The rise of neobanks, which operate entirely online, is pushing many traditional financial institutions to go digital. However, what seems clear during in-person interactions becomes tricky in the digital space. For example, how can you ensure that the person signing up for your online service is who they claim to be?
This is where electronic Know Your Customer (eKYC) comes in. It addresses such challenges, offering a way for businesses to verify customer identities online.
In this article, we’ll explain how eKYC works and what businesses need to do to integrate it into their daily operations.
What is eKYC?
eKYC is the digital version of the traditional KYC process used to verify a customer's identity before allowing transactions or opening a new bank account. Regular monitoring of existing accounts and customers is also an essential part of this process.
Both approaches aim to prevent money laundering, terrorism financing, and other illegal activities by identifying fraudulent attempts to pose as legitimate clients. The main difference between these two processes lies in the methods used: traditional KYC solutions require customers to show up in person and present their documents, while eKYC is fully digital, relying heavily on automation.
eKYC is a new trend that has been gaining momentum since early 2022.
eKYC emerged as a trend in early 2022, as people began actively searching for it.
Despite being a relatively new approach, some countries have already adopted regulations for eKYC. For instance, in 2023, Qatar Central Bank (QCB) issued eKYC procedures in line with the country’s Fintech Strategy announced earlier that year. Notably, financial services in Qatar can apply eKYC to non-residents, provided they obtain official approval from the QCB. This demonstrates the reliability and security of the framework.
Let’s take a closer look.
The components of a strong eKYC system
Since eKYC relies on digital identity checks, it typically includes more customer identifiers than a standard online verification system. The essential features are:
ID document verification: Users provide their passport, ID card, or other photo ID to confirm their identity.
Biometric authentication: Customers must take a selfie, which is matched with the ID photo to verify their presence.
Risk monitoring: Real-time data is used to assess risks and prevent fraud. This includes tracking IP addresses, user devices, and behavior patterns to detect anomalies.
AML and PEP checks: AML (Anti-Money Laundering) checks help prevent money laundering by detecting suspicious financial activities that may involve the transfer of illegal funds. PEP (Politically Exposed Person) checks, as part of AML processes, identify individuals who hold prominent public positions or have close ties to such individuals, as they are at higher risk of involvement in corruption or bribery.
The eKYC process can be strengthened by integrating national identity systems containing citizens' biometrics. For instance, in India, Aadhaar ID holders can voluntarily use this system for identity verification. Customers can securely share their data in XML/PDF format, including key identification details such as name, address, photo, gender, date of birth, mobile number, and email address.
How IDV in eKYC works: Step-by-step guide
Now let’s walk through the identity verification (IDV) part of the eKYC workflow, which includes the following steps:
The steps shown here are for illustration purposes. In practice, many of these checks occur simultaneously. When well-organized and properly implemented, the IDV part of the eKYC process takes only seconds.
The customer uploads an ID document (passport, ID card, residence permit, etc.) using their mobile device, web application, or self-verification kiosk.
The IDV solution authenticates the document through OCR, NFC, MRZ and barcode scanning, optionally verifying it with in-house or third-party databases and stop lists.
The customer provides a selfie, which is cross-referenced with the document photo using facial recognition software.
A liveness check ensures the customer is a real person, not a photo or video playback. This check works for both selfies and IDs, operating in either a passive or active mode. A passive liveness check requires only a scan of an ID or a user’s portrait, while active liveness involves live interactions in front of the camera. For example, the user may be asked to smile, rotate their head, or tilt their ID to verify dynamic security features like holograms.
All data is reviewed, and the system either flags or approves the customer for onboarding and/or confirms the transaction.
Importantly, most of these steps—from data entry to cross-checks—are fully automated. KYC automation minimizes the time required from the customer, and eliminates the need for manual work by human agents.
eKYC applications in money-related industries
This approach can be implemented in FinTech, Crypto, and traditional Banking industries that offer digital services to their clients.
eKYC based on ID document and biometric verification makes it possible to establish more comfortable onboarding for new customers.
For instance, potential clients of N26, a German neobank, need to manually fill out some application forms before presenting their ID for verification. With automated data entry, key details like name, date of birth, and residence address can be automatically added to the forms after scanning the document. This reduces time spent without compromising security, as all verification checks are run simultaneously.
To become a new client of N26, individuals currently need to manually fill out multiple forms, providing personal and tax information. This process can be streamlined with eKYC automation.
