Industry

What is eKYC?

Take a look at the different signals that eKYC can take advantage of and review the benefits that eKYC offers both businesses and their customers.

An image of 3 mobile screens representing eKYC
Last updated:
10/18/2024
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • Electronic KYC (eKYC) is the process of completing identity verification and other KYC requirements digitally.
  • eKYC can pull from a broader variety of data and signals than is typically available with traditional KYC, including active signals, third-party data, passive signals, and behavioral signals.
  • eKYC offers businesses increased processing speed, reduced workload, scalability, and fewer human errors. It offers end users convenience, speed, and privacy.

Around the world, governments require many businesses, such as financial institutions, to understand who their customers are. These policies are generally known as Know Your Customer (KYC) or customer due diligence (CDD), and are designed to identify and prevent instances of money laundering and other financial crimes.

The cornerstone of KYC is identity verification (IDV) — ensuring that a customer or client is actually who they say they are.

IDV historically involved reviewing information submitted on physical forms and documents. But as the world has become increasingly digitized, KYC policies and practices have had to shift in order to meet customer expectations as well as risks inherent in digital interactions. Electronic KYC (eKYC) is the result of these evolutions.

Below, we define eKYC, review the various advantageous inputs for the eKYC process, and explore the benefits that online identity verification offers both businesses and their customers.

What is eKYC?

Electronic KYC (eKYC) is the process of completing identity verification and other KYC requirements digitally. It can take different forms depending on your industry, use case, business needs, and even customers, but typically involves electronic forms, digital documents, and varying degrees of automation.

Like traditional KYC, eKYC (or digital KYC) typically occurs during account setup and then in an ongoing manner with specific triggers taking place when there are changes in ownership or control of businesses, for example, or name changes, expired documents, or notable negative negative news prompts a review of the risk of the client relationship.

Free white paper
See how experts evaluate eKYC solutions

KYC vs. eKYC: what's the difference

Once upon a time, when an individual or businesses wanted to open a bank account, they had to visit a bank or ranch, meet with a banker face-to-face, and seal the deal with a handshake. The banker had no option other than to vet customers in person. With the precipitous rise in money laundering and other financial crimes, and the passage of Anti-Money Laundering (AML) laws like the Bank Secrecy Act of 1970, the ease of onboarding has lessened. 

The KYC process requires collecting documentation from customers, at a minimum, business formation documents from businesses and personal identification from individuals. Then it must be verified and retained as evidence that the process has taken place. 

Traditional KYC made this a heavily manual and time-intensive undertaking; eKYC technology is making this not only faster and easier but also feasible in more locations, including fully remotely. Today, while traditional KYC can still be completed, it is largely being replaced by eKYC solutions.

Understanding the critical role of eKYC

The primary impact of eKYC is at the customer onboarding stage, when efficiency, accuracy, and user experience are the most important factors to converting a prospect. Quickly collecting and triaging documentation, correctly inputting and validating key data points (“signals”), and ensuring the experience is seamless and free of glitches and unnecessary delays is paramount for businesses in competitive industries like high-dollar and age-gated e-commerce and digital financial services providers that have regulatory compliance obligations.

What are the different data points you can use when performing eKYC?

In many respects, eKYC can offer businesses a fuller picture of who their customer actually is.

That’s because eKYC can pull from a broader variety of data and signals than is typically available with traditional KYC. Whereas traditional KYC depends on active inputs (e.g., user-submitted personally identifiable information (PII)) and third-party data (e.g. watchlist reports), eKYC pairs this data with passive and behavioral points that are difficult — if not impossible — to measure with manual review of physical forms and documentation.

Active inputs

Active inputs are signals that are provided directly by the individual. Usually, this includes information such as:

  • Name
  • Address
  • Date of birth
  • Social Security Number or other tax ID
  • Employment information/source of funds

Active data also include any documents and photos that an individual may submit, such as a government-issued ID, bank statement, selfie, etc.

Additionally, with the move to eKYC, some governments, such as India and Estonia, have begun issuing forms of electronic identification (eIDs) that serve the same purpose as physical IDs.

While the concept of an eID has not yet gained traction at the federal level in the United States, it has been embraced by many states. Arizona, Colorado, Connecticut, Georgia, Hawaii, Iowa, Kentucky, Maryland, Mississippi, Ohio, Oklahoma, and Utah all accept digital driver’s licenses. Depending on the state, these digital licenses may be stored in a secure app or even in an Apple wallet.

Third-party data

Third-party data are not provided, directly or indirectly, by the individual. Instead, they are provided by third parties, such as government entities, private businesses, and other authoritative and issuing databases.

