Every applicant had to clear multi-vendor screening before reaching a lender.

Identity verification: Persona, plus OFAC and additional vendors

Womply did not build its own identity system; it layered established third-party vendors. Through Persona, Womply checked the applicant’s SSN, date of birth, name, and address, and matched a government ID against a live video selfie, with Womply staff manually reviewing flagged selfies for signs of deepfakes or tampering. Womply ran that alongside OFAC sanctions screening and additional identity checks, including DocuSign Knowledge Based Answers (KBA), powered by LexisNexis. An identity fake had to defeat several independent vendors at once.

Bank verification: Plaid

Womply verified the applicant’s bank account through Plaid, alongside email and phone verification. Connecting a real, controlled bank account was required, not optional.

Document and disbursement checks

Womply ran real-time tax-document validation, flagging applications where the name and EIN were valid but the financial figures appeared falsified. Controls did not stop at submission: Womply could stop or invalidate the ACH transfer before disbursement, and ask the receiving bank to freeze funds when fraud surfaced late.

What screening could and couldn’t catch

Together these gates stopped more than 1.1 million suspicious or ineligible applications before they reached a lender. But one limit was built into the program itself: without IRS verification of self-certified income, a well-made fake and a genuine document can look identical. That is why Womply urged the SBA to verify income against IRS records and require an IRS Form 4506-T from every applicant.

How Womply reported fraud to the government →