March 25, 2026

How to choose an AML address verification provider

You need to verify customer addresses for AML compliance. You've decided not to build it yourself. Now you're looking at providers and trying to figure out which one is right for your business.

This guide will help you evaluate your options. Not by ranking vendors, but by giving you a framework for what actually matters, what's marketing noise, and how to test a provider before you commit real money or engineering time.

Why this decision matters more than you think

Address verification sits at the intersection of three things that can sink a business: regulatory compliance, customer experience, and engineering resources.

Pick the wrong provider and you get slow onboarding that loses customers before they convert. Pick one that doesn't produce audit-ready records and your compliance team is exposed at the next regulatory review. Pick one that's hard to integrate and your engineers spend weeks on plumbing instead of building your product.

The good news: the decision isn't that complicated if you know what to look for.

The seven things that actually matter

1. Can you test it before talking to sales?

This is the single fastest way to filter your shortlist. If a provider requires you to "book a demo" or "contact sales" before you can see how the product works, that tells you two things: the product is probably complex enough to need explanation, and the pricing is probably high enough that they want to qualify you first.

Neither of those is necessarily a dealbreaker. But for proof of address verification, which is a well-defined, bounded problem, a good product should be self-explanatory. You should be able to sign up, get an API key, and send your first verification in under an hour. If you can't, the integration is going to be harder than it needs to be.

What to look for: instant signup, public API documentation, and a test/sandbox environment where you can submit real documents and see real results.

2. What does the API actually look like?

Read the API documentation before anything else. This is where you'll spend your engineering time, and the quality of the API tells you a lot about the quality of the product.

Things to evaluate:

• Endpoint count: how many API calls does it take to verify one document? Some providers require separate calls to upload, process, and retrieve results. A good provider should need one call to submit, one to retrieve. Fewer moving parts means fewer things that can break.
• Input format: can you send a document file directly, or do you need to base64-encode it? Can you send multiple pages? What file formats are accepted (PDF, JPG, PNG)?
• Response structure: does the response give you everything you need in one object, or do you need to make follow-up calls? Look for match scores, pass/fail results, extracted data, and reasoning in a single response.
• Configurability per request: can you set match thresholds, accepted document types, and date ranges per verification, or only globally? Per-request configuration matters because different customer segments may need different levels of scrutiny.
• Webhooks: does the provider support webhooks for async notification, or do you have to poll? Polling works, but webhooks are cleaner for production systems.

If the documentation is sparse, vague, or locked behind a login, move on. You'll waste time during integration figuring out what the docs should have told you.

3. How does it handle non-Latin documents?

This is the question most companies forget to ask until it's too late. If you onboard customers from more than one country, you will eventually receive documents in Arabic, Cyrillic, Chinese, or another non-Latin script. When that happens, your verification system needs to handle it gracefully.

"Gracefully" means three things:

• Extraction works: the system can read the document and extract the name, address, and date, even if the text is in a script your team doesn't read
• Transliteration is automatic: non-Latin text is converted to Latin characters so it can be matched against your reference data, without you having to do anything
• Matching is script-aware: the fuzzy matching algorithm accounts for transliteration differences, not just typos. "Москва" and "Moskva" should match. "محمد" and "Mohammed" should match.

Ask the provider to show you a verification result for a non-Latin document. If they can't, or if they say "we support 20+ languages" without showing you how, test it yourself. Upload a utility bill in Arabic or a bank statement in Cyrillic and see what comes back. This is where many providers fall apart.

4. What evidence does it produce for auditors?

Your compliance team doesn't just need a pass/fail answer. They need evidence that the verification was done properly, using documented criteria, with a clear audit trail. When a regulator asks "how did you verify this customer's address?", your answer needs to be more specific than "we used a vendor."

Look for:

• Extracted data: what exactly was read from the document (name, address, date, document type)
• Match scores: numerical similarity scores for name, address, and postcode, not just pass/fail
• Thresholds used: what match threshold was applied for this specific verification
• Reasoning notes: why a match passed or failed, especially for edge cases (abbreviations, transliterations, partial matches)
• Downloadable reports: PDF reports that can be filed alongside the customer record for regulatory review
• Timestamps and request IDs: so every verification is traceable

The best test: show a sample verification result to your compliance officer. If they say "this is what I need," you're in good shape. If they say "but where's the...," keep looking.

5. How is pricing structured?

Pricing for address verification typically falls into one of three models:

• Per-check pricing: you pay for each verification. Simple, predictable, scales linearly.
• Monthly plans with included checks: a base fee includes a number of verifications, with overage charges beyond that. Good if your volume is predictable.
• "Contact sales" pricing: the price isn't on the website. This usually means it's negotiable, which also means it's high, and you'll spend time in meetings before you find out.

The pricing model matters less than transparency. You should be able to calculate your monthly cost before you sign up. If you can't, you'll either overpay or get surprised by your first invoice.

Things to watch for:

• Minimum commitments: annual contracts or minimum spend requirements lock you in before you know if the product works at your scale
• Hidden fees: setup fees, per-user fees, fees for PDF reports, fees for webhook access. A good provider includes everything in the check price.
• Overage rates: if you exceed your plan, what's the per-check cost? Some providers charge significantly more for overages than for included checks.

A reasonable range for automated proof of address verification is €0.30 to €1.00 per check, depending on volume. If you're being quoted significantly more, you're likely paying for a bundle of features you don't need.

6. Where is your data processed and stored?

Proof of address documents contain personal data: names, addresses, and sometimes financial information. Where that data is processed and stored has real compliance implications, especially under GDPR.

