Most identity verification processes end with a simple outcome: pass or fail. The applicant either clears the check or they don’t. And for many institutions, that feels like enough.
Until something goes wrong.
When fraud is discovered weeks or months after an account was opened, the investigation often starts with a frustrating question: what evidence do we actually have? In many cases, the answer is a data log. Maybe a timestamp. Maybe a device fingerprint. Useful, but rarely enough to build a case on. The verification happened, but it didn’t leave behind a meaningful record.
That gap between “we verified this person” and “we can prove what happened during that verification” is where a lot of investigative work stalls. And it’s expensive. Financial crime compliance costs in the U.S. and Canada have reached $61 billion, according to the LexisNexis True Cost of Financial Crime Compliance Study. SAR filings hit a record in 2025, with financial institutions filing more than 4.1 million suspicious activity reports. Every one of those filings represents time, labor, and documentation that has to come from somewhere.
The institutions rethinking their verification process aren’t just asking “did we catch the fraud?” They’re asking “when something goes wrong, will we have what we need to investigate it, document it, and if necessary, support prosecution?”
What Most Verification Leaves Behind
Standard identity verification typically produces a binary result and some metadata. A name was matched. An ID number checked out. A knowledge-based authentication question was answered correctly. The system logged a pass, and the account was opened.
That may be enough to satisfy onboarding requirements. But when an investigator picks up the file six months later, what they often find is a thin trail. There’s no recording of the interaction. No image of the person who presented the ID. No sworn statement. No way to verify whether the person on the other end of the screen was the same person whose credentials were used.
This isn’t a hypothetical concern. FinCEN’s analysis of identity-related suspicious activity found that 69% of identity-related BSA reports involved impersonation, and the total suspicious activity tied to identity compromise reached $212 billion in a single reporting year. Fraudsters aren’t just stealing data. They’re using it to impersonate real people through processes that were never designed to catch them in the act.
What a Legal Record Actually Looks Like
Remote online notarization is designed to produce something fundamentally different from a standard verification check. It’s designed to produce evidence.
A completed RON session can generate:
- A signed legal affidavit
- A recorded live video session retained for a defined period (often ten years, depending on state requirements)
- Session metadata including the signer’s IP address and geolocation at the time of the transaction.
Additionally, the signer appears on video in real time. Their government-issued ID is authenticated by a third-party credential verification service and reviewed by a trained notary, who conducts a visual inspection on camera to compare the document against the signer in real time and confirms identity through two-factor verification before the session proceeds. They sign a legal document under penalty of perjury confirming their identity.
When fraud is later suspected or disputed, investigators often aren’t starting from scratch. They can have a timestamped, video record of exactly who completed the verification, where they were, what ID they presented, and what they signed. That’s a record which can be reviewed, paused, and analyzed over and over again.
What This Looks Like in Practice
Consider a scenario that illustrates how this kind of documentation can change the course of an investigation.
A financial institution flags a newly opened account for suspicious activity several weeks after origination. The account was opened remotely, and initial automated verification checks were passed without issue. Under a standard process, the investigation team would be working with limited information: a name, an ID number, a device fingerprint, and whatever transactional data had accumulated since the account went live.
But this account was opened through a process that included a remote online notarization session. When the investigation team pulls the session record, three data points surface immediately. The IP address at the time of the session points to a location hundreds of miles from the address listed on the applicant’s government-issued ID. The geolocation data captured during the session confirms the discrepancy.
All three data points were captured automatically as part of the verification session. None of them required a retroactive investigation to produce. They were available from the moment the session ended, waiting to be reviewed if the need ever arose.
That kind of documentation isn’t a byproduct of the verification process. It’s a designed outcome.
Evidence as Deterrent
There’s another side to this that often goes unmeasured. The existence of a legal record doesn’t just help investigations after the fact. It can also prevent some fraud from being attempted in the first place.
When an applicant knows that a ten-year video record will exist of their verification session, that their IP and geolocation will be logged, and that they’ll be signing a legal affidavit under penalty of perjury, the calculus changes. For a legitimate applicant, this is a minor step. For someone attempting to use a stolen or synthetic identity, it’s a significant exposure.
