Methods for verifying customer identity: requirements, instructions, and which method to choose

Verification of a customer's identity is one of the cornerstones of transaction security, both in face-to-face and online relationships. Within the scope of this article, we will focus exclusively on remote processes.

Identification can be a mandatory or optional element - depending on the legal requirements or the level of risk for a particular relationship. Identity verification can be performed in connection with a variety of online services, from opening a new bank account to investing. The process, known as KYC (Know Your Customer), involves confirming that the person using a particular service is indeed who they say they are.

Confirming identity is particularly important wherever there are high-risk, high-value contracts or contracts subject to specific laws, including, for example, accessing financial or administrative services.

However, this is not just a whim of a particular company.

According to Agata Kolorz-Lentini, Information Security Compliance Manager at Autenti, who supports