Side-by-side comparison of Sumsub, Onfido, Veriff and Jumio for iGaming: pricing, geographic strength, AML/PEP screening, integration, compliance.
Choosing the wrong KYC vendor for an iGaming platform is one of the most expensive mistakes an operator can make — verification costs scale linearly with deposits, drop-off rates compound into millions of pounds of lost gross gaming revenue, and regulator-grade audit gaps trigger fines that dwarf any procurement saving. The four serious vendors — Sumsub, Onfido, Veriff and Jumio — solve broadly the same problem but optimise for very different geographies, price points and regulatory pressures. This guide compares them across pricing, document coverage, AML screening, fraud detection and integration, with specific weight given to what gambling regulators actually demand in 2026.
iGaming KYC is not a generic identity check. Unlike fintech onboarding, gambling carries political risk, addiction risk and money-laundering risk simultaneously, and regulators have written that into licence conditions. A vendor that ships a beautiful flow for a neobank may simply not surface the data points a UKGC compliance officer needs to see in an audit.
Three structural differences matter. First, gambling triggers PEP (politically exposed person) and adverse media checks at far lower thresholds than retail banking, because a politician laundering through a casino is a category of risk regulators actively hunt. Second, gambling platforms must verify source of funds and source of wealth at deposit thresholds set by the regulator — for example, the UKGC expects enhanced checks once a customer has deposited £2,000 in a rolling period, and similar trigger-based EDD (enhanced due diligence) is required by the Malta Gaming Authority. Third, every licensed UK operator must integrate with GAMSTOP, the national self-exclusion register, in real time at sign-up — and parallel registers exist in Denmark (ROFUS), Sweden (Spelpaus), Spain (RGIAJ) and elsewhere.
Generic CDD (customer due diligence) does not satisfy these obligations. Operators need a vendor whose product team treats gambling as a first-class use case, not a configuration of a generic identity SDK.
The table below summarises the headline differences between the four major KYC vendors operators evaluate for iGaming use cases. Pricing assumes mid-volume operators (50,000 to 500,000 verifications per year) and is indicative — every vendor negotiates by volume, geography and product mix.
| Feature | Sumsub | Onfido | Veriff | Jumio |
|---|---|---|---|---|
| Price per verification | $0.80–$1.50 | $2.00–$4.00 | $1.00–$2.50 | $3.00–$5.00+ |
| Pricing model | Per-check, hybrid | Subscription + per-check | Per-check, volume tiers | Enterprise, often subscription |
| Document types supported | 200+ | 4,500+ | 11,000+ | 5,000+ |
| Countries supported | 220+ | 195+ | 230+ | 200+ |
| AML/PEP screening | Built-in | Add-on | Add-on (Veriff Sanctions) | Built-in |
| Liveness / biometric | Yes (active + passive) | Yes (Motion) | Yes (passive) | Yes (active + passive) |
| Ongoing monitoring | Yes | Yes (limited) | Yes | Yes |
| Manual review SLA | 30 sec – 2 min median | 1 – 5 min median | Sub-minute typical | 1 – 3 min median |
| Pass-through rate | ~94–96% | ~88–92% | ~95–97% | ~90–93% |
| SOC 2 / ISO 27001 / PCI DSS | Yes / Yes / Yes | Yes / Yes / Partial | Yes / Yes / Yes | Yes / Yes / Yes |
| Geographic strength | CIS, Eastern Europe, MENA, SE Asia | UK, Western Europe | LatAm, Europe, global | US, Tier-1 Europe |
| Typical iGaming customer profile | Crypto casinos, Curaçao licensees, growth-stage | UKGC operators, FCA-adjacent fintech | Mid-market global, Anjouan licensees | PokerStars, Bet365, Tier-1 sportsbooks |
Pass-through rate (the share of users completing verification without manual intervention or drop-off) is the most disputed metric in the industry. Vendors publish their best numbers; the lived reality on iGaming traffic is consistently 3–6 percentage points lower than marketing materials suggest.
Sumsub is the price-aggressive challenger and the de facto standard for crypto and Curaçao-licensed operators in 2026. Founded in London in 2015, it grew on crypto exchange onboarding and carried that volume-pricing DNA into iGaming.
