Regula ups security of mDL verifications with server-side processing

Malware, rooted phones, tampered apps: User devices such as smartphones can pose risks to identity verification, as these environments are difficult to control against fraud.

Regula says it has a solution. The identity verification firm has introduced server-side reprocessing of mobile driver’s license (mDL) data in its document reader software, Regula Document Reader SDK. The capability means that mDL data is processed on the backend in a controlled, trusted environment rather than relying solely on user devices, which also helps preserve the integrity of the identity signal across the verification flow. Data captured on the user’s device is revalidated through a PKI check and signature verification on the server.

The feature is designed for regulated and high-risk industries such as mobility and ride-sharing services, car rentals, travel and aviation, and age-restricted commerce, where reliable mDL verification is important, according to Ihar Kliashchou, Regula’s chief technology officer. It also supports zero-trust security models.

“Server-side mDL verification helps move critical checks into a controlled environment, strengthening fraud prevention by ensuring identity decisions rely on authentic, untampered data,” says Kliashchou. “At the same time, it helps preserve identity signal integrity across the entire verification flow, enabling organizations to make trusted server-side decisions rather than relying solely on client-side inputs.”

Server-side verification of mDLs is issued in accordance with ISO/IEC 18013-5 and is available in the new version of the Regula Document Reader SDK.

The new feature comes as more organizations adopt identity checks using digital credentials such as mDLs, which are being issued by an increasing number of jurisdictions, including the U.S., EU, and Australia.

In January, Regula enabled organizations to verify mDLs at scale. The move is meant to ensure interoperability across wallets, jurisdictions, and devices to reduce the risk of fragmented implementations, proprietary lock-in, and unverifiable credentials.

The Document Reader SDK performs multiple automated checks to verify an identity document’s authenticity, including analyzing MRZ data, barcodes, and RFID chips, and drawing on the firm’s document database, which covers over 16,000 templates.

Article Topics

biometrics  |  digital ID  |  document verification  |  mDL (mobile driver's license)  |  mDL verification  |  Regula  |  SDK