Fourthline

From ING to Independent Regtech

Most KYC vendors tell you about their AI models first. Fourthline tells you about its origin story first, and for good reason. The company was founded in 2014 as an internal project inside Safened, a fintech backed by ING Bank, to solve a problem that the bank's existing tooling could not: how to onboard a retail customer remotely, to a European banking standard, in minutes rather than days. Spun out as a separate company and later funded by Finch Capital and others, Fourthline entered the market with something its competitors did not have — processes designed from day one to satisfy a Tier 1 European banking supervisor. Today, that banking DNA is still the most important thing about it.

The result is a KYC and customer due diligence platform that looks different from the generic identity verification vendors that dominate the US market. Fourthline is not a thin layer on top of an OCR model and a selfie check. It is a regulated chain-of-custody workflow built around European compliance requirements, sold almost exclusively to European banks, brokers, and fintechs. The customer list — N26, Scalable Capital, Solarisbank, Trade Republic, Qonto, and others — reads like a who's who of European digital finance, and that is not an accident.

What Makes Fourthline Different

NFC Chip Reading

The headline technical capability is NFC reading of e-passports and electronic national ID cards. Modern European identity documents contain a cryptographically signed chip with the holder's biometric data, and Fourthline's mobile SDK can read, verify, and cryptographically validate that chip directly. This is the highest assurance path available for remote identity verification — it defeats almost every form of document forgery because the chip is signed by the issuing country and tampering breaks the signature.

The practical consequence is that a Fourthline verification carries substantially more regulatory weight than a photo-of-a-passport check. For banks operating under strict AMLD requirements, this translates directly into lower audit risk and faster regulator sign-off on remote onboarding flows. It is also the main reason Fourthline punches above its weight against Jumio and Onfido in European bank RFPs, despite those competitors being significantly larger.

Full CDD Platform, Not Just ID Verification

Most KYC vendors sell identity verification as a discrete step — verify the person once, hand off to the bank's internal systems for everything else. Fourthline goes further, offering an end-to-end customer due diligence platform. PEP and sanctions screening, adverse media checks, address verification, ongoing monitoring, and perpetual KYC are all integrated into the same platform. Compliance teams work through a case management dashboard rather than a series of disconnected point tools. For small and mid-sized fintechs that would otherwise have to stitch together three or four vendors, this consolidation is a meaningful advantage.

Regulatory Status

Fourthline is registered as a qualified trust service provider in the Netherlands under the eIDAS regulation. This is not just a marketing badge — it is a regulatory designation that imposes supervision, audit, and liability requirements on the company and makes its verifications carry formal legal weight for certain European use cases. Very few of Fourthline's competitors hold this status, and for organisations signing documents or issuing qualified electronic signatures downstream of KYC, it is often a hard requirement.

Proven at Scale

Fourthline has processed well over a hundred million verifications and is embedded in the account opening flows of some of Europe's largest digital banks. The platform is battle-tested at the kind of volumes and under the kind of regulator scrutiny that smaller vendors cannot match. For a bank compliance team evaluating vendors, this operational pedigree reduces risk in a way that demo videos cannot.

Pricing

Fourthline is enterprise-only. There is no self-serve signup, no free tier, and no published pricing. Commercial engagement starts with a scoping workshop where Fourthline's team reviews the customer's regulatory footprint, expected verification volumes, and integration path, after which a custom contract is proposed.

Pricing is typically structured around per-verification fees that decline with volume, plus platform fees for the case management dashboard and ongoing monitoring services. For small fintechs, this commercial model can feel heavy — you cannot simply swipe a card and start testing. For banks and growth-stage fintechs, it is exactly the kind of engagement their procurement and compliance teams expect.

The practical implication is that Fourthline is not the right tool if you are a pre-seed startup that needs to onboard its first hundred users. It is the right tool if you have a compliance officer, a banking licence or similar, and a concrete need for verifications that will stand up in a regulator conversation.

