Around the world, governments require many businesses, such as financial institutions, to understand who their customers are. These policies are generally known as Know Your Customer (KYC) or customer due diligence (CDD), and are designed to identify and prevent instances of money laundering and other financial crimes.
The cornerstone of KYC is identity verification (IDV) — ensuring that a customer or client is actually who they say they are.
IDV historically involved reviewing information submitted on physical forms and documents. But as the world has become increasingly digitized, KYC policies and practices have had to shift in order to meet customer expectations as well as risks inherent in digital interactions. Electronic KYC (eKYC) is the result of these evolutions.
Below, we define eKYC, review the various advantageous inputs for the eKYC process, and explore the benefits that online identity verification offers both businesses and their customers.
What is eKYC?
Electronic KYC (eKYC) is the process of completing identity verification and other KYC requirements digitally. It can take different forms depending on your industry, use case, business needs, and even customers, but typically involves electronic forms, digital documents, and varying degrees of automation.
Like traditional KYC, eKYC (or digital KYC) typically occurs during account setup and then in an ongoing manner with specific triggers taking place when there are changes in ownership or control of businesses, for example, or name changes, expired documents, or notable negative negative news prompts a review of the risk of the client relationship.
KYC vs. eKYC: what's the difference
Once upon a time, when an individual or businesses wanted to open a bank account, they had to visit a bank or ranch, meet with a banker face-to-face, and seal the deal with a handshake. The banker had no option other than to vet customers in person. With the precipitous rise in money laundering and other financial crimes, and the passage of Anti-Money Laundering (AML) laws like the Bank Secrecy Act of 1970, the ease of onboarding has lessened.
The KYC process requires collecting documentation from customers, at a minimum, business formation documents from businesses and personal identification from individuals. Then it must be verified and retained as evidence that the process has taken place.
Traditional KYC made this a heavily manual and time-intensive undertaking; eKYC technology is making this not only faster and easier but also feasible in more locations, including fully remotely. Today, while traditional KYC can still be completed, it is largely being replaced by eKYC solutions.
Understanding the critical role of eKYC
The primary impact of eKYC is at the customer onboarding stage, when efficiency, accuracy, and user experience are the most important factors to converting a prospect. Quickly collecting and triaging documentation, correctly inputting and validating key data points (“signals”), and ensuring the experience is seamless and free of glitches and unnecessary delays is paramount for businesses in competitive industries like high-dollar and age-gated e-commerce and digital financial services providers that have regulatory compliance obligations.
What are the different data points you can use when performing eKYC?
In many respects, eKYC can offer businesses a fuller picture of who their customer actually is.
That’s because eKYC can pull from a broader variety of data and signals than is typically available with traditional KYC. Whereas traditional KYC depends on active inputs (e.g., user-submitted personally identifiable information (PII)) and third-party data (e.g. watchlist reports), eKYC pairs this data with passive and behavioral points that are difficult — if not impossible — to measure with manual review of physical forms and documentation.
Active inputs
Active inputs are signals that are provided directly by the individual. Usually, this includes information such as:
- Name
- Address
- Date of birth
- Social Security Number or other tax ID
- Employment information/source of funds
Active data also include any documents and photos that an individual may submit, such as a government-issued ID, bank statement, selfie, etc.
Additionally, with the move to eKYC, some governments, such as India and Estonia, have begun issuing forms of electronic identification (eIDs) that serve the same purpose as physical IDs.
While the concept of an eID has not yet gained traction at the federal level in the United States, it has been embraced by many states. Arizona, Colorado, Connecticut, Georgia, Hawaii, Iowa, Kentucky, Maryland, Mississippi, Ohio, Oklahoma, and Utah all accept digital driver’s licenses. Depending on the state, these digital licenses may be stored in a secure app or even in an Apple wallet.
Third-party data
Third-party data are not provided, directly or indirectly, by the individual. Instead, they are provided by third parties, such as government entities, private businesses, and other authoritative and issuing databases.
Examples of these sources can include:
- Government watchlists
- Sanctions lists
- Politically exposed persons (PEPs) lists
- Phone risk reports
- Email risk reports
- Adverse media reports
- and more
Third-party data is often collected in the background during account creation, which is a good opportunity for businesses to enrich what they know about a customer without adding friction to the KYC process. Additionally, many businesses continuously cross-check customer profiles against these sources to ensure that the status of the individual has not changed.
