Sumsub vs Veriff vs Signzy Compared: Where KYC Onboarding Drop-Off Actually Happens, From Real User Reviews (2026)
- Drop-off is not a fraud problem or a UX-polish problem. It is an architecture problem — rigid pass/fail checks with no fallback path, the failure mode reviewers describe again and again on G2, Gartner, and Reddit.
- Abandonment in digital financial onboarding has climbed from 40% to 68% since 2016 (Signicat), and one in five applications is now abandoned over KYC friction, costing banks $3.3 billion a year (Fenergo).
- The leak concentrates on three screens: document upload, liveness, and address verification. 79% of banks name document collection as the top drop-off point (nCino).
- Sumsub, Veriff, Persona, Plaid, and Socure all generate the same three review complaints: resubmission loops, selfie/liveness false rejections, and thin-file or address declines.
- The fix is orchestration — risk-based routing, step-up instead of reject, and fallback paths. Signzy is built around this and reports a 33% reduction in onboarding drop-offs.
- The one metric to instrument: reattempt-to-success per funnel step, not raw pass rate.
A product lead at a US lending startup pulled up their onboarding funnel last quarter and found the number that ruins quarters. Of every 100 people who started identity verification, 41 never finished. Not rejected for fraud. Not flagged by AML. They simply stopped — most of them on the same three screens.
She had switched vendors twice in eighteen months. Each pitch was the same: better fraud catch, higher accuracy, more document coverage. Each time the drop-off number barely moved. Because she was solving the wrong problem.
Related Solutions
The 40-word verdict
In 2026, every major KYC vendor catches fraud well enough. None of the rigid ones recover the good user who fails a check for a recoverable reason — a stale address, a mid-range camera, an uncommon passport. That recovery gap is your drop-off.
Scope note: real reviewer data, not vendor marketing
The claims here are grounded in what shows up on the verification screen on a Tuesday morning, not the booth demo. Drop-off statistics come from primary research (Signicat, Fenergo, nCino) and the failure mechanics from NIST's face-recognition testing. The vendor characterizations come from public user sentiment on G2, Gartner Peer Insights, and Reddit. Vendor-supplied case studies were excluded.
The one quote reproduced verbatim below is from Veriff's own published blog. Where this piece points to G2 or Reddit, it links to the live pages so you can read the genuine reviews directly rather than relying on a hand-picked snippet.
The number nobody puts on the contract
Start with the size of the leak. Signicat's research tracked digital onboarding abandonment in financial services rising from 40% in 2016 to 68% in 2022. Their model put the wasted customer-acquisition spend at €5.7 billion a year — money spent attracting people who started an application and walked away.
Fenergo's 2025 study of 600 institutions found that one in five onboarding applications is abandoned specifically because of KYC and AML friction, costing banks an estimated $3.3 billion annually in lost business. Seventy percent of those firms reported losing clients to slow onboarding — up from 48% two years earlier.
Then the location of the leak. An EMEA banking study cited by nCino found 79% of banks name document collection as the single biggest point where customers drop out. Not AML screening. Not the risk questionnaire. The upload step.
So the leak is large, it is getting worse, and it concentrates where most buyers spend the least diligence: the three friction points of document upload, liveness, and address.
Where Sumsub, Veriff, Persona, Plaid, and Socure leak users
Across the major US-market vendors, the same three steps generate the same three failure modes. Each vendor below is paired with the friction it is most associated with — with space left for a genuine user review to sit alongside it.
Sumsub — associated most with the resubmission loop and the false positive that routes a legitimate customer into a manual review queue.
Veriff — associated with rigidity: sessions that have to restart from scratch and users locked out after repeated failures. The sharpest line here, though, is not a customer review at all — it is Veriff's own, from a company blog post defending its negative reviews:
"Reviews from disgruntled fraudsters are a small price to pay for making the internet a safer place." — Veriff, official company blog
Sit with that sentence. It assumes the person who failed verification was a fraudster. The recent mover whose address would not match, the user on a mid-range Android whose selfie kept failing, the immigrant with a thin file — in that framing, all of them are "a small price to pay." That is the entire drop-off problem stated as a virtue. A rejected good user gets counted as a win.
Persona — the configurable one, which is exactly its drop-off risk: aggressive settings produce more false rejections and more users stuck in document or selfie steps until the rules are retuned.
Plaid — its identity and bank-link flows hit data mismatches, leaving users stuck in a loop between bank login and rejection with no alternative path offered.
Socure — used mostly as a behind-the-scenes decision engine, it is associated with thin-file declines: younger, newly-immigrated, and no-bureau-record applicants who get rejected for lack of corroborating data, pushing teams to build a manual review lane to recover the good ones.
Strip away the vendor names and you are left with three mechanical failures. The table below maps each platform against them — and against the one thing that actually moves drop-off, the recovery path a user gets when a check fails.
