

The BEC / banking-instructions fraud surface

Business Email Compromise is the dominant loss vector in AP. The FBI Internet Crime Complaint Center (IC3) places US BEC and email-account-compromise losses above USD 2 billion annually in recent reports. The vendor-impersonation variant works like this:

The attacker compromises a real vendor's email account, or registers a look-alike domain (acme-corp.com vs acmecorp.com), or builds a complete spoofing infrastructure.
An invoice or payment-request email arrives looking like the legitimate vendor, with updated banking instructions for routing the next payment.
AP processes the change because the email looks right, the invoice numbers are real, and the timing aligns with an actual outstanding obligation.
The payment goes to the attacker's account. Recovery is rare; bank-initiated reversals typically fail beyond a 72-hour window.

The defense is procedural: out-of-band confirmation of every banking change. AP confirms changes via a phone number from the vendor master (not from the email), or via a portal that requires multi-factor authentication, or by an explicit second-channel verification. The AI-detection cost is trivial relative to the savings.

Certificate of Insurance: the recurring fraud target

COI fraud is its own category. In construction, transportation, event services, and any vendor relationship where insurance coverage is contractually required, vendors sometimes supply forged COIs to meet onboarding requirements they cannot otherwise satisfy. Patterns:

COI from a real insurance carrier with edited coverage amounts or expiration date.
COI from a real carrier where the named insured is the vendor but the policy is for a different entity.
Fully fabricated COI from a fictional carrier or with completely synthetic content.

The mitigation: direct verification with the carrier (most major carriers run an agent or broker portal where employers can confirm coverage) or COI-tracking services like Certificate Hero, MyCOI, Bindable that maintain real-time carrier connections. Forensic AI on the uploaded COI catches the obvious forgeries before the carrier contact, narrowing the queue.

Six documents, six paths. Banking-instructions confirmation is the highest-value AP control by loss prevented.

A W-9 alone proves nothing. Six documents and out-of-band confirmation prove a real vendor.

The 2026 procurement workflow that works

Standardize the six-document intake. Reject vendor onboardings missing any required item.
Run TIN Matching at intake. Run business-registry lookup at intake. Run forensic AI on uploaded PDFs at intake.
Maintain banking-instructions confirmation as a non-negotiable. Every initial set; every change.
Segregate duties: the person who approves vendor-master changes does not process payments.
Set up COI tracking with expiration alerts. Stop processing payments when COI lapses.
Run sanctions and PEP screening on the entity and on beneficial owners; re-screen on a cadence.
Document every step. The audit trail is the difference between a compliance program and a procurement habit.

Frequently asked questions

Do I need to KYB every vendor?

Risk-tiered. High-value or high-risk vendors get the full six-document stack plus enhanced due diligence. Low-value, low-risk vendors (small purchases, well-established suppliers) can run a lighter intake. Document the tier rationale in the procurement policy.

What about foreign vendors?

W-8 BEN (individual) or W-8 BEN-E (entity) replaces W-9. Country-specific entity registration replaces US state business registry. OFAC and sanctions screening becomes more important for foreign vendors. Currency, banking, and tax-withholding rules add their own layer.

How does the FinCEN BOI rule affect vendor KYB?

For non-bank vendor onboarding, FinCEN BOI is not directly applicable but the underlying concepts (beneficial-ownership transparency, identity of natural persons) overlap. See our BOI status guide.

What is a vendor portal vs ad-hoc onboarding?

Modern AP runs vendor onboarding through a portal (Coupa, Ariba, Avetta, ISN, Tipalti) where vendors submit documents directly. The portal enforces document requirements, runs automated checks, and produces an audit trail. Ad-hoc onboarding via email is the most fraud-prone path.

Can vendor fraud insurance cover BEC losses?

Some cyber insurance and crime-coverage policies include BEC, but coverage varies widely. Read the policy carefully; some carriers exclude voluntary parting of funds (which most BEC fits), some carve out coverage for failure to follow procedural controls. The insurance is a backstop, not a substitute for the control.

ShareX / Twitter LinkedIn

Forensic AI on vendor documents at intake.