Passive inputs
Passive data is provided by the device that the individual is using to complete the KYC process, typically in the background and without the individual even being aware of the fact. They are sometimes referred to as device signals. This data can include the individual’s:
- IP address
- Location data
- Device fingerprint
- Browser fingerprint
- Various metadata
- Whether or not the individual is using a VPN
Passive data is an essential input to eKYC, as it empowers you to digitally verify and cross-check what the individual is actively telling you against the data that the device is passively providing. For example, if an individual says they’re in California but their IP address indicates they’re currently in Florida, you may want to dig a little deeper to ensure they’re actually who they say they are.
Behavioral inputs
Behavioral data is provided directly by the individual based on how they interact with an online form or application. Typically the individual is unaware of the fact that these are even being measured, quantified, or analyzed.
Behavioral signals can include:
- Hesitation detection
- Distraction events
- Mouse clicks/keyboard strokes
- The use of developer tools
- The use of copy and paste
- The use of autofill
Behavioral data can be used for a variety of purposes. For example, it can help you determine whether a form or application is being completed by an actual human being or a bot. Likewise, it can aid in the detection of issues such as identity theft — for example, if a form is filled out in a suspicious or unnatural way. As such, behavioral inputs, like passive inputs, are particularly valuable in the realm of eKYC.
What are the benefits of eKYC?
There are several eKYC benefits — the biggest is that it allows for a higher degree of automation that simply isn’t possible when identity verification is completed by humans.
For companies, these optimizations include:
- Increased processing speed: As soon as customers submit their information, identities can be verified in seconds; much faster than manual review. This can help businesses reduce dropoffs and increase conversions.
- Reduced workload: With less manual review necessary, financial institutions require fewer employees dedicated to KYC, allowing them to shift resources elsewhere.
- Scalability: Because eKYC processes reduce your need to hire and train manual reviewers, it makes it easier for you to grow and scale your business. Likewise, the fact that eKYC happens 24/7 means that your business can continue operating even outside of normal business hours.
- Fewer human errors: Less human touch reduces the risk of human error, allowing for more efficient workflows.
And for the end user, the benefits include:
- Convenience: Individuals and businesses can fill out forms and applications without needing to scan physical documents, print physical forms, or visit a physical branch or office.
- Speed of approval: Because electronic data can be reviewed automatically, customers enjoy faster approvals and account creation.
- Privacy: When businesses embrace eKYC, it typically means that fewer actual human beings are reviewing sensitive data, because it’s done automatically by the system. This means the customers have greater information privacy.
eKYC process: how it works
eKYC can be supported by a variety of different prompts. But which of these data points a business needs to collect, and when, will all vary depending on the level of risk perceived in a particular industry, use case, user, or transaction and the risk appetite of the receiving business. Business needs, staffing, and budget will also dictate the design of an eKYC program.
In many scenarios, an eKYC implementation can be completed quickly with a seamless integration onto an existing KYC platform. The eKYC system can serve as the gatekeeper for initial onboarding of clients and document review; in-house staff can then be repurposed to handle escalations for complex or sensitive clients.
Deciding to implement eKYC is perhaps the easiest decision. Your biggest eKYC challenges will arise in the design of your program. An in-house solution requires hiring and designing the system, fully managing global compliance and technical requirements, and all associated costs. Whereas an external partner needs to be flexible enough to grow with your company over the long-term, including adding geographies and adapting to new requirements and compliance trends.
Customize your eKYC process for your business’s unique needs
Here at Persona, we know how important it is to balance KYC compliance against a pleasant user experience. That’s why we have built progressive risk segmentation into our identity infrastructure.
Progressive risk segmentation allows you to modify a user’s experience depending on the signals you receive in real time during the verification process. This means that low-risk individuals and transactions can experience a more streamlined verification process, while higher-risk individuals and transactions include additional steps and more friction.
For example, during account creation, if behavioral data indicates that a form was completed using autofill or copy and paste capabilities, it may indicate identity theft. In order to ensure that the person completing the application is actually who they say they are, you may require them to take and upload a selfie, which you can then cross check against their government-issued ID.
Interested in learning more? Start for free or get a demo today.