EBA Guidelines on the Use of Remote Customer Onboarding Solutions: How Regula Aligns

Acquisition of information

4.2.1 (24): Identity data is up to date and in a readable format

Data capture. Document Reader SDK automatically identifies the document type, instantly analyzes the ID layout against Regula’s extensive document template database, and reads the data. Then it reads and validates the fields and structures the output. Once the analysis is complete, the data is ready for cross-validation with other sources of information.

The solution works for both mobile devices and desktops.

Learn more about document parsing →

Document authenticity & integrity

4.3 (33, a): Security features embedded in the original document are in place and comply with the specifications of the original document (e.g., type, size of characters and structure of the document by comparing them with official databases, such as PRADO15).

Extensive database of identity document templates. Regula solutions come with the world’s most comprehensive database, including over 13,000 templates to date, along with detailed descriptions.

For additional manual verification by experts, there are also Informational Reference Systems that contain hi-res images of documents and their security features in white, UV, and IR light.

4.3 (33, b): Personal data hasn’t been altered or otherwise tampered with or, where applicable, the picture of the customer embedded in the document was not replaced.

Data validation and authenticity verification. This is achieved through a multi-faceted approach that includes, but isn’t limited to:

• Performing lexical analysis and validating every field in the visual zone, MRZ, barcode, and other sources in the document;

• Reading and verifying the embedded RFID chip with an NFC module;

• Running numerous cross-checks to make sure all the data matches.

As for the portrait, validating it also involves:

• Checking the presence and position of the main and secondary photo;

• Verifying the presence of LASINK portrait printing technology.

4.3 (33, c): The confirmed integrity of the algorithm used to generate the unique identification number of the original document, in case the official document has been issued with machine-readable zone (MRZ).

Advanced MRZ reading.Regula Document Reader SDK employs over 200 parsers for MRZ codes, allowing validation of checksum and personal number algorithms, as well as background, resolution, size, font spacing, line position, and more parameters.

4.3 (33, d): The provided reproduction (of the document) is of sufficient quality and definition so as to ensure that relevant information is unambiguous.

Quality assessment.Regula provides advanced document capture capabilities that guide the user and auto-assess that there are no glares, blur, or cropped elements, and that the data is unambiguously readable.

4.3 (33, e): The provided reproduction has not been displayed on a screen based on a photograph or scan of the original identity document.

Document liveness check.Regula Document Reader SDK verifies document liveness. It validates its dynamic security features and detects if the document is being presented as a screenshot or demonstrated from a digital device.

4.3 (35): In situations where the device the customers use to prove their identity allows the collection of relevant data, for example because the data is contained in the chip of a national identity card, and it is technically feasible for the credit and financial institutions to access this data, credit and financial institutions should consider using this information to verify its consistency.

NFC-based verification. Regula Document Reader SDK reads and verifies the embedded RFID chip with NFC verification technology, and additionally re-verifies the NFC chip by processing data on a server to ensure the chip is not cloned or manipulated.

4.3 (36): Where available, during the verification process, credit and financial institutions should verify the security features embedded in the official document, if any, such as holograms, as a proof of their authenticity.

Advance authenticity checks. Regula instantly detects and authenticates data from the document, and checks its security features using numerous techniques.

It automatically verifies the presence of IPI and holograms, plus analyzes MLI (Multiple Laser Image) and OVI (Optical Variable Ink) via mobile applications.

Matching customer identity

4.4 (39): Biometric data is sufficiently unique to be unequivocally linked to a single natural person. 

Credit and financial institutions should use strong and reliable algorithms to verify the match between the biometric data provided on the submitted identity document and the customer being onboarded.

Biometric verification. The Face Matching module enables precise comparison of the photo captured by the camera with the holder’s portraits in the document (including the photo encoded in the RFID chip, or a secondary photo such as a ghost, kinegram, or in a barcode).

4.4 (41, a): Any photograph(s) or video is taken under adequate lighting conditions and the required properties are captured with necessary clarity to allow the proper verification of the customer’s identity.

Advance face capture. Regula Face SDK evaluates image quality as users capture selfies, identifying and selecting the best image by assessing factors like glares, shadows, head position, and face size, directly within the mobile app or website.

4.4 (41, b): Any photograph(s) or video is taken at the time the customer is performing the verification process.

4.4 (41, c): Liveness detection verifications, which may include procedures where a specific action from the customer is required to verify that he/she is present in the communication session or which can be based on the analysis of the received data and does not require a specific action by the customer.

Liveness detection (based on biometric parameters). Regula’s proprietary liveness detection technology streamlines remote biometric verification. It instantly detects and prevents presentation attacks (the use of static face images, video replays or injections, or masks instead of a real person).

To do so, Regula Face SDK uses different methods, like examining textures, depth and shape of an image, facial movements, and more.

Learn more about Liveness Detection →

Data processing and storage

4.2.1 (26): The documents and information collected during the remote identification process should be time-stamped and stored securely by the credit and financial institution.

On-premises implementation. 

Regula can operate on-premises, allowing all processes to occur within your secure perimeter and minimizing potential risks. Since the results of all verification sessions are stored on the customer’s server, it’s possible to access them later.

4.2.1 (26): The content of stored records, including images, videos, sound and data should be available in a readable format and allow for ex-post verifications.

Records of prior verification sessions can be accessed for re-verification or in case of repeated sessions for the same individuals.

The results of every verification session are stored on a server, so it is possible to review or re-process them afterwards if required.

4.5.2 (49): Where the outsourced service provider stores customer data, (...), credit and financial institutions should ensure that: a) only necessary customer’s data is collected and stored in line with a clearly defined retention period; b) access to the data is strictly limited and registered; c) appropriate security measures are implemented to ensure that the stored data is protected.

Data safety and enhanced privacy.

Regula does not collect, store, or share your customers’ data. All verification session results are securely stored on your server, keeping personal data within your secure perimeter for maximum privacy and control.