The product covers the full compliance lifecycle: document verification, biometric verification, liveness check, sanctions and PEP screening, ongoing monitoring, and an integrated transaction monitoring add-on. The white-label flow is genuinely customisable — operators can ship Sumsub without a single Sumsub-branded pixel reaching the end user.
Sumsub's strongest geography is the post-Soviet space. If your audience is meaningful in Russia, Kazakhstan, Ukraine, Georgia or Azerbaijan, Sumsub's document library and Cyrillic-language review queue outperform every Western competitor. It is also competitive in MENA and Southeast Asia, two regions where Onfido and Jumio historically struggled.
Pricing lands at $0.80 to $1.50 per completed verification at mid-tier volume, dropping below $0.60 for operators clearing several hundred thousand checks per month. AML screening is bundled rather than billed separately — a meaningful saving versus Onfido.
The weak point is Western European document edge cases and a manual review process that, while fast on average, occasionally surfaces decisions that confuse Western compliance officers — Sumsub's case files, while complete, are not as polished as Onfido's.
Onfido is the British incumbent. Founded in 2012 and acquired by Entrust in 2024, it is the vendor Western European banks and FCA-regulated fintechs default to. For UKGC-licensed iGaming operators, Onfido has historically been the safe choice — the one a compliance officer can defend in a regulator meeting without having to explain who the vendor is.
The product strengths are document coverage in the UK and Western Europe, a mature biometric verification flow (Onfido Motion, an active-liveness short video selfie), and a polished case-management UI for compliance teams. Pass rates on UK driving licences and EU national IDs are excellent, and the audit trail is genuinely auditor-friendly — every decision links to a versioned model output, and outcomes are exportable in formats UKGC inspectors recognise.
Pricing is the headline weakness. Onfido is the most expensive of the four mid-market vendors at $2 to $4 per check, and AML/sanctions screening sits on top as a separately priced module. For an iGaming operator running 200,000 verifications a year, the all-in cost gap versus Sumsub can run into hundreds of thousands of pounds annually.
Manual review SLAs are also slower than Sumsub's median, and Onfido's strength outside Western Europe and North America is narrower than its document count implies. For an operator targeting LatAm, CIS or Southeast Asia as primary growth markets, Onfido is rarely the right primary vendor.
Veriff is the Estonian dark horse and increasingly the choice operators land on after running a head-to-head bake-off. Founded in 2015 in Tallinn, it sits between Sumsub on price and Onfido on polish, and its document library is the largest of the four — over 11,000 document types as of 2026.
Veriff's headline technical claim is sub-minute decisioning at scale, achieved via a heavy machine-learning fraud-detection layer that flags forged documents and synthetic-identity attempts in real time. For LatAm-facing operators in particular, Veriff's coverage of Brazilian, Mexican, Argentine and Colombian documents is best-in-class — a meaningful advantage as the LatAm regulated iGaming market matures.
Pricing typically lands at $1 to $2.50 per check, with AML screening (Veriff Sanctions) priced as a separate module similar to Onfido's structure. Pass-through rates are strong — Veriff regularly publishes numbers in the 95%+ range and these survive contact with real iGaming traffic better than most.
The weak points: ongoing monitoring is less mature than Sumsub's, the integration story is API-first with weaker no-code options, and Veriff's brand recognition with conservative Tier-1 regulators (UKGC, MGA) is lower than Onfido's, though closing fast.
Jumio is the enterprise default. If your operator is a Tier-1 brand — PokerStars, Bet365, Flutter or Entain group operators — there is a high probability you are running Jumio. Netverify was one of the first end-to-end identity platforms with regulator-grade audit trails, bundled sanctions screening, and a US footprint European-headquartered competitors took years to match.
Strengths are US document coverage (US driver's licence variation alone is an enormous moat), bundled AML screening, deep ongoing monitoring, and a customer success organisation that operates as an extension of the operator's compliance team. For US-regulated markets — New Jersey, Pennsylvania, Michigan, Ontario — Jumio's track record is unmatched.