Questions to ask:

• Where are the servers located? EU, US, or other?
• Is data transferred outside the processing region at any point?
• How long are documents and results retained?
• Can you configure retention periods?
• What happens when you delete a verification? Is the document actually removed, or just soft-deleted?
• Does the provider act as a data processor or data controller?

If you're an EU-based company or you process EU residents' data, working with an EU-hosted provider simplifies your GDPR obligations significantly. You avoid the complexity of Standard Contractual Clauses, data transfer impact assessments, and the ongoing legal uncertainty around transatlantic data transfers.

7. How fast can you go from signup to production?

Integration speed matters more than most buyers realize. Every week spent integrating is a week where your team isn't building your product. And if the integration is painful, the ongoing maintenance will be too.

A realistic timeline for a well-designed address verification API:

• Day 1: sign up, get API key, send first test verification
• Day 2-3: integrate into your application, handle responses, set up webhooks
• Day 4-5: test with real documents across your use cases, tune thresholds
• Week 2: production traffic

If a provider tells you integration takes "4-6 weeks," that's a sign the product is either complex or poorly documented. For a single-endpoint API, a competent developer should be able to get a working integration in a day or two.

Red flags to watch for

In the process of evaluating providers, watch for these warning signs:

• No public documentation: if you can't read the API docs before signing up, the provider is either hiding complexity or hasn't invested in developer experience. Either way, integration will be harder than it should be.
• Bundled products: some providers only offer address verification as part of a larger identity suite. You'll pay for facial recognition, ID scanning, and sanctions screening whether you need them or not. If you only need proof of address, you're subsidizing features you don't use.
• Vague accuracy claims: "99.9% accuracy" means nothing without context. Accuracy at what? On which document types? In which languages? Ask for specifics, or better yet, test it yourself.
• No configurable thresholds: a system that only gives you pass/fail without letting you control the sensitivity is a black box. You need to be able to set match thresholds that align with your compliance policy, and you need to be able to explain those thresholds to a regulator.
• Long-term contracts required: if the product is good, the provider doesn't need to lock you in. Monthly billing with no minimum commitment is a sign the provider is confident you'll stay because the product works, not because a contract says you have to.
• Slow support responses during evaluation: if support is slow when they're trying to win your business, it won't get faster after you've signed.

How to run a proof of concept

Don't choose a provider based on a demo or a slide deck. Run a real test with real documents. Here's how:

Step 1: collect 10-20 test documents

Pull documents from your actual workflow. Include a mix of:

• Different document types (utility bills, bank statements, government letters)
• Different languages, if you have international customers
• Clean, high-quality scans and messy, low-quality photos
• Documents you know should pass and documents you know should fail (expired, wrong name, wrong address)

Step 2: submit them all

Use the API, not a dashboard demo. You're evaluating the integration experience, not just the output. Time how long it takes to get from "I have an API key" to "I've submitted my first document." If it takes more than 30 minutes, that's a problem.

Step 3: evaluate the results

For each document, check:

• Was the name extracted correctly?
• Was the address extracted correctly, including in non-Latin scripts?
• Was the document date detected?
• Was the document type identified?
• Did the pass/fail result match your expectation?
• Are the match scores and reasoning useful for your compliance records?

Step 4: show the results to your compliance team

This is the step most companies skip, and it's the most important one. Your compliance officer needs to sign off on the evidence trail. Download the verification reports and ask: "If a regulator asked us to justify this decision, is this enough?"

If the answer is yes, you've found your provider. If the answer is "almost, but I need...," check whether that gap is configurable. If it's not, keep looking.

Step 5: calculate real costs

Take your expected monthly volume and calculate the actual cost using the provider's pricing page. Add overage fees if your volume is variable. Compare this to the cost of your current process: how many hours does your team spend on manual review, and what's that worth?

For most companies, automated verification pays for itself as soon as it replaces even a few hours of manual review per week.

A checklist for your evaluation

Use this checklist to compare providers side by side:

• □ Can I sign up and test without a sales call?
• □ Is the API documentation public and complete?
• □ Can I submit a document and get a result with one API call?
• □ Can I configure match thresholds per request?
• □ Does it handle non-Latin scripts with automatic transliteration?
• □ Does each verification produce a downloadable audit report?
• □ Are match scores and reasoning included in the response?
• □ Is pricing published on the website?
• □ Is there no minimum commitment or annual contract?
• □ Is data processed and stored in a region that fits my GDPR obligations?
• □ Can I go from signup to first verification in under an hour?
• □ Does my compliance team approve of the evidence trail?

No provider will check every box for every company. But the more boxes checked, the less time you'll spend on integration, compliance gaps, and vendor management.

What we built at trusqo

We built trusqo because we saw the same problems described in this article. Most address verification was either buried inside expensive identity suites or left to manual review. We wanted a focused product that does one thing well: verify proof of address documents via API, with full audit trails, in any language.

A few specifics:

• One REST endpoint to submit a document and expected data. Results include match scores, reasoning, extracted data, and a downloadable PDF report.
• Configurable name, address, and postcode match thresholds per request. Set your own sensitivity from 0 to 1.
• Documents in any language and script, with automatic transliteration. No extra steps, no language-specific configuration.
• Pricing starts at €25/month with 50 checks included. Every price is on the website. No sales calls, no annual contracts.
• EU-hosted, GDPR-native. All processing and storage happens in the EU.
• Instant signup. Most developers send their first verification within minutes.

We're not the right fit for everyone. If you need a full identity suite with facial recognition and sanctions screening, we're not that. But if you need proof of address verification that works, is simple to integrate, and produces evidence your compliance team will actually trust, give us a try. You can test it with real documents before you spend a cent.

Full API documentation is at trusqo.com/docs.