Fraudsters tend to favor processes with the least documentation and the fewest human touchpoints. A verification process that creates a permanent record that may be admissible as evidence is the opposite of what they’re looking for.
Thinking Past Prevention
Most conversations about identity verification focus on prevention. Can we stop the fraud before it happens? That’s the right first question. But it isn’t the only one.
The institutions thinking ahead are also asking what happens when prevention isn’t enough. When fraud gets through, and some of it always does, will the evidence already exist? Will investigators have what they need without starting from zero? Will the institution be able to support a regulatory filing, an internal review, or a law enforcement referral with documentation that was captured at the point of verification, not reconstructed after the fact?
A verification process that produces a legal record can answer those questions before they’re asked. The affidavit is signed. The video is recorded. The metadata is captured. If nothing ever goes wrong, those records sit quietly. If something does, they’re already there.
That’s the difference between a verification that tells you someone passed and a verification that can prove what happened.
Building a legal record into the verification process can give compliance and investigation teams the evidence they need when fraud surfaces. But where that verification gets applied matters just as much as what it produces. Most institutions fortify onboarding. Fewer apply the same rigor to the moment a compromised account gets reactivated. That’s the gap the next article addresses. Read it here: Fraud Doesn’t Enter at One Point. Neither Should Verification.
Frequently Asked Questions
What kind of evidence does a remote online notarization session produce?
A completed RON session can produce a signed affidavit, a video recording of the live session (often retained for up to ten years depending on state requirements), and session metadata including the signer’s IP address and geolocation at the time of the transaction. Together, these elements can create a record that can withstand forensic review, going well beyond a standard pass/fail verification result.
How is a notarized affidavit different from a standard identity verification check?
Standard identity verification typically confirms that a set of credentials matches a database record. A notarized affidavit can add a legal layer. The signer appears on video and presents government-issued identification to a trained notary. The credential has already been authenticated by a third-party verification service, and the notary conducts a visual inspection on camera to compare the photo on the ID to the signer in real time. The signer then signs a document under penalty of perjury confirming their identity. The result isn’t just a data match. It’s a sworn statement backed by video evidence and metadata.
How long are RON session recordings typically retained?
Retention periods can vary by state and by provider. Many RON platforms retain session recordings for ten years or longer. This extended retention window means that if fraud is discovered months or even years after an account was opened, the original session evidence may still be available for review.
Can RON session data be used in fraud investigations or legal proceedings?
In many cases, yes. The combination of a signed affidavit, a recorded video session, and timestamped metadata can provide investigators with documentation that may support regulatory filings, internal reviews, or law enforcement referrals. Because the record is captured at the point of verification rather than reconstructed after the fact, it may carry more evidentiary weight than data logs produced by automated systems. Institutions should consult with legal counsel regarding admissibility in specific jurisdictions.
Does the existence of a legal record deter fraud attempts?
It can. Fraudsters tend to prefer processes with minimal documentation and few human touchpoints. A verification process that requires a live video appearance, government ID review, and a signed affidavit under penalty of perjury represents a level of exposure that many fraudulent applicants may be unwilling to accept. While the deterrence effect is difficult to measure directly, institutions that implement more rigorous, documented verification at account origination may see fewer fraudulent attempts reach the application stage.
What types of discrepancies can RON session data reveal?
Session data can surface geographic discrepancies between an applicant’s stated location, their ID address, and their IP address at the time of the session. It can also reveal visual inconsistencies between the person appearing on video and the photo on the ID they present. Because this data is captured automatically during the session, it doesn’t require a separate investigation to produce. It’s available for review from the moment the session ends.
This blog post is for informational purposes only and doesn’t represent legal advice.
Sources Referenced
LexisNexis Risk Solutions, True Cost of Financial Crime Compliance Study, U.S. and Canada (2024)
FinCEN, Identity-Related Suspicious Activity Financial Trend Analysis (2024)
Forvis Mazars, SAR Filing Statistics (2025)
Your Privacy Choices