The cost is the cost. Jumio is the most expensive of the four at $3 to $5 per check, often higher for bespoke configurations. Pricing is rarely transparent — most engagements are subscription-based with negotiated overage rates and six-figure minimum annual commitments.
For a growth-stage Curaçao or Anjouan-licensed operator, Jumio is almost always overkill. For a Tier-1 sportsbook operating across UKGC, MGA and US state regulators, it is often the only vendor whose audit posture survives simultaneous regulator scrutiny.
| Pricing dimension | Sumsub | Onfido | Veriff | Jumio |
|---|---|---|---|---|
| Headline model | Per-verification | Subscription + per-check | Per-verification, volume tiers | Subscription / enterprise |
| AML screening cost | Bundled | Add-on | Add-on | Bundled |
| Liveness check cost | Bundled | Bundled in some tiers | Bundled | Bundled |
| Ongoing monitoring | Add-on, ~$0.10–$0.30/user/year | Add-on | Add-on | Bundled at enterprise tier |
| Minimum commitment | Low | Medium | Low | High |
| Best for | Cost-sensitive scale | Quality-sensitive UK/EU | Balanced mid-market | Tier-1 enterprise |
The simplest mental model: Sumsub and Veriff price like utilities (pay-per-use scaling cleanly with volume), while Onfido and Jumio price like enterprise software (commit to a floor, get marginal cost reductions above it). For an operator with unpredictable user-acquisition spikes, the utility-style model is materially friendlier to cash flow.
The single most useful question to ask before procurement is where do my users live? Vendor strength varies dramatically by region, and the wrong choice for your geography will quietly bleed through-put.
| Region | Best primary | Strong alternative | Avoid |
|---|---|---|---|
| United Kingdom | Onfido | Jumio, Veriff | — |
| Germany / Austria / Switzerland | Onfido | Veriff | — |
| Spain / Portugal | Veriff | Onfido | — |
| Italy | Veriff | Sumsub | — |
| France | Onfido | Veriff | — |
| Nordics | Onfido | Veriff | — |
| Eastern Europe / CIS / Russia | Sumsub | Veriff | Onfido |
| MENA | Sumsub | Jumio | Onfido |
| United States (regulated states) | Jumio | Onfido | Sumsub |
| Canada (Ontario) | Jumio | Onfido | — |
| LatAm (Brazil, Mexico, Argentina, Colombia) | Veriff | Sumsub | — |
| Southeast Asia | Sumsub | Veriff | Onfido |
| India | Sumsub | Jumio | — |
| Sub-Saharan Africa | Sumsub | Veriff | — |
| Australia / NZ | Onfido | Jumio, Veriff | — |
For operators running global affiliate traffic, no single vendor is dominant in every market, which is the structural reason multi-vendor stacks have become common at mid-scale.
AML screening sits on top of the identity check and is where bundled pricing matters most. The major sanctions lists an iGaming operator must screen against include the OFAC SDN list (US), UK HM Treasury consolidated list, EU consolidated sanctions list, UN sanctions, and country-specific lists where the operator is licensed. PEP screening must cover both domestic and foreign politically exposed persons, plus close associates and family members.
Sumsub and Jumio bundle this screening into their core product. Onfido and Veriff offer it as a paid add-on. For an operator processing 100,000 verifications a year, that add-on cost is non-trivial — typically an additional $0.20 to $0.60 per check, depending on configuration.
Adverse media screening is a separate question. The FATF standard treats adverse media as one input to ongoing customer risk assessment, not a binary block. All four vendors offer adverse media as a module; coverage quality and language support vary, with Sumsub and Jumio leading on non-English-language sources. For a deeper treatment of the underlying obligations, see our guide on AML compliance for online gambling and the AML/KYC compliance for high-risk businesses reference.
This is where iGaming operators discover that their generic KYC vendor was not built for gambling. Source of funds verification — proving where a specific deposit came from — and source of wealth verification — proving overall financial capacity to gamble at the levels observed — require document collection that is qualitatively different from identity verification.
The UKGC expects operators to apply enhanced checks once a customer's net deposits cross approximately £2,000 in a rolling period, with full EDD at higher thresholds, and crucially expects these checks to be proactive — not triggered after the fact by suspicious behaviour. The Gambling Commission's published guidance is unambiguous: see the official site at gamblingcommission.gov.uk for the current threshold framework and licence condition wording.