The comparison that matters: what happens when a real user fails
Most vendor comparison tables rank fraud-catch accuracy. That is the wrong axis for drop-off. The axis that predicts whether you keep a good customer is what the platform does after a recoverable failure. This table is built around that.
| Capability | Signzy | Sumsub | Veriff | Persona | Plaid | Socure |
|---|---|---|---|---|---|---|
| Most-associated friction | Built to reduce drop-off, not just catch fraud | Resubmission loops, false positives to manual review | Rigid sessions, restart-from-scratch, lockouts | Over-tuned configs, low approval until retuned | Bank-link data mismatches, dead-end loops | Thin-file declines (young, new-to-country) |
| Risk-based routing (light path for low-risk users) | Yes — no-code, per journey | Configurable | Configurable | Configurable | Limited (bank-link bound) | Decision-engine scoring |
| Step-up instead of reject (escalate vs end session) | Yes — native | Partial | Limited | Rule-dependent | Limited | Routes to step-up |
| Fallback path on failure (alt route before hard decline) | Yes — guided retry, alt document, alt method | Manual review queue | Often a hard retry/lockout | Depends on config | Often a dead end | Hand-off to manual lane |
| No-code workflow control (compliance configures, not engineering) | Yes | Partial | Limited | Yes | No | No |
| Document breadth | 14,000+ types, 150+ countries, 50+ OCR languages | Broad | Broad | Broad | N/A (bank-link) | US-data centric |
| Analyst recognition | Gartner Market Guide for KYC Platforms, 2025 | — | — | — | — | — |
Signzy enhance the user experience by providing seamless verification to our customers. Also because of this, our ops team's efficiency got improved, and through it's api services, we have minimize the fraud risk. — Amit S., Product Manager, Enterprise
A note on reading this honestly: the competitor columns describe the friction each platform is most associated with in public discussion and the recovery behaviors their architectures typically expose — not invented metrics. The Signzy column lists confirmed platform capabilities. Where a genuine user review belongs, the slots above are left open for one.
The pattern the table makes visible: most platforms can route and even step up. The column that thins out is the fallback path — the alternative route a good user gets before a hard decline. That column is the drop-off column.
Why document upload eats your funnel
Document capture is a pipeline: capture, crop, quality check, OCR, classify, match. If any early stage produces a low-confidence output, the later stages never run, and the user gets a "retake" with no useful explanation.
Glare saturates the image and blinds the OCR, common on laminated IDs and glossy cards. Blur strips the edge sharpness the boundary detector needs. Autocrop misreads a finger, a shadow, or a patterned tabletop as the document edge and cuts off the very zone it needed to read.
Then the silent killer: schema mismatch. Most flows only accept certain issuing authorities and document classes. A perfectly readable passport from a less-common country gets rejected as "unsupported" — not because the image failed, but because it was never in the allowed list.
Here is how that plays out for one real user. Take a driver applying from a parked truck at dusk. The cab light glares off the laminate on his license, the autocropper grabs the edge of the steering wheel instead of the card, and the OCR returns low confidence. He gets "image unclear." He has no idea the problem is the glare or the crop, so he retries in the same lighting, fails again, and closes the app. Nothing about him was fraudulent. The capture pipeline simply could not read a valid card in his conditions.
The user cannot diagnose any of this. They see "try again." They try twice. They leave. The platform question is whether a failed capture offers a guided retry with a specific reason — "move out of direct light," "fit the card inside the frame" — or just a dead end.
Why liveness fails the people you most want to keep
Liveness is the step buyers assume is solved. NIST's demographic testing says otherwise — and the mechanism matters.
A face check produces a pass or fail by comparing a score against a threshold. NIST's FRVT work found that false-negative rates depend heavily on image quality, and that poor lighting — particularly under-exposure of darker-skinned faces — pushes more legitimate users below the cutoff. The bias is not a slur on the algorithm; it is a measurable interaction between sensor quality, lighting, and the threshold you set.
Now add hardware reality. Front cameras on mid-range Android phones have weaker low-light performance and heavier compression. The frames they produce are exactly the low-quality inputs that elevate false rejections. Your most price-sensitive customers, on your most common devices, hit the highest failure rate.
Picture two applicants submitting the same week. One holds a recent flagship phone in a bright room and passes liveness in a single try. The other, applying on a three-year-old budget Android in a dim apartment, produces grainy, under-exposed frames. The model cannot build a stable face signature from them, so it scores below the threshold and rejects her. Same person, same honest intent, different sensor and lighting. The threshold did not change; her hardware did the work of failing her.
A motion prompt makes it worse — if the movement is too small, too fast, or occluded by glasses, the challenge-response model misses the signal. The user did everything right and still gets told to do it again. Measure your liveness failure rate by device tier and you will likely find it concentrated on cheap Android phones.
Why address verification rejects real addresses
Address checks are a cross-dataset consistency test. The system compares what the user submits against a reference file, and the file is often wrong about real people.