EIN letters, certificates of insurance, formation documents, banking-instruction PDFs. Free for the first check.

Verify vendor documents →

Keep reading

Vendor Onboarding KYB: Beyond the W-9

The 2026 vendor KYB stack. Six documents establish the entity. Banking-instructions confirmation is the highest-value control. BEC dominates loss.Illustration · Turing Verify

The Turing Verify Forensic Team

May 12, 2026 · 9 min read

W-9 (or W-8 for foreign vendors). Tax identification and certification. Run through IRS TIN Matching for a name + TIN match against IRS records.
Certificate of formation or incorporation. Establishes the legal entity. Verify against the state business registry (Delaware Division of Corporations, California Secretary of State Bizfile, similar).
EIN confirmation letter (CP 575 or 147C). Original IRS issuance or verification letter. EIN-letter forgery is a known fraud pattern; forensic AI on the PDF catches obvious cases.
Certificate of Insurance (COI). General liability, workers compensation, and other coverages required by the contract. Verify by direct contact with the listed insurance carrier or via an automated COI-tracking service.
Beneficial-ownership disclosure. Names and ownership percentages of beneficial owners at 25 percent or more, plus a control person. See our beneficial-owner guide.
Banking instructions. On vendor letterhead or via a verified portal. Out-of-band confirmation before adding to the vendor master.

Higher-risk vendors (large dollar value, international, regulated industry, or new relationship) add references, financial statements, sanctions screening (OFAC, EU, UN), and adverse-media review.

The BEC / banking-instructions fraud surface

The attacker compromises a real vendor's email account, or registers a look-alike domain (acme-corp.com vs acmecorp.com), or builds a complete spoofing infrastructure.
An invoice or payment-request email arrives looking like the legitimate vendor, with updated banking instructions for routing the next payment.
AP processes the change because the email looks right, the invoice numbers are real, and the timing aligns with an actual outstanding obligation.
The payment goes to the attacker's account. Recovery is rare; bank-initiated reversals typically fail beyond a 72-hour window.

Certificate of Insurance: the recurring fraud target

COI from a real insurance carrier with edited coverage amounts or expiration date.
COI from a real carrier where the named insured is the vendor but the policy is for a different entity.
Fully fabricated COI from a fictional carrier or with completely synthetic content.

Six documents, six paths. Banking-instructions confirmation is the highest-value AP control by loss prevented.

A W-9 alone proves nothing. Six documents and out-of-band confirmation prove a real vendor.

The 2026 procurement workflow that works

Standardize the six-document intake. Reject vendor onboardings missing any required item.
Run TIN Matching at intake. Run business-registry lookup at intake. Run forensic AI on uploaded PDFs at intake.
Maintain banking-instructions confirmation as a non-negotiable. Every initial set; every change.
Segregate duties: the person who approves vendor-master changes does not process payments.
Set up COI tracking with expiration alerts. Stop processing payments when COI lapses.
Run sanctions and PEP screening on the entity and on beneficial owners; re-screen on a cadence.
Document every step. The audit trail is the difference between a compliance program and a procurement habit.

Frequently asked questions

Do I need to KYB every vendor?

What about foreign vendors?

How does the FinCEN BOI rule affect vendor KYB?

For non-bank vendor onboarding, FinCEN BOI is not directly applicable but the underlying concepts (beneficial-ownership transparency, identity of natural persons) overlap. See our BOI status guide.

What is a vendor portal vs ad-hoc onboarding?

Can vendor fraud insurance cover BEC losses?

Forensic AI on vendor documents at intake.

EIN letters, certificates of insurance, formation documents, banking-instruction PDFs. Free for the first check.

Verify vendor documents →

Vendor Onboarding KYB: Beyond the W-9

The six documents that actually verify a vendor

The BEC / banking-instructions fraud surface

Certificate of Insurance: the recurring fraud target

The 2026 procurement workflow that works

Frequently asked questions

Vendor Onboarding KYB: Beyond the W-9

The six documents that actually verify a vendor

The BEC / banking-instructions fraud surface

Certificate of Insurance: the recurring fraud target

The 2026 procurement workflow that works

Frequently asked questions