New · KYC/AML compliance, built on the CapchaCloud evidence chain
Every KYC/AML check, plus the proof.
CapchaShield is a Cloudflare-native compliance layer for identity verification, sanctions/PEP screening, and transaction monitoring. Every institution needs these checks; most vendors only give you their verdict. CapchaShield gives you the verdict and an independently, cryptographically provable record of it — sealed into the same dual-anchored evidence chain (RFC-3161 + Bitcoin) that backs the rest of CapchaCloud.
In active development. Native checks are Cloudflare-only (Workers, D1, R2, Workers AI) — no per-seat vendor license required to start. Certified-vendor adapters are code-complete and activate the moment you supply credentials for a vendor you've licensed.
Two tiers. You choose, per check.
No silent downgrades: if a tenant asks for a certified vendor and it isn't configured yet, CapchaShield says so — it never quietly substitutes the native tier and calls it equivalent.
Liveness-tested, Cloudflare-only
Built entirely on Workers, D1, R2, and Workers AI vision — no vendor license needed to turn it on. Randomized active-challenge video presence, Workers-AI face comparison, document triage. Honestly labeled: a real screening signal, never marketed as a certified biometric determination.
Your licensed provider, made provable
Bring your own contract with Sumsub, Jumio, Veriff, ComplyAdvantage, Trulioo, or others. CapchaShield calls their API, then seals their verdict into the tamper-evident chain — so the vendor's decision is independently verifiable, not just a row in their dashboard.
What it checks
ID document
Document capture and triage, or a full certified-vendor identity verification, depending on tier.
Video presence
Randomized active challenges (blink, turn, hold up a number) plus a tamper-evident session recording — liveness-tested, not "certified liveness."
Face match
Workers AI vision compares a live capture to the ID photo in one call — a coarse, honestly-labeled signal, not a forensic biometric match.
Sanctions screening
OFAC/UN/EU/UK list matching natively, or a licensed vendor's full sanctions database via ComplyAdvantage/LexisNexis.
PEP & adverse media
Licensed-data screening — no free authoritative source exists, so this tier is vendor-backed by design.
KYB & UBO
Business registry lookups natively; full beneficial-ownership resolution via Trulioo or a licensed KYB provider.
Device intelligence
Reuses CapchaCloud's existing edge risk signals — IP/geo, bot, and proxy detection — already live in production.
Transaction monitoring
Event capture and rule-based alerting natively; full behavioral AML monitoring via a licensed vendor like Alessa.
Case management
Every check groups into a case a compliance officer opens, notes, escalates, and closes with a disposition — CapchaShield's strongest native, license-free domain. Every action on a case is sealed just like a check, so the case's history is provable, not just a status column.
Who it plugs into
A pluggable adapter per vendor — bring your own license, CapchaShield calls their API and seals the result. Built against each vendor's real, researched API contract, not a guess.
| Vendor | Category | Covers | Status |
|---|---|---|---|
| Sumsub | Identity / KYC | ID document | Adapter ready — add your API keys |
| Jumio | Identity / Liveness | ID document | Adapter ready — add tenant credentials |
| Veriff | Identity / Biometric | ID document | Adapter ready — add per-integration credentials |
| Ondato | Identity / KYC | ID document | Adapter ready — add API credentials |
| Shufti Pro | Identity / KYC | ID + face verification | Adapter ready — add API credentials |
| Trulioo | Identity / KYB | ID document + business verification | Adapter ready — add API credentials |
| ComplyAdvantage | AML | Sanctions + PEP / adverse media | Adapter ready — add API keys |
| LexisNexis | AML | Sanctions screening | Adapter ready — pending your signed integration guide |
| Alessa | AML | Transaction monitoring | Pending a vendor integration guide (no public API exists yet) |
| Fenergo | Case management (CLM) | Full client lifecycle | Planned — case-management module, not a single-check adapter |
Also available as specialist add-ons: iProov (certified liveness/PAD) and Middesk (US business verification). Don't see your vendor? The adapter interface is generic — new vendors are a config change, not a rebuild.
One-click evidence package
Every check — native or vendor — can be exported as a single ZIP: the sealed verdict record, the chain-anchoring receipt, and the underlying evidence itself (ID photos, selfie captures, and session video), each hashed and listed in a manifest so a reviewer can independently verify every file. One download, ready for counsel, an examiner, or your own audit file. Scope it to a whole subject's history, or to one case — pulling just the checks and reviewer notes that happened inside it.
- Sealed verdict record — the full result, disclaimer, and chain receipt for every check on a subject.
- Images & video — the actual ID photo, selfie capture, and session recording, content-addressed by SHA-256.
- Manifest — every file's hash, so the package proves its own integrity offline, without trusting CapchaCloud.
Verified identity, tied to a real transaction
CapchaCloud's separate Transaction Evidence Layer seals a transaction's terms and parties —
any rail: card, ACH, wire, crypto, or internal — into the same evidence chain. A party in that
record can now reference a CapchaShield check: trust-engine fetches that exact sealed record
itself (the same evidence vault both systems already write into — no new integration to trust)
and attaches an independently-verified identity_corroboration to that party,
instead of the industry-standard "self-attested and hope for the best." A bad or mismatched
reference is rejected outright, never silently dropped.
That's the combination competitors don't have: not just "we verified this person" and, separately, "this transaction happened" — one provable chain saying a verified party agreed to specific terms and the transaction settled. Useful anywhere a counterparty-independent record of who-agreed-to-what matters: high-value B2B contracts, real estate earnest money, trade finance, insurance payouts.
One click, and you've got what you need for the dispute
Any sealed transaction — a chargeback, an arbitration filing, small claims, or a regulatory
complaint — can generate a single evidence packet: the sealed record, its public certificate
(what's proven vs. self-attested vs. rail-corroborated), any settlement corroboration from the
rail's own signed webhook, any third-party witness attestations, and — when a party carries a
CapchaShield identity_corroboration — a note of that too. It comes as a ZIP with a
SHA-256 manifest, plus a printable cover brief stating plainly what's proven and what isn't.
What this is not: not an automatic chargeback, arbitration, or lawsuit win — it assembles evidence, it doesn't adjudicate. CapchaCloud is not your acquirer or payment processor and cannot submit representment to Visa, Mastercard, or Nacha, or file anything with a court or regulator on your behalf — only you, your processor, or your counsel can do that. This packet is what you attach.
What CapchaShield does not claim
- Native results are never marketed as "certified" — that word is reserved for a licensed vendor's actual certification (e.g. ISO/IEC 30107-3 liveness testing).
- CapchaShield is not a BSA filer, is not FinCEN-registered, and confers no CIP-program-of-record status.
- Every result carries an explicit list of what it does not establish — a screening aid your compliance officer weighs, never an automatic determination.
Building this now
CapchaShield is in active development on the same Cloudflare-native evidence spine as the rest of CapchaCloud. Tell us which checks and which vendor you need first.