As we head into the second quarter of 2024, the ID market is entering a transition period as portable digital identity solutions are starting to mature, which in the next five years will reduce the demand for identity verification solutions.
KYC: Identity Verification Processes
Alongside this, competition is having a particular influence on the market with a large number of vendors offering what appear to be similar core identity verification processes to verify the client's identity.
This is causing confusion among buyers and forcing vendors to offer additional features such as enhanced fraud detection and low-code integrations in order to differentiate.
This amalgamation of the ID market is set to continue as customers require a multiple solution for each KYC journey (document authentication, mobile authentication, email fraud risk checks etc) so just providing one point solution ID is no longer valid for the market.
As a result, revenues are under pressure as the race to the bottom for transaction fees gains momentum.
At the same time, the malevolent use of AI stands as a key concern for ID verification providers as it becomes increasingly sophisticated.
Although generative AI is not new, the accessibility of tools using this AI, commonly known as deepfakes, and the public awareness of its capabilities have accelerated massively.
Gartner recently reported a significant increase in clients asking about the integrity of the identity verification process now that attackers have the potential to use deepfakes.
Such attacks can broadly be carried out in two ways: through 'presentation attacks' where the deepfake image or video is displayed on the screen of a secondary device, and 'injection attacks' where the deepfake image or video is digitally inputted into the identity verification process.
Academic research shows that deepfakes are almost five times better at spoofing verification solutions. Traditional spoofing methods like printed photos placed in front of the camera or realistic 3D masks succeed in 17.3% of cases. Meanwhile, deepfake-enabled spoofing techniques succeed in 86% of cases.
This is essentially a new world problem and organisations need new world solutions to counteract them, putting further pressure on the ID verification market.
Attack vectors in identity verification
| Attack type | Method | Success rate |
|---|---|---|
| Traditional spoofing | Printed photo or 3D mask placed in front of camera | 17.3% |
| Deepfake-enabled spoofing | Presentation or injection attack using AI-generated images | 86% |
So what makes the ideal ID verification solution? Firstly, more mature offerings will allow an organisation to configure the look and feel of the UI with respect to colours and logos to enable some alignment with corporate branding. The most advanced offerings provide drag-and-drop interfaces that enable deeper configuration of the UI and hence UX, such as requested data fields for the user to complete, flexibility for the user to select document types, and also calling out to third-party data affirmation sources that the vendor has integrated.
These low-code implementation approaches are proving to be attractive as they enable far faster implementations requiring fewer skilled resources, and encourage organisations to try vendor solutions, safe in the knowledge that their initial investment is relatively low. This is also enabling many small organisations to take advantage of such remote identity verification flows. There is a long tail of small independent businesses such as realtors or estate agents, lawyers or solicitors, financial advisors or tax specialists, who need to verify their customers' identities for regulatory purposes and a remote identity verification process triggered by a QR code with results available for lookup on a portal opens up opportunities for new business processes and modes of interaction.
And what of digital onboarding providers? What role should they be playing as the ID verification market experiences a period of flux?
Most vendors have typically offered organisations an API for browser implementation and a software development kit (SDK) for mobile app implementation. Outside of the core document and selfie image capture UX, organisations have developed and managed the UI components that form the broader identity verification journey. However, vendors are increasingly offering low-code implementation approaches in which the vendor hosts and manages all of the UI components and the entire user journey related to identity verification.
Typical low-code implementation flow
| Step | Action | Outcome |
|---|---|---|
| 1 | Organisation sends SMS with link or QR code to user | User directed to mobile device |
| 2 | User accesses vendor-hosted identity verification site on mobile browser | Optimised camera and UX experience |
| 3 | User completes document and selfie capture | Higher accuracy due to superior mobile camera quality |
| 4 | Vendor returns verification results to organisation | Via polling, webhooks, or portal lookup |
A typical low-code implementation consists of the organisation either sending an SMS to the user containing a link or asking the user to scan a quick response (QR) code, both aimed at getting the user onto their mobile device and on their mobile browser, eventually onto a site hosted by the vendor. More accurate results are generally achieved when the user goes through identity verification on their mobile device as the camera quality is far superior to a laptop or desktop webcam. This also improves UX by reducing requests to the user to retake images due to poor quality.
Once the user has gone through the identity verification process, the vendor will then send data pertaining to the identity verification to the organisation. This may be achieved by the organisation through polling a vendor's systems, using web hooks, or even simply looking up the results on the vendor's administrative portal. At the basic end of the spectrum, vendors may offer a fixed UI that the organisation has no control over.
