Onfido (an Entrust company)

Who They Are

Onfido was founded in 2012 out of Oxford, UK, and operated as an independent identity verification company until April 2024, when it was acquired by Entrust - a US-headquartered company (Shakopee, Minnesota) with a portfolio spanning PKI, certificate authority services, IAM, and physical credentialing. The rebrand to “Onfido, an Entrust company” - and the product’s new URL under the Entrust domain - marks a strategic repositioning from a standalone IDV vendor to an identity proofing module within a broader enterprise identity infrastructure stack. According to vendor materials, Onfido serves 1,100-plus customer organisations.

The broker problem the combined entity targets is similar to Jumio’s: regulated financial institutions that want a credentialed, enterprise-grade IDV solution that can sit inside a larger compliance and identity infrastructure contract. The acquisition adds a specific dimension: enterprises that already use Entrust for PKI, code signing, or physical identity credentials can now extend that relationship to include digital identity proofing - one vendor for the full identity stack.

What You Actually Get

Core capabilities cover document verification with auto-capture and OCR, biometric selfie match with active and passive liveness, watchlist/sanctions/PEP/adverse media screening, and ongoing monitoring. The Studio no-code workflow builder allows compliance teams to configure onboarding journeys without engineering involvement - a practical differentiator for CIFs that need to adjust flows in response to CySEC audit findings or risk model changes without waiting on a development sprint.

Two platform elements are notable in the regulated broker context. First, the Atlas ML stack - Onfido’s proprietary fraud pattern intelligence engine - provides network-level fraud signal beyond individual document and biometric checks. Second, and more distinctively, Onfido carries ETSI certification for qualified eIDAS-grade identity proofing. This is the same qualified trust framework as IDnow’s eIDAS QSP credential, and it positions the platform ahead of non-ETSI-certified peers for the EU AMLR July 2027 digital identity transition. Authentication and re-auth for returning users is also documented. KYB depth under the Entrust integration is not explicitly benchmarked in current public materials.

Pricing Reality

Pricing is sales-led with no public rate card. Independently sourced data (not from vendor) estimates median annual spend around $60,000 with a range that extends from approximately $6,000 to $945,000 depending on volume, product mix, and contract structure. Pricing reportedly levels out above approximately 100,000 verifications per year as volume discounts apply - a threshold that most mid-market CySEC brokers will not reach in year one.

There is no equivalent to Sumsub’s $1.85/check Compliance entry point or ShuftiPro’s $0.20/check self-serve tier. The Entrust acquisition may have sharpened enterprise deal structuring but is unlikely to have introduced self-serve pricing - the deal architecture points in the opposite direction. Operators using the pillar TCO calculator need a vendor quote to model Onfido/Entrust costs accurately.

CySEC + AML Fit

Onfido is categorised as CySEC-acceptable. FCA, EU 6AMLD, FINTRAC, and BaFin regulatory alignment are explicitly referenced, alongside ETSI-certified IDV and eIDAS alignment. The ETSI certification is the platform’s most directly relevant credential for EU AMLR compliance ahead of July 2027 - it is one of the few explicit “qualified” identity proofing certifications in this review set.

For the CySEC August 2025 sanctions regime, the AML layer covers watchlist screening and ongoing monitoring. CySEC-specific positioning is not present in current vendor materials - there is no named Cyprus customer, no Cyprus-specific vertical content, and no Limassol office. The Entrust acquisition brought broader enterprise positioning, but not deeper CySEC market penetration. Less forex-specific positioning than Sumsub or Veriff is a consistent finding across all research windows: the platform does not have a dedicated FX/CFD broker vertical page.

GDPR compliance, ISO/IEC 27001 (cert IS 660122), and SOC 2 Type II are all documented. The certification stack is enterprise-grade. The Entrust integration opens a potential path to Entrust’s PKI and physical credentialing portfolio for CIFs building a broader identity infrastructure - a value driver that is irrelevant for brokers buying standalone KYC, but material for those thinking about long-term identity architecture.

Partner Program Reality

The Entrust Partner Program exists as a publicly accessible channel program covering reseller, integrator, and technology partner tiers - making it one of the more structured programs in this review set. However, commission rates and deal registration terms are not publicly disclosed: the tier structure is visible, but the economics require direct commercial engagement to surface. This is meaningfully better than vendors with no public program (such as IDnow or AU10TIX), but falls short of the transparency standard set by Sumsub’s three-tier published program. Compliance consulting firms and broker infrastructure providers in Cyprus should engage Entrust’s channel team directly to establish referral economics before building a pipeline.

Where This Vendor Breaks Down

The April 2024 Entrust acquisition introduced roadmap uncertainty that has not fully resolved. Some customer reviews cite slower product velocity post-acquisition - a risk that is consistent with large-company absorption of a venture-backed product company. For CySEC brokers evaluating Onfido on a multi-year contract, the product roadmap commitment and support structure under Entrust’s ownership model should be a due diligence item.

Pricing opacity at low volumes is the central structural barrier for startup or early-growth CySEC CIFs. The estimated $6,000 floor on annual spend is not prohibitive, but the sales-led process to reach a quote adds friction relative to vendors with self-serve pricing. The absence of forex-specific positioning means an RFP must do more work to map platform capabilities to CySEC broker workflows - proof-of-address cadence, source-of-funds documentation, MLRO escalation trails - rather than relying on vendor-published broker reference materials.

The ETSI certification and eIDAS alignment are genuine differentiators for CIFs that need qualified identity proofing for German or Austrian retail clients - but that use case is shared with IDnow, which has deeper EU video KYC credentials and a more focused positioning. Any RFP should pressure-test: post-acquisition roadmap commitments in writing; a named FCA or CySEC-regulated broker reference; and whether the Studio workflow builder exports compliance-grade audit logs compatible with CySEC inspection requirements.

See the CySEC AML 2026 timeline and the KYC/AML pillar overview for broader competitive context.