Examples of these sources can include:

Third-party data is often collected in the background during account creation, which is a good opportunity for businesses to enrich what they know about a customer without adding friction to the KYC process. Additionally, many businesses continuously cross-check customer profiles against these sources to ensure that the status of the individual has not changed.

Passive inputs

Passive data is provided by the device that the individual is using to complete the KYC process, typically in the background and without the individual even being aware of the fact. They are sometimes referred to as device signals. This data can include the individual’s:

  • IP address
  • Location data
  • Device fingerprint
  • Browser fingerprint
  • Various metadata
  • Whether or not the individual is using a VPN

Passive data is an essential input to eKYC, as it empowers you to digitally verify and cross-check what the individual is actively telling you against the data that the device is passively providing. For example, if an individual says they’re in California but their IP address indicates they’re currently in Florida, you may want to dig a little deeper to ensure they’re actually who they say they are.

Behavioral inputs

Behavioral data is provided directly by the individual based on how they interact with an online form or application. Typically the individual is unaware of the fact that these are even being measured, quantified, or analyzed.

Behavioral signals can include:

  • Hesitation detection
  • Distraction events
  • Mouse clicks/keyboard strokes
  • The use of developer tools
  • The use of copy and paste
  • The use of autofill

Behavioral data can be used for a variety of purposes. For example, it can help you determine whether a form or application is being completed by an actual human being or a bot. Likewise, it can aid in the detection of issues such as identity theft — for example, if a form is filled out in a suspicious or unnatural way. As such, behavioral inputs, like passive inputs, are particularly valuable in the realm of eKYC.

What are the benefits of eKYC?

There are several eKYC benefits — the biggest is that it allows for a higher degree of automation that simply isn’t possible when identity verification is completed by humans.

For companies, these optimizations include:

  • Increased processing speed: As soon as customers submit their information, identities can be verified in seconds; much faster than manual review. This can help businesses reduce dropoffs and increase conversions.
  • Reduced workload: With less manual review necessary, financial institutions require fewer employees dedicated to KYC, allowing them to shift resources elsewhere.
  • Scalability: Because eKYC processes reduce your need to hire and train manual reviewers, it makes it easier for you to grow and scale your business. Likewise, the fact that eKYC happens 24/7 means that your business can continue operating even outside of normal business hours.
  • Fewer human errors: Less human touch reduces the risk of human error, allowing for more efficient workflows.

And for the end user, the benefits include:

  • Convenience: Individuals and businesses can fill out forms and applications without needing to scan physical documents, print physical forms, or visit a physical branch or office.
  • Speed of approval: Because electronic data can be reviewed automatically, customers enjoy faster approvals and account creation.
  • Privacy: When businesses embrace eKYC, it typically means that fewer actual human beings are reviewing sensitive data, because it’s done automatically by the system. This means the customers have greater information privacy.

eKYC process: how it works

eKYC can be supported by a variety of different prompts. But which of these data points a business needs to collect, and when, will all vary depending on the level of risk perceived in a particular industry, use case, user, or transaction and the risk appetite of the receiving business. Business needs, staffing, and budget will also dictate the design of an eKYC program.

In many scenarios, an eKYC implementation can be completed quickly with a seamless integration onto an existing KYC platform. The eKYC system can serve as the gatekeeper for initial onboarding of clients and document review; in-house staff can then be repurposed to handle escalations for complex or sensitive clients.

Deciding to implement eKYC is perhaps the easiest decision. Your biggest eKYC challenges will arise in the design of your program. An in-house solution requires hiring and designing the system, fully managing global compliance and technical requirements, and all associated costs. Whereas an external partner needs to be flexible enough to grow with your company over the long-term, including adding geographies and adapting to new requirements and compliance trends.