1. What is Identity Verification?
Identity verification is the process of confirming the identity of an individual or organisation, typically through the use of documents, biometric data, or other forms of authentication. In the context of digital onboarding, identity verification is a critical step in ensuring that customers are who they claim to be, and that they are not attempting to commit fraud or other illicit activities.
Identity verification can take many forms, including:
- Document verification: This involves verifying the authenticity of government-issued documents, such as passports or driver's licences.
- Biometric verification: This involves using biometric data, such as facial recognition or fingerprint scanning, to verify an individual's identity.
- Digital footprint analysis: This involves analysing an individual's online activity and behaviour to verify their identity.
Identity verification is an essential component of digital onboarding, as it helps to prevent fraud and ensure compliance with anti-money laundering (AML) and know your customer (KYC) regulations. By using advanced technologies, financial institutions can enhance the security and efficiency of their customer onboarding processes, ultimately safeguarding against financial crimes.
2. Digital Onboarding in Financial Institutions
Digital onboarding is a critical process for financial institutions, as it enables them to acquire new customers and verify their identities remotely. Digital onboarding involves the use of digital technologies, such as mobile apps and websites, to facilitate the onboarding process.
Financial institutions use digital onboarding to:
- Verify customer identities: Digital onboarding enables financial institutions to verify customer identities remotely, using a range of authentication methods, including biometric verification and document verification.
- Conduct customer due diligence: Digital onboarding enables financial institutions to conduct customer due diligence, including risk assessments and anti-money laundering (AML) checks.
- Open new accounts: Digital onboarding enables financial institutions to open new accounts remotely, without the need for customers to visit a physical branch.
Digital onboarding is an essential component of financial institutions' digital transformation strategies, as it enables them to improve customer experience, reduce costs, and increase efficiency. By simplifying the customer onboarding process, financial institutions can enhance their competitive edge in the rapidly evolving banking sector.
3. Know Your Customer (KYC) and Customer Due Diligence
Know Your Customer (KYC) and customer due diligence are critical components of anti-money laundering (AML) and counter-terrorism financing (CTF) regulations. KYC involves verifying the identity of customers, while customer due diligence involves assessing the risk profile of customers and monitoring their activity.
KYC and customer due diligence are essential for preventing money laundering and terrorism financing, as they enable financial institutions to:
- Verify customer identities: KYC involves verifying the identity of customers, using a range of authentication methods, including biometric verification and document verification.
- Assess risk profiles: Customer due diligence involves assessing the risk profile of customers, including their financial history and behaviour.
- Monitor activity: Customer due diligence involves monitoring customer activity, including transactions and account activity.
KYC and customer due diligence are critical components of digital onboarding, as they enable financial institutions to verify customer identities and assess their risk profiles remotely. By integrating these processes into their digital onboarding solutions, financial institutions can enhance their compliance with regulatory requirements and mitigate the risk of financial crimes.
6. Anti-Money Laundering (AML) Regulations
Anti-money laundering (AML) regulations are designed to prevent money laundering and terrorism financing. AML regulations typically include:
- Know Your Customer (KYC): Verifying the identity of customers and assessing their risk profiles.
- Customer due diligence: Monitoring customer activity and assessing their risk profiles.
- Reporting suspicious activity: Reporting suspicious activity to the relevant authorities.
AML regulations are critical components of digital onboarding, as they enable financial institutions to prevent money laundering and terrorism financing. Financial institutions must comply with AML regulations, including KYC and customer due diligence, to prevent money laundering and terrorism financing.
AML regulations are enforced by regulatory bodies, such as the Financial Crimes Enforcement Network (FinCEN) in the United States. Financial institutions that fail to comply with AML regulations may face penalties, including fines and reputational damage. By adhering to these regulations, financial institutions can protect themselves and their customers from the risks associated with financial crimes.
Key takeaways
- Deepfake attacks succeed in 86% of cases compared to traditional spoofing methods at 17.3%, creating urgent demand for new verification approaches.
- Low-code implementations reduce deployment time and resource requirements, opening identity verification to smaller organisations that previously lacked the technical capability.
- Vendor differentiation is shifting from core ID verification to additional capabilities such as enhanced fraud detection, fraud risk checks, and drag-and-drop configuration tools.
- Mobile-based verification delivers higher accuracy and better user experience than desktop approaches due to superior camera quality and reduced image retakes.
- Market consolidation will continue as organisations require multi-solution KYC journeys rather than single-point identity verification tools.
