Verification of Identity (VOI) is no longer a nice-to-have. Knowing who your clients are is a must. With growing pressure on professionals across a range of industries to maintain strict security around client data, VOI is one of the biggest areas where best practice and risk can easily clash.
It’s one thing to verify someone’s identity. But it’s important to consider how you verify it, and what happens to the ID documents afterwards. Are your processes secure, compliant, and future-proof?
This consideration applies across the board – no industry is immune. Whether you’re handling property, financial or legal matters, you’re responsible for protecting your client’s personal information. And the way you approach VOI says a lot about how seriously you take that responsibility.
Here are three mistakes we see far too often, and what you should be doing instead…
1. Asking for copies of ID via email
It might feel quick and convenient to ask for a photo of a driver’s licence or passport to be emailed through. But it’s also one of the riskiest ways to handle sensitive data.
Email is inherently insecure, especially when attachments are involved. Once that document leaves the sender’s mailbox, it’s likely sitting unencrypted on multiple servers, possibly synced to devices, and open to interception or unintended forwarding. It also becomes your responsibility to store or delete that information securely.
In fact, according to the Australian Cyber Security Centre’s Annual Cyber Threat Report 2023-2024, over 33% of cybercrimes reported by businesses relate to email compromise.
The better way
Use a secure, purpose-built verification portal. Systems like Scantek allow your clients to complete the process in their own time through a secure link (a single link and no app download is all that’s needed for Scantek). Not only is the data encrypted in transit and at rest, but it also keeps the entire audit trail in one place.
2. Saving documents unnecessarily (or unsecurely)
If your team is downloading ID documents to desktops or shared folders, saving screenshots in photo rolls, or printing copies for the file: stop. Please. Not only is this poor practice, but it may also be in breach of your privacy obligations.
The Privacy Act (and soon, AML/CTF regulations) make it clear: you should only collect and store personal information if it’s absolutely necessary, and only for as long as needed. Keeping documents “just in case” may not fit the brief.
Aside from the obvious cyber risk, there is also a reputational one. A misplaced document, an unsecure USB, or an old staff laptop with saved IDs can easily turn into a reportable breach.
The better way
Let a verified VOI platform handle the storage and security of client documents. Look for one that offers time-limited storage, encrypted environments, and full access logs, so you can prove not only that you verified someone’s ID, but that you did it securely and compliantly.
At Scantek, for example, VOI records are stored securely within Australian data centres and only retained for the necessary period before being purged automatically in line with legal requirements. And Scantek is ISO 27001:2022 certified, which means that you can be confident that your client data is stored securely. No more worrying about local copies of IDs, no files in downloads folders, and no screenshots lurking about on your staff’s phones.
3. Relying on a video call
Technology has enabled us to do incredible things, particularly when it comes to serving clients in different geographical locations. Location really is no issue in 2025. However, where you may have once relied on FaceTime, Zoom, or other video calls to “eyeball” a client and tick the VOI box, the rise of AI-generated deepfakes now means that this approach is no longer safe or sufficient.
Even the Law Council of Australia has identified video calls for the purposes of client ID checks as a vulnerability in its 2023 Vulnerability Analysis regarding money laundering and Terrorism Financing.
A real-time video of someone holding up a passport might seem legitimate, but how do you know that person is who they say they are? And what record do you have to prove that the VOI was completed if the call isn’t securely recorded or logged?
The better way
A compliant VOI should include both document verification and biometric checks. That means comparing the photo on the ID with a real-time facial scan (not just relying on a video call).
The Scantek platform uses advanced facial matching and liveness detection, so you can be confident that the person submitting ID is physically present and matches the document provided. It removes the subjectivity from the process and provides a verifiable audit trail if ever required.
The bottom line
As regulations evolve and client expectations rise, your approach to VOI can’t afford to stay in the grey area.
Poor processes leave you exposed to fraud, privacy breaches and legal risk.
Whether you’re trying to streamline your workflow, keep your compliance in check, or simply sleep better at night knowing your client data is safe, now is the time to take VOI seriously.
There’s a better way to do it. And in making these changes, you’ll also build trust and be able to demonstrate to your clients that you’re one step ahead.
Want help reviewing your current VOI practices?
Scantek’s secure VOI platform is trusted by professionals across Australia for a reason. It’s simple, compliant, and puts both you and your clients first. Book a no-obligation demo today and let us help you tighten up your processes and reduce your risk.