EU Compliance and Data Sovereignty

Fourthline is one of the cleanest European data sovereignty stories in the KYC market. Fourthline B.V. is a Dutch limited company with its primary operations in Amsterdam, fully subject to GDPR, Dutch banking supervision, and the European Anti-Money Laundering Directives. All verification data is processed and stored inside the European Union — the company does not operate data centres or failover infrastructure in the United States or any other non-EU jurisdiction.

Fourthline holds ISO 27001 and SOC 2 Type II certifications, is PCI DSS compliant, and is registered as an eIDAS qualified trust service provider. For banks and insurers navigating DORA, GDPR, and the AMLD package, this combination of certifications and European jurisdiction is the strongest possible foundation, and it is not something US-headquartered competitors can match regardless of which data centre region they deploy to.

Who Fourthline Is Best For

European banks and digital banks that need bank-grade KYC with NFC chip reading, full CDD workflows, and a vendor that is itself regulated within European jurisdiction.

Growth-stage fintechs preparing to scale account opening to tens of thousands of users per month, where the depth of the platform and the credibility with regulators outweigh the cost and procurement overhead.

Brokerages, wealth managers, and crypto firms subject to AMLD and MiFID II who need end-to-end customer due diligence rather than just a one-shot ID check.

Insurance companies running remote onboarding flows for high-value policies where NFC-based assurance materially reduces fraud and compliance risk.

Where Fourthline Falls Short

The lack of self-serve onboarding makes Fourthline inaccessible to early-stage startups and small operators who just want to buy a few hundred verifications a month to get moving. For that use case, Sumsub, Veriff, or Onfido are significantly more approachable.

Implementation timelines are real. Most new Fourthline customers go through a structured onboarding process that includes compliance workshops, integration sessions, and UAT testing before the live switch. Expect weeks, not hours, from contract signature to production traffic.

Global document coverage, particularly outside Europe, is narrower than the biggest international competitors. If your user base is predominantly in the Americas, Asia, or Africa, you may find that Fourthline supports your most important document types but lacks the long tail of local IDs that Jumio or Onfido carry.

Finally, the mobile SDK is the primary integration path for NFC chip reading. Web-only flows are supported but give up the NFC capability, which undermines a meaningful part of Fourthline's value proposition.

The Verdict

Fourthline is what bank-grade European KYC looks like when it is built from the inside of a bank rather than bolted onto a generic identity API. The NFC chip reading, the eIDAS qualified trust service provider status, the end-to-end CDD platform, and the full European data footprint combine into a package that very few competitors can match for organisations operating under European banking and AML supervision. It is expensive, enterprise-only, and deliberate about its focus — and for the customers it is built for, those are features, not bugs.

Frequently Asked Questions

Is Fourthline GDPR compliant?

Yes. Fourthline B.V. is a Dutch limited company with all customer data processed inside European data centres, subject to GDPR and Dutch regulatory supervision. The company holds ISO 27001, SOC 2 Type II, and PCI DSS certifications and is registered as an eIDAS qualified trust service provider in the Netherlands.

Can I self-host Fourthline?

No. Fourthline is a regulated SaaS platform delivered through mobile SDKs and REST APIs. Self-hosting would break the chain of custody and independent audit trail that make Fourthline's verifications defensible to banking regulators, which is the entire point of the product.

How does Fourthline compare to Jumio or Onfido?

Fourthline is a European-headquartered, bank-origin KYC platform with NFC chip reading as a core capability and all data processed in the EU. Jumio and Onfido are larger global players with broader non-European document coverage and more mature self-serve onboarding, but weaker European data sovereignty stories and less banking DNA. European banks and fintechs with strict AMLD and data residency requirements typically prefer Fourthline.

Is there a free trial?

No. Fourthline is enterprise-only with custom pricing tied to verification volumes. Prospective customers typically engage in a scoping workshop and proof of concept before signing a commercial agreement. If you need a free trial and self-serve signup, Sumsub or Veriff are better fits for your stage.

Where is my customer identity data stored?

All verification data is processed and stored inside European data centres under Dutch jurisdiction. Fourthline has no US parent company and no data replication to non-EU regions. This gives customers a clean GDPR and data sovereignty position that US-headquartered KYC vendors cannot match.