eKnow Your Customer Requirements Driving Change
By John Callahan, CTO, VeridiumID
KYC – Know Your Customer is a process used around the globe for many years to validate the identity of a customer. Many of you will have already experienced KYC, if you have ever opened a bank account, bought a property or even obtained a SIM card for your mobile phone. You will have been asked by the bank/solicitor/mobile operator for proof of identity.
Organizations have typically required you to present a passport/driving license or ID card, perhaps with a recent utility bill for proof of address before providing you services.
Why do they do this?
It may seem fairly obvious for certain use cases, particularly for banking or where financial transactions occur. Fraud is a significant challenge in Financial Services, fraud always increases during economic downturns and it would appear during global pandemics according to a recent study by the World Bank. Fraud presents itself in many different formats, from false account setup, unauthorized account access, and money laundering. While the criminal fraternity, may look to line their own pockets, there is a more extreme side, which funds drugs cartels or finances terror organizations.
After the financial crisis of 2008, financial organizations became heavily regulated and KYC was introduced as a regulatory requirement after a series of major fraud, money laundering, and tax evasion cases. However, even in the last decade global financial services have been exposed by a number of money laundering scandals which have resulted in over $36 billion in fines.
Heavy regulation ultimately creates more friction, especially for the consumer. 1 in 5 banks onboarding times has doubled, from 4 to 8 weeks, and expect this time to increase even further. This challenge has been typically addressed head-on by throwing money and headcount at the very manual and legacy process for KYC. However, COVID has forced a new way of thinking.
eKYC/mKYC – (Electronic/Mobile) requirements have driven transformational change in organizations, which can no longer expect customers to visit branch offices and present themselves in person for manual KYC. Additionally, using computer vision and artificial intelligence has removed the subjective human error-prone process of matching a person to a photograph, providing higher levels of assurance, that an individual is who they claim to be.
But what options are available for eKYC? Actually, there are a number of options available to organizations to securely and remotely perform Identity Verification. Let’s explore a couple of them.
Firstly, it is now possible to take the tried and tested identity documents, such as passport, driving license, or identity card, and remotely scan that document into a mobile application, this can be done by simply capturing the document with the mobile camera or for a more reliable and performant solution, leveraging the document RFID chip to extract information via NFC to the smartphone. While not everybody has the latest phones capable of using NFC and not every government documentation that has a RFID chip to extract information from, it’s encouraging to know there is always a fall-back option of simply taking a picture of the document.
We then simply use the same application to take a selfie and the application attempts to match the selfie with the face image extracted from the documentation. In the background there is a validation check of the document itself, is it a genuine document, has it been reported lost or stolen? All of these factors combined, allow organizations to deliver a remote and secure onboarding capability, which also provides a frictionless user experience for customers. It accelerates the KYC process and reduces costs at the same time.
All good? Well not quite, unfortunately, Government documentation availability is not a certainty, additionally face matching from a 10-year-old photograph that has been captured using the mobile phone camera (as opposed to NFC) comes with its challenges in terms of performance and reliability. Additionally, cultural and religious requirements can present additional problems when the app asks to perform a selfie for face verification, add in poor lighting conditions and a requirement for “liveness” validation, what can be a very reliable and performant solution takes a performance hit and can lead to a frustrating user experience.
Since biometrics are clearly the preferred method for eKYC and where face recognition may present challenges and/or there is no documentation available with which to match the face against, there needs to be a flexibility of biometric modalities to provide not only choice to the customer, but performance and security improvements to the organization.
Fingerprint recognition is the other obvious biometric modality that could be used for Identity verification. Fingerprints, as well as face images, are stored on many forms of government documentation around the globe, however, this doesn’t help where that documentation is not readily available. There is an alternative to Government documentation though and that is National Identity Databases.
National Identity databases are scattered around the globe but are prominent in Latin America, Middle East / Africa as well as ASIA. These databases provide a trust anchor for the government who ask/mandate citizens to enroll themselves into the database in order to leverage Identity verification. Organizations who can reference these databases have a ready-made platform to query and use biometrics to validate individual identity with a simple capture of fingerprint or face (where available). The benefit here is, this is a centralized database, the risk of fraudulent documentation is eliminated, in addition, the biometric “image” is clean, no holograms over passport pictures to affect face matching performance.
Since fingerprint has no cultural, racial, or religious bias and fingerprints are largely unaffected by the aging process, fingerprint recognition delivers a highly performant and secure biometric modality to verify Identity. Fingerprint also eliminates the “twins” issue associated with facial recognition, since every fingerprint in unique. The challenge now is how to capture the fingerprint remotely…..Any of us who have experienced US border control or watched a Mission Impossible film, will of seen the requirement to place our fingers/thumbs onto a hardware scanner of some description. Sadly, very few of us have these devices available to us at home and before you jump to the assumption that your phone has a fingerprint scanner built into it, sadly that particular sensor has no mechanism to capture a fingerprint image and send it outside the phone for matching.
However, at Veridium we developed a mobile software solution that uses just a smartphone camera to capture fingerprint images, by simply taking a picture of your hand. This fingerprint image can be used in addition to, or as an alternative to face matching. It can be matched by National Identity Databases (and Security Services Databases) as well as matching against documentation where fingerprint images are stored on RFID chips. Since every smartphone has a camera and a torch, performance is assured in pitch black or bright blue sky conditions, coupled with in-built liveness detection to deter against simple and complex presentation attacks.
Now organizations can securely and reliably deliver eKYC/mKYC for their clients, deliver flexible biometric modalities of the face and fingerprint capture, leverage Government-issued documentation or National Identity database, and provide flexibility to ensure they are not caught out with racial, religious or cultural bias. Organizations can now reliably identify you without seeing you in person. Provide a frictionless onboarding experience to customers and help eliminate fraud, all at the fraction of the cost of traditional KYC processes.
About the Author
Dr. John Callahan is responsible for the development of the company’s world-class enterprise-ready biometric solutions, leading a global team of software developers, computer vision scientists, and sales engineers.
He has previously served as the Associate Director for Information Dominance at the U.S. Navy’s Office of Naval Research Global, London UK office, via an Intergovernmental Personnel Act assignment from the Johns Hopkins University Applied Physics Laboratory. John completed his PhD in Computer Science at the University of Maryland, College Park.