Verify document with Onfido API version 3

You can now see the granular reasons why Onfido checks pass or fail without leaving the PassFort Portal.

This uses the latest version of Onfido's API, version 3, to perform the ID verification (service collects documents) check.

You can also easily see the Onfido profile ID. And, if the PassFort profile has a customer reference, the Onfido profile is tagged with it automatically, making it easier to find in the Onfido Portal.

As with the previous integration, you can use Onfido to verify documents, selfies, and liveness videos.

Additionally, there's a new configuration option for all versions of the Onfido API that lets you specify which API region you're using.

To get started, contact us - we'll be happy to help. 

Or learn more in our help article.

Validate bank accounts with GBG ID3global

Now you have the option to check whether an individual's bank account details are valid but don’t match the personal details provided.

With this configuration option, bank account validation is performed only if the bank details are not a match for the individual. This can help you onboard prospects quickly and manually investigate any issues with their bank account details at a later stage.

This new configuration option is for anyone using GBG ID3global checks resold through PassFort.

To get a reseller agreement for GBG ID3global or to turn on the new configuration option, contact us and we'll help you get set up.

You can learn more in our help article.

Support for GBG's multi-bureau checks

You can now use GBG's multi-bureau checks when running Electronic identity checks.

Our data partner, GBG, has introduced a multi-bureau Electronic identity check which lets you run checks against Experian and Equifax under a single GBG profile. You can use independent matches from both bureaus to produce a single result.

Configuration of the bureau order and rule set is managed by GBG so you will need your own agreement with GBG. Once you have your multi-bureau checks agreement in place, get in touch and we'll help complete the configuration.

Changes to TLS (and HTTPS) cipher suites

PassFort stores highly sensitive information, so we are continually assessing our security practices to ensure they are up-to-date. As a result of our latest assessment, we will be introducing a new security measure which has the potential to impact customers directly.

When clients connect to PassFort's portal or API over HTTPS, the client and server agree on a cipher to use for the encrypted communication. For this to succeed, there must exist a cipher which is supported by both parties. On PassFort's side, a set of supported ciphers has been chosen with the goal of maximum compatibility, since older clients may not support newer ciphers.

However, we have found that several of the ciphers we support are vulnerable to an attack known as LUCKY13. As a result, we will be restricting the cipher-suite we support to eliminate those ciphers which are vulnerable to this attack.

The following ciphers will continue to be supported:


It is important that any HTTP clients you use to connect to PassFort (whether that's a browser or a software library) support at least one of these ciphers. This should be the case for all existing browsers as long as they are up-to-date. If you are unsure which ciphers are supported by your HTTP client, you can follow the instructions at If your client does not support one of these ciphers, then you may need to upgrade the client to a more modern version.

In order to make this transition as smooth as possible, customers will have 3 months before we begin rolling out the changes (i.e. we will begin rolling out changes from October). We will then begin a trial period where we temporarily enable the new measures. If no issues are reported following this event then we will continue and enable the new features permanently.

Verify company details and identify associates with CreditorWatch

Onboarding Australian businesses? CreditorWatch is a commercial credit reporting bureau specialising in Australian entities (including sole traders, trusts, and partnerships).

Use PassFort to run Company data checks. Retrieve ABR and ASIC data with CreditorWatch's Custom Profile API to verify company details and identify officers and shareholders.

To get started, contact us! Or learn more about the integration in our help article.

Support for New Zealand driving licence version numbers

We’ve introduced support for New Zealand driving licence version numbers.

When adding or editing a New Zealand driving licence number, you can now add its version number as well. This will appear in profile data and the audit report. Note that the driving licence version number will only be sent as part of a check if our integration with a given data provider supports it. 

Type to search custom field answers

Over the next few weeks we're rolling out new features to make it easier to use single-select and multi-select custom fields.

When you edit single-select or multi-select fields on a profile, you'll be able to find answers by typing them into the space provided. This is really useful when there are a lot of answers to choose from!

Here's what a single-select field will look like:

And here's what a multi-select field will look like:

Hope you will enjoy using the new features!

You can learn more about custom fields in our help article. Or, if you have any questions, feel free to contact us at

Analyse user behaviour + share reports with other PassFort users

Today we have 2 new reporting features for you!

Audit metrics report

See which users are working consistently and productively with the new Audit metrics report. This report shows you which users performed actions that triggered profile audit items. You can also see which actions were performed via the API or by the smart policy.

Export reports with shareable links

We've made it easier to export the raw data from reports and share them, so you can do further investigation and perform in-depth analysis. Click the Export .CSV button as usual and while your report is being generated, you can export more reports or do other work in PassFort. As soon as your report is ready, you'll be notified in PassFort or via email (depending on your notification preferences). If you choose to be notified via email, you can easily share the report with other PassFort users by forwarding the email.

Get started

To get the Audit metrics report, head over to the Reports tab (you'll need the All reports permission to see it). You can also learn more in our help article.

The new export reports feature is available now. You'll experience it when you export any report (as long as you have the Export data permission). Step-by-step instructions are in our help article.

Watch the video

If you're new to reports, check out this video to help you learn the basics of reporting!

Profile Events report rollback

You might have noticed that a new report called Profile Events was released - but it's not quite ready yet.

To make sure this report is completely usable, we're going to temporarily roll it back so we can finish the work.

It should be available soon - we'll let you know when it's coming!

Whitelisting is back

We're re-introducing whitelisting so you can choose which devices will be approved to access your PassFort account. 

We temporarily rolled the feature back because it was affecting other parts of the product. We have now resolved this, so you can use whitelisting to enhance security and keep using the rest of PassFort confidently.

Add a range of IP addresses to the whitelist, and only devices with approved addresses will be able to access your Portal and make successful requests to your API. 

Whitelisting can be used with or without SSO. 

Contact us to get started or learn more in our help article.


Show Previous EntriesShow Previous Entries