Why NFC Identity Verification Is the Best Thing for Regulated Industries

Let’s start with definitions to make sure we’re on the same page.

Near-field communication, or NFC, is a set of communication protocols enabling wireless data transmission between two electronic devices. Typically, there is a connection between a NFC chip and a reader, such as an ID reader or smartphone.  

NFC verification technology inherits the principles of radio frequency identification (RFID). The key difference between them is the transmission range. While RFID can transmit data over several meters, NFC signals cover distances of up to 4 cm. That’s what the “near” part of “near-field communication” means. 

As you might guess, electronic passports are data media in this context. They contain an RFID chip where personal information from the visual inspection zone is encoded.

In eIDS, an RFID chip serves as an additional security feature standardized by the ICAO Doc 9303 in machine-readable travel documents (MRTDs) as a contactless integrated circuit. Since the chip is digitally signed and protected with sophisticated cryptography, RFID verification can be considered one of the most reliable ways to check document authenticity remotely. 

Initially, eIDs were a more secure version of MRTDs aimed at bolstering security during border-crossing procedures. Then, the technology was applied to issuing domestic identity documents, such as ID cards.

Since eIDs are currently commonplace, businesses from different industries are seeing more electronic passports and ID cards submitted into their systems. Some only accept eIDs to enhance their Know Your Customer (KYC) frameworks.

Companies from regulated niches like Banking and Crypto were among the first to seize the advantage of eIDs in customer onboarding. There are at least three scenarios:

• Electronic-only verification: Some companies don’t accept non-biometric documents when onboarding online clients, as they are a less secure way to verify them. For instance, UBS made submitting eIDs a must for all new clients who want to open a bank account. Additionally, the bank generates qualified electronic signatures (QESs) for all customers, which they can use throughout the country. QESs provide the highest level of security and legal acceptance, equivalent to a handwritten signature in most jurisdictions, and are issued only after identity verification of the signatory.

• Benefit-driven verification: NFC verification can also be used as a requirement for customers who want to access benefits or bonuses from the service. As an example, Thai crypto exchange Bitazza increases spending limits for customers who have verified their electronic passports in the mobile app.

• Versatile ID verification: Finally, many companies still accept different types of IDs as proof of identity, including non-biometric ones. However, in this case, the process can be longer, and often includes friction such as a mandatory video interview or active liveness check. 

No matter which verification scenario a company is currently using, deploying NFC verification provides the following benefits:

The most tricky part of online identity verification is making sure that a user presents a physical document. With the emergence and fast evolution of AI, it’s more affordable to generate fake, high-quality photos of IDs on any background. Also, many fraudsters show high-resolution photos on a screen.

eIDs are a way more tough nut to crack for fraudsters. The key strengths of electronic passports identified by the DHS include secure traveler identification, protection against identity theft, privacy protection, and resistance to alterations. An RFID chip, which is difficult to counterfeit, provides extra defense for each eID.

As a result, more companies are adopting NFC ID verification as an additional security layer.

Moreover, in the case of eIDs, a KYC framework can be established with the zero trust to mobile approach. Online verification implies that a user’s smartphone is an ID reader where all verification checks are conducted. As a third-party element of the chain, it can be a weapon for fraudsters who can use injection attacks by returning modified verification results to the system. 

In zero trust to mobile verification, the company’s server takes an active part in the process as the trust perimeter where the actual verification session is performed, or where verification results generated on the user’s device are re-verified. This enables preventing fraudulent intrusion into the verification process through modifications such as altering the result of an electronic ID check from “failed” to “passed.” 

With the development of technologies, NFC-enabled devices have become more affordable for people around the world. Back in 2020, the share of NFC-enabled mobile phones had already reached 90%. 

Thanks to the deep penetration of the technology in digital services, people are accustomed to using their smartphones instead of payment cards. For this reason, NFC-based verification will not cause difficulties for users. Plus, identity verification software may also provide data entry automation, eliminating the need for users to fill out applications and registration forms. As a result, you get a secure flow without typos and dissatisfied customers.

When verifying users online, the quality of the document scan and the user’s selfie is the starting point that defines the entire process. Customers frequently fail this requirement while taking photos in a dark room, using wrong angles, or blurring the focus, all of which negatively affects the retake score.

Additionally, clients with a non-biometric ID often have to pass a more daunting verification check involving live interviews. This can worsen customer satisfaction and decrease conversion rates.

NFC verification involves swiping an eID next to a smartphone, which takes mere seconds. Depending on the use case, the chip data can also be cross-checked with the information in the machine-readable and visual inspection zones. Still, successful chip verification alone is a compelling indicator of document authenticity. This simplifies the process for the user.

While offering many benefits to digital companies, NFC ID verification has its limitations. The list includes:

• Narrow target. Many countries still rely on non-biometric identity documents. Often, these are big markets, such as India, where neither passports nor domestic IDs are electronic. Additionally, valid non-electronic documents remain in circulation in countries that have transitioned to the issuance of biometric IDs. For example, Switzerland still has non-biometric national ID cards. A lack of eIDs can be an obstacle to entering some prospective regions for companies that have switched to NFC ID verification in their services. 

• Technical barriers. NFC is a standard feature in mid-range and high-end phones, while budget devices frequently don’t have it. This may exclude certain target groups from your coverage. Otherwise, you should extend your regular KYC procedure with special flows for clients who can’t use NFC identity verification, from video interviews to on-site verification through ID readers or self-verification kiosks. Of course, this adds more friction to the process and makes it more costly. 

• Incomplete verification data. An RFID chip is an electronic version of an identity document where personal details may be encoded, including name, address, and even biometrics like the document holder’s photo or fingerprints. However, as an ICAO innovation from the start, eIDs were made to be verified on-site with the use of authorized terminals or inspection systems at airports or border checkpoints. Commercial companies can’t fully harness the full potential of electronic IDs in an online scenario since they can’t get access to all the data stored on the chip. Sensitive data like fingerprints can be read and validated by authorities only. That means that, for businesses, NFC verification boils down to checking the presence and integrity of the RFID chip in a submitted ID. However, you can combine identity and biometric verification by requesting a user’s selfie for liveness detection and matching it with all the holder’s portraits in the ID to ensure the document belongs to the user.

There is now a gap between the countries that issue electronic IDs only, and those that are breaking new ground or simply thinking of new possibilities. This gap is closing gradually amid the transition to a brand-new form of identity proofing: Digital ID. However, this is currently more of a concept than a working framework.

That means NFC identity verification will gain momentum for a while. Businesses seeking (or being required to find) more secure ways to onboard and verify online customers can benefit from it. 

Regula Document Reader SDK enables you to build a reliable identity verification flow with a reliable backend infrastructure:

• NFC verification of over 14,000 types of eIDs from 250 countries and territories, including passports, driver’s licenses, and ID cards

• A complete set of authenticity checks, including cross-verification of data from the VIZ, MRZ, barcodes, and RFID chip

• Server-side verification for the mobile results to detect any inconsistencies

See the software in action or book a call to discuss your requirements in detail.