User Identity Verification

From WHMCS Documentation

With user identity verification, your customers are required to supply identifying documents through the Client Area. Their verification status will display throughout the WHMCS Admin Area.

WHMCS can initiate this automatically after a failed fraud protection check or you can initiate it manually. It helps to streamline the process of managing fraudulent orders.

We added user identity verification support through a third-party service,, in WHMCS 8.2. WHMCS stores whether the identity was successfully verified while's service supplies you with the options for performing that verification.

For more information about how stores and processes data, see's Data Processing Agreement.

Activating User Identity Verification

To activate user identity verification, navigate to Configuration () > System Settings > Fraud Protection, click Activate, and then click Configure. When you do this for the first time, you will need to create a account that includes API access. You can choose between several account types.

WHMCS will automatically receive your API Key and API Secret. Then, you can configure two settings:

  • Set Verification Features to ON to enable all user identity verification features in WHMCS. Setting this to OFF disables all user identity verification features.
  • Set Automatic Requests to ON to automatically initiate verification requests for orders that your chosen fraud protection service marks as fraudulent. If you set this to OFF, you must initiate validation requests manually.

Using User Identity Verification

In WHMCS 8.2 and later, orders are associated with the specific user account that placed the order through the WHMCS Client Area. If the order was placed through the Admin Area (and therefore by an admin), verification requests go to the account owner's user. For more information about users and accounts, see [Users and Accounts].

After activating user identity verification, you can manually request verification from a customer through two locations, which will also display the verification status:

  • Orders > Manage Orders.
  • Managing the associated user at Clients > Manage Users > Manage User.

Additionally, if you enable Automatic Requests, WHMCS will automatically request identity confirmation for users when their orders are deemed to be high risk by your fraud protection module.

Users will see a notification at the top of the Client Area if the placed order requires verification. They can then securely submit their information (for example, a selfie and a photo of a driver's license) from within the Client Area.

Other Actions

Click Update API Credentials to update the credentials for your existing configuration.

Click Deactivate to permanently remove all stored credentials from WHMCS. Only use this if you want to completely remove the connection between WHMCS and your account.

If you only want to disable user identity verification temporarily, toggling to OFF will retain your credentials in WHMCS while disabling the functionality.