Of the four vendors, only Sumsub and Jumio offer a structured source-of-funds module that supports document collection (bank statements, payslips, tax returns), automated parsing of common formats, and a workflow for the manual review element that source-of-funds verification still requires. Onfido and Veriff treat source-of-funds as a custom workflow built on top of their generic document-upload primitive — workable, but the operator carries more of the build burden.
For a UKGC operator, the practical implication is that bolting source-of-funds onto Onfido or Veriff is achievable but requires a meaningful internal compliance engineering effort. For an operator with a smaller compliance team, Sumsub or Jumio is the lower-risk choice on this dimension alone.
Every UKGC operator must integrate with GAMSTOP in real time at registration. Operators in Denmark must integrate with ROFUS. Spelpaus is mandatory in Sweden, RGIAJ in Spain, and BetBlocker is widely supported voluntarily across multiple jurisdictions.
| Self-exclusion register | Country | Mandatory for | Vendor support |
|---|---|---|---|
| GAMSTOP | UK | UKGC licensees | All four (via API or partner) |
| ROFUS | Denmark | Danish licensees | Sumsub, Jumio, Onfido |
| Spelpaus | Sweden | Swedish licensees | Sumsub, Jumio |
| RGIAJ | Spain | Spanish licensees | Onfido, Sumsub, Jumio |
| BetBlocker | Multi-jurisdiction | Voluntary | Most vendors |
Note that "vendor support" here usually means the vendor will surface the register check as part of the verification flow, not that the vendor itself is the data source. The underlying register is run by the regulator or a designated body. The integration question is whether the vendor exposes the register check natively in its decisioning engine or whether the operator has to wire it up themselves. For UK-only operators, every major vendor handles GAMSTOP cleanly. For multi-jurisdiction operators, capability narrows quickly.
Run a structured proof-of-concept on real traffic from your target geographies before signing. The metrics that matter:
The pass-rate-versus-fraud-rate trade-off is unavoidable. Tightening the model catches more fraud but rejects more legitimate users. For a low-margin sportsbook, every rejected legitimate user is lost revenue; for a high-stakes casino, missed fraud is the more expensive error.
Realistic integration timelines vary by complexity but cluster predictably:
Webhook architecture deserves particular attention. KYC decisions are asynchronous — a user submits documents, the vendor processes them, and your platform receives a callback minutes (or in edge cases, hours) later. The operator must design for retries, signature verification, idempotency, and a fallback flow when the vendor is degraded. A robust webhook design will treat the vendor as fail-able and gracefully degrade to a manual review queue rather than blocking sign-ups. For operators thinking through the full payments-side complexity in parallel, our guide to choosing an iGaming acquirer covers the equivalent decisions for card processing.
Sumsub and Veriff are widely considered the easiest API integrations of the four. Onfido is well-documented but requires more careful state-machine design. Jumio's enterprise SDK is powerful but heavier and tends to require dedicated implementation engineering hours from Jumio's professional services team — usually billed.
A pattern that has emerged at scale: operators run two vendors in parallel. The most common configuration uses Sumsub or Veriff as the primary, high-volume vendor handling the bulk of standard sign-ups at low marginal cost, with Jumio or Onfido as the secondary vendor handling enhanced cases — high-value depositors, flagged users, regulator-sensitive geographies, or EDD triggers.
The rationale is straightforward. The cost-per-verification gap between the cheap and premium vendors is large enough to fund a meaningful compliance budget if you can route most users through the cheaper vendor. But for the 5–10% of users where audit posture matters most — the high-net-worth depositor, the politically connected sign-up, the user from a high-risk jurisdiction — running them through the premium vendor produces the documentation regulators most want to see.
This is not a free lunch. Running two vendors doubles integration cost, doubles vendor management overhead, and creates a routing-logic decision your compliance team must own. For operators below roughly 100,000 annual verifications, the operational complexity rarely justifies the savings. Above that threshold, the maths usually works.
| Regulator | Preferred vendor profile | Why |
|---|---|---|
| **UKGC** | Onfido, Jumio | Audit posture, GAMSTOP integration maturity, source-of-funds support |
| **MGA** (Malta) | Onfido, Jumio, Veriff | EU document depth, EDD workflow support |
| Curaçao | Sumsub, Veriff | Cost efficiency, broad geographic coverage, less formal audit pressure |
| Anjouan | Sumsub, Veriff | Cost, emerging-market document coverage |
| Kahnawake | Onfido, Jumio | North American document depth |
| Tobique | Onfido, Jumio | Canadian-jurisdiction compatibility |
| Isle of Man | Onfido, Jumio | UK-aligned audit expectations |
| US state regulators (NJ, PA, MI) | Jumio | US document moat, regulator familiarity |
| Ontario (iGO/AGCO) | Jumio, Onfido | North American compliance pedigree |
For deeper banking-side context per jurisdiction, see iGaming banking requirements and the MATCH list and iGaming guide. The choice of KYC vendor and the choice of acquiring bank are not independent decisions — banks ask which KYC vendor an operator runs as part of their risk assessment, and a low-prestige vendor will lengthen the bank onboarding cycle.
There is no single best answer — the right vendor depends on geography, regulator profile, volume and budget. The defensible defaults look like this:
The vendor decision is reversible but expensive to reverse. Plan for at least a six-month migration cost if the first choice proves wrong, and prioritise vendors whose data-export contracts let you retrieve the historical case files you will need to keep your audit trail intact during a switch.
All-in KYC cost per verified user typically lands between $1.50 and $6.00 depending on vendor, geography and whether AML/sanctions screening is bundled. Sumsub at the low end is around $0.80 to $1.50 per check plus marginal AML cost; Jumio at the high end runs $3 to $5 per check with AML bundled. For an operator with 30% of sign-ups failing verification, the effective cost per verified user is meaningfully higher than the per-check rate — model with realistic pass-through assumptions, not vendor headline numbers.
Not advisable. Generic identity vendors do not natively support GAMSTOP integration, gambling-specific PEP thresholds, source of funds workflows, or the audit posture UKGC and MGA inspections require. They also lack adverse media screening calibrated to gambling risk. For unlicensed or pre-licence sandbox testing, generic vendors are workable; for any regulated launch, use a specialist iGaming-aware vendor.
All four major vendors will surface a GAMSTOP check as part of their decisioning flow for UK-facing operators, but the underlying register is operated by GAMSTOP Ltd and the API access is granted to the licensee, not to the KYC vendor. The vendor effectively wires up the call; the operator owns the relationship with GAMSTOP. Onfido and Jumio have the longest production track record on this integration; Sumsub and Veriff support it but historically through a partner-mediated pattern.
Without a fallback flow, sign-ups simply fail — and during a marketing-driven surge, that is a six-figure mistake within hours. A robust integration will detect vendor degradation (timeout rates, webhook backlog) and automatically switch to a manual review queue or a secondary vendor. This is the single strongest argument for a two-vendor stack at scale: the secondary acts as both an audit-grade tier and a hot-standby. Operators relying on a single vendor should at minimum negotiate a contractual uptime SLA and monitor it independently rather than trusting vendor-supplied dashboards.
Realistically six months end-to-end for a meaningful operator. The technical integration is 6 to 12 weeks; the regulator notification and approval cycle adds time in licensed jurisdictions; the historical case-file migration is often the slowest step because vendors do not have aligned export formats and the operator must reconcile decisions across different schemas. Plan a switch around a quieter operational period, not a peak season.
In practice, yes — every Tier-1 regulator now expects liveness check as part of identity verification, and every credible iGaming KYC vendor includes it as standard. The UKGC's licence conditions, while not naming biometric verification specifically, treat presentation-attack detection as part of expected best practice, and an operator without it will struggle in an audit. The relevant question is not whether to use biometric verification but whether the vendor's implementation is active (motion-based) or passive (single selfie) and whether it survives sophisticated deepfake attacks.
Submit a free pre-approval in 2 minutes. We respond within 24 hours.
Get Free Pre-ApprovalSubmit a free pre-approval in 2 minutes. We respond within 24 hours with a realistic outcome.
Get Free Pre-Approval