Key considerations for designing an eKYC process

Steps Questions to ask Business impact
1) Finalize your budget What level of automation are you comfortable with? What type of automations would you like to experiment with? How much time does your team spend on manual review now, and how would you like this to change? How you allocate your budget will be heavily determined by the level of automation vs. manual aspects that you want the program to have.
2) Look at logistics Where will documents be stored and for how long? What level of security and access does your in-house team need? What are the unique regulatory requirements that you will need to meet? For example, do you want to obligate all customers to meet minimum regulatory requirements of all possible countries in your market, or do you want requirements, and thus their ability to transact, to be limited to a list of pre-selected countries? Fully answering these questions will help stack rank requirements and shape your RFP.
3) Identify the interface and workflow What will work best for your business vs. your customers? How do you want them to be able to submit documentation and answer key questions? How will you re-engage them in the process if they leave part way through? For example, will the due diligence process begin when they are prospective customers or only once prospects are moving forward with opening accounts? What will your privacy and security messaging be? Preparing your expectations for an optimal workflow will ensure that you identify an eKYC partner that can deliver on your customization needs. It also level-sets how hands-on your team will need to be when your eKYC process goes live.
4) Anticipate your escalations How will you escalate issues that arise during the identity verification process, such as if you have confirmed the presence or nexus with a Politically Exposed Person (PEP) that requires additional risk considerations? Who will handle manual reviews and red flags? How will the progress be tracked? Where will evidence of the decisions be housed? Answering these questions in advance should complement the decisions previously made in steps 1 and 2 to guarantee that your eKYC solution fits within your company structure.
5) Clarify compliance At what point do you hand off red flags to compliance? When concerns arise, whether it is the presence of a fake ID or outright fraud, your compliance team needs to have a plan in place for how to address the matter in order to close the loop. Your legal team will be a great source of information on this.

Customize your eKYC process for your business’s unique needs

Here at Persona, we know how important it is to balance KYC compliance against a pleasant user experience. That’s why we have built progressive risk segmentation into our identity infrastructure.

Progressive risk segmentation allows you to modify a user’s experience depending on the signals you receive in real time during the verification process. This means that low-risk individuals and transactions can experience a more streamlined verification process, while higher-risk individuals and transactions include additional steps and more friction.

For example, during account creation, if behavioral data indicates that a form was completed using autofill or copy and paste capabilities, it may indicate identity theft. In order to ensure that the person completing the application is actually who they say they are, you may require them to take and upload a selfie, which you can then cross check against their government-issued ID.

Interested in learning more? Start for free or get a demo today.

Published on:
7/19/2022

Frequently asked questions

How are KYC and eKYC different?

Traditionally, KYC needed to be conducted in the physical space. This meant businesses would typically require a customer to submit physical forms and documents — and even potentially meet in person — in order to open an account.

eKYC is simply a digitized form of KYC, where customers complete forms and provide documents and other information digitally through applications or web portals.

Which countries are at the forefront of adopting eKYC?

Many countries around the world empower financial institutions to conduct their KYC practices electronically. That being said, Estonia and India are often considered to be at the forefront of the transition to eKYC.

Estonia’s national ID card has supported digital capabilities since 2001, making the country a model for many other countries looking to embrace eIDs. These eIDs are used by citizens to access hundreds of government services, and also serve commercial purposes.

India’s Aadhaar system, on the other hand, pairs a 12-digit number (similar to a Social Security number) with biometric signals such as the individual’s photo, fingerprints, and iris scan. This data is stored in a central database and accessed when an individual’s identity must be verified for government services.

Other countries which also make use of various forms of eID include:

  • Afghanistan
  • Bangladesh
  • Belgium
  • Bulgaria
  • Chile
  • Finland
  • Guatemala
  • Germany
  • India
  • Indonesia
  • Israel
  • Italy
  • Luxembourg
  • Netherlands
  • Nigeria
  • Morocco
  • Pakistan
  • Peru
  • Portugal
  • Poland
  • Romania
  • Estonia
  • Latvia
  • Lithuania
  • Spain
  • Slovakia
  • Malta
  • Uruguay

Many more countries and states have eID projects and proposals in the works.

Continue reading

Continue reading

Share codes: Digitizing the UK right to work
Share codes: Digitizing the UK right to work
Industry

Share codes: Digitizing the UK right to work

Before any UK company hires a non-UK citizen, it must verify that the individual has the right to work in the country. Share codes are a key step in this process.

Workplace identity proofing: Methods & best practices
Workplace identity proofing: Methods & best practices
Industry

Workplace identity proofing: Methods & best practices

Workplace identity proofing can help employers mitigate risks associated with employment fraud. Here are 5 best practices to guide your identity proofing.

Best practices for merchant onboarding
Best practices for merchant onboarding
Industry

Best practices for merchant onboarding

Merchant onboarding is a set of processes that payment service providers undertake to vet merchants before doing business with them. Learn more.

eIDV: A better way to protect your business and customers
Industry

eIDV: A better way to protect your business and customers

Discover how to prevent fraud, streamline business operations, and increase conversions by electronically verifying your customers’ identities.

The case for automated identity verification
Industry

The case for automated identity verification

Proper identity verification is your first line of defense.

Mobile KYC: How will it transform compliance?
Industry

Mobile KYC: How will it transform compliance?

Improve your verification processes with mobile KYC.

Ready to get started?

Get in touch or start exploring Persona today.