Additionally, eKYC is effective for enhancing sensitive transactions. For example, Binance, a cryptocurrency provider, restricts unverified accounts to withdrawals only. Once both document and selfie verification are completed, customers gain access to the full range of services.
This policy has also been adopted by other players in the Crypto sector. For instance, all new Kraken users must verify their accounts to buy and sell cryptocurrencies.
Other verification processes where eKYC can be implemented include:
Applying for personal loans and credit products;
Opening an additional bank account as an existing regular customer;
Upgrading an existing account, e.g., switching from a personal to a business account with more features;
Reverifying personal details after detecting suspicious activities on an account;
Updating account settings, such as resetting passwords, activating accounts, and managing other essential details.
As you can see, eKYC is a powerful tool that makes customer interactions smoother and faster. But are there any pitfalls?
The two faces of eKYC: Benefits and challenges
Like many things, eKYC has both positive and negative aspects. Among the benefits, the following stand out:
Faster onboarding: eKYC speeds up customer registration as well as customer reverification processes.
Reduced fraud: Advanced biometric checks and document verification lower the chances of identity fraud.
Lower maintenance costs: eKYC eliminates manual procedures, allowing companies to cut operational costs.
Global reach: eKYC is a scalable framework that lets companies onboard users from anywhere in the world with minimal friction.
However, eKYC also comes with challenges. Deepfakes are one of the significant concerns. As deepfake technology becomes more accessible, fraudsters increasingly use fake selfies and AI-generated ID documents to bypass digital IDV and biometric systems. For instance, Regula’s global study shows that over half of all companies from Crypto, Fintech, and traditional Banking have encountered AI-powered fraud, particularly involving audio and video deepfakes.
Another potential hurdle is the stricter global regulations, which require more advanced and compliant eKYC systems. For example, the QCB’s eKYC regulations mandate companies to use only active liveness checks for onboarding new customers via mobile apps, web platforms, or self-service kiosks. This means customers must perform random head tilts, nods, or eye movements to confirm their presence in front of the camera.
All this requires extra effort from companies transitioning to this new concept. First, they need to establish a more sophisticated infrastructure that relies on cutting-edge IDV technologies. Second, the eKYC process should remain smooth and user-friendly, as customers are becoming more demanding when it comes to digital verification. Third, businesses implementing eKYC must stay mindful of the emerging deepfake threat.
Unfortunately, there is no single foolproof method to detect and prevent deepfakes. Companies must combine several methods—verifying customer identity through document verification and biometrics while adding extra layers such as security questions or push notifications. Monitoring unusual account activity, like logins from new locations, is also critical for identifying threats before they cause significant harm.
Another less obvious pitfall for financial institutions implementing eKYC is fraudsters exploiting the process. Scammers can impersonate bank representatives, sending false requests for reverification via text or phone to obtain credentials and take over legitimate accounts. For customers, these messages can seem credible, especially after having completed similar procedures.
Scammers can exploit the eKYC process as a convincing context for phishing messages. Source: Danske Bank.
In light of this threat, companies should consider running customer awareness campaigns and providing informational resources about scams. For instance, Danske Bank launched a Fraud and Scams support hub to help prevent fraud attempts and protect their customers.
Is it time to go digital?
The eKYC concept aligns with modern business practices and user expectations. To reach broader audiences, companies are increasingly adopting paperless and online interactions with clients. In turn, customers are showing a growing preference for mobile banking.
For instance, only 23% of UK adults consider having a nearby bank branch important when choosing a financial provider. Among those aged 18-34, just 13% value physical banking locations.
Looking ahead, governments are moving towards new forms of identity confirmation, such as Digital Identity Wallets. The recent update to the EU’s eIDAS (electronic Identification, Authentication, and Trust Services) regulation is one example of the future upgrade of digital IDV systems.
These systems create a chain of trust by using Verifiable Digital Credentials (VDCs) linked to a customer’s identity. Cryptographically signed, these credentials verify the authenticity and integrity of the content. In the eKYC context, after verifying a new customer, a bank could issue a VDC, which can be reused for future identity confirmations, eliminating the need for full reverification.
However, such initiatives require government involvement and international cooperation to be effective, and while they remain mostly local, many steps are needed before they become globally accepted, like Visa debit cards or physical machine-readable passports.
Nevertheless, now is the time to adopt or upgrade your eKYC systems to remain competitive and secure. Regula is here to help, offering robust document verification and facial recognition technology.
