For online financial organizations, identity verification and eKYC solutions are essential for compliance. These solutions not only streamline customer onboarding processes but also play a crucial role in preventing fraud and ensuring compliance with regulatory requirements. Designing a robust eKYC system involves multiple factors to consider. This infographic provides valuable insights into the key considerations for businesses looking to implement effective identity verification and eKYC solutions.
1. Designing a User-Centric KYC Workflow
When designing a KYC workflow, companies should adopt a customer-centric approach that involves the following steps:
- Understanding Your Customers: Identify your target audience’s needs and preferences to tailor the verification process accordingly.
- Mapping the User Journey: Wireframe your entire customer journey to identify pain points and streamline the process. Each extra step increases the risk of customer dropout. Provide clear and easy-to-understand instructions for each step and keep customers informed of their progress. The selfie and liveness checks should be quick and intuitive — as easy as taking a photo.
- Prototype Testing: Create a prototype and conduct user testing to gather feedback and refine the workflow before full-scale launch.
2. Testing Your eKYC Process: A Real-World Approach
To make sure your automated eKYC system works well in real life, consider the following factors during testing:
- Ensure that your sample size is large enough to provide meaningful results. Test across a broad range of relevant demographics and ethnicities as some solutions may have built-in biases based on the training data used to create the AI/ML algorithms.
- Use both real and fake IDs from your target markets. Include some deepfake selfies and manipulated ID photos to test the system’s deepfake detection capabilities. If you serve a global customer base, test with ID documents from different countries. NOTE: In order to test deepfakes, you will need to be familiar with video injection technologies which enable you to insert fake videos into a system’s feed to bypass liveness detection protocols.
- Use IDs and selfies taken in various real-world conditions including poor lighting, blurry images, excessive glare, bent or folded IDs, and selfies with glasses.
- Try testing with expired IDs, like passports with holes punched in them.
- Test both current and older versions of specific country or jurisdiction’s ID types..
- Test at different times of the day and over the weekend to see if performance differs during non-business hours.
3. Fully Automated or Hybrid
The choice between a fully automated or hybrid (with human review for complex cases) eKYC solution depends on your specific business requirements and risk tolerance. Consider the following factors:
- Regulatory Requirements: If your industry is heavily regulated, a hybrid approach may be necessary to meet stringent verification standards.
- Fraud Risk: If your industry is vulnerable to online fraud, which can lead to severe financial and reputational damages, consider adopting a hybrid approach for added security.
- Accuracy Needs: For industries with high accuracy requirements, a hybrid solution can provide additional assurance through human review.
- Conversion Rates: Fully automated solutions will be faster, but because they rely exclusively on AI, they often struggle with reading ID documents and photos when there’s image glare, blurriness or dim lighting.
- Data Quality: The quality of the data used to train the AI algorithm can significantly impact the accuracy of a fully automated solution.
4. Enhancing Security with Risk Signals
Adding fraud risk signals to your KYC workflow provides a frictionless way to enhance user verification and help mitigate fraud risks. For example, you can check the reputation of the user’s device before they’ve entered any information, which is useful for stopping serial fraudsters who open multiple accounts in the same day from the same device. Similarly, you can check the age of their email address, their phone number’s reputation, their IP address and a variety of other risk signals to make sure they’re not in a high-risk location. Use a flexible rules engine to customize your workflow and modify rules in real time to respond to evolving fraud threats.
5. Conducting Regular Audits and Due Diligence
Before implementing the eKYC solution, companies should conduct thorough due diligence to ensure the vendor is compliant with relevant global regulations, has the requisite security certifications and has no affiliations with restricted agencies/entities/individuals that could put your customers’ personal data at risk or expose your business to compliance risks.
Additionally, businesses should regularly review their eKYC solution to identify and address potential vulnerabilities. Providing periodic feedback to the technology provider can help improve the effectiveness and fraud detection capabilities of the underlying technology used for customer identity verification.
Jumio’s End-to-End Compliance Platform
The Jumio platform integrates additional risk signals into the KYC workflow, consolidating multiple technologies into a single solution. This streamlined approach enhances fraud prevention while reducing operational costs and resource requirements, offering a more efficient verification process.
Jumio offers a bank-grade eKYC solution trusted by major financial institutions worldwide. With ISO/IEC 27001:2013, PCI DSS, and SOC2 Type 2 certifications, Jumio prioritizes continuous security improvement. Financial organizations can conduct periodic audits of Jumio’s eKYC processes and access real-time verification reports for regulatory review. This commitment to compliance and security ensures businesses can rely on Jumio for their identity verification needs.