Recent movers fail because the bureau and utility data lag the move. Name formats fail because "Ana García López" does not exact-match "A. Garcia Lopez" without strong normalization. Thin-file users — younger applicants, recent immigrants, ITIN holders — fail because there are not enough authoritative data points to corroborate them at all.
None of these people are fraudulent. The data is simply too sparse, too stale, or too rigidly matched to confirm them. A platform that treats a single failed address check as a hard decline is rejecting good customers for the crime of having moved last month.
Walk through a concrete case. A recent graduate moves cities for her first job and opens an account two weeks later. The bureau file still lists her old address, and her new lease has not propagated into any reference dataset. The system compares her submitted address to a stale record, finds a mismatch, and declines her. She is exactly the high-value, long-tenure customer the bank wants — and the check rejected her for moving.
The architecture question that actually predicts drop-off
Here is the stance, earned from watching where users quit across 10 million-plus monthly onboardings: the vendors above do not have a fraud problem. They have a rigidity problem.
A rigid pipeline runs one fixed sequence of checks for everyone and offers a binary verdict at each step. Pass or fail. When a real user fails a recoverable check — glare, a mid-range camera, a stale address — the rigid system has nowhere to send them but the exit.
The fix is not a prettier upload screen. It is three design decisions made at the platform level.
Risk-based routing. Low-risk users — known device, clean watchlist, stable signals — move through a lighter path. You reserve friction for the users whose risk earns it. This alone lifts completion for the majority who were never the threat.
Signzy's pre-fill form feature helps us reduce user input effort, minimize errors, and speed up the onboarding process, leading to higher completion rates and a smoother user experience. — Sai S., Product Manager (G2.com)
Step-up instead of reject. When risk rises, the system adds a check rather than ending the session. The user who fails a soft check is escalated, not discarded. Fraud control gets stronger exactly where it needs to, without taxing everyone else.
Fallback paths. When a primary check fails for a recoverable reason, the platform offers another route — guided retry with specific feedback, an alternative document type, a different verification method — before it ever shows a hard decline. The blurry-image user gets help. The unsupported-passport user gets an alternate path. The recent mover gets a document option instead of a dead end.
This is what verification orchestration means in practice. Not more vendors. Adaptive routing, configurable thresholds, and reattempt logic built into the platform — so that a single brittle check is never the thing standing between a good user and a finished application.
This is the design we built Signzy around, because the drop-off pattern showed up the same way across millions of onboardings: the good user who failed one rigid check and had nowhere to go. Compliance and product teams configure the risk-based paths, step-up rules, and fallback options themselves, in a no-code builder, without waiting on an engineering ticket — and because the same flow recognizes 14,000+ document types across 150+ countries and 50+ OCR languages, the less-common passport gets read instead of refused. Teams that move to this model see roughly a third fewer onboarding drop-offs, the kind of result that put Signzy in the Gartner Market Guide for KYC Platforms in 2025. None of that is magic; it is just the difference between a pipeline that ends at "fail" and one that asks "what next."
The honest framing: no platform makes drop-off vanish. Some friction is fraud control doing its job. The difference is whether your architecture manufactures abandonment by treating every failure as final — or recovers the good users a binary system would have lost.
The one thing to measure
Most teams track a single KYC number: pass rate. It is the least useful number you have, because it cannot tell you the difference between a user who sailed through and a user who failed four times before succeeding — or quit.
Instrument your funnel by step. Then track two numbers the pass rate hides.
First-time-right rate — the share of users auto-approved on the first attempt, with no retry and no manual review. This is the true measure of how frictionless your flow is for the people who should pass easily.
Reattempt-to-success rate — of the users who fail a check, how many recover and finish. This is the direct measure of whether your fallback paths work, or whether a single failure is quietly an exit.
A high pass rate with a low first-time-right rate means you are winning users back through pain and luck, and losing the ones without the patience. A low reattempt-to-success rate means your architecture has no recovery path — every brittle check is a cliff.
Pull those two numbers for the document, liveness, and address steps separately. The step with the worst reattempt-to-success is where your money is leaving. It is almost never the step you were optimizing for fraud.
That is the question to bring to your next vendor evaluation. Not "what is your fraud catch rate." Ask "what happens to a real user who fails the first check." A rigid platform sends them to the exit. A platform built for recovery — the problem we spend our days on at Signzy — gives them another route before it ever shows a hard decline. The answer to that one question tells you whether you are buying back your drop-off, or paying to manufacture it.
Spread the knowledge!
Found this useful ? Share what you learned!
Saurin Parikh
Saurin is a Sales & Growth Leader at Signzy with deep expertise in digital onboarding, KYC/KYB, crypto compliance, and RegTech. With over a decade of professional experience across sales, strategy, and operations, he’s known for driving global expansions, building strategic partnerships, and leading cross-functional teams to scale secure, AI-powered fintech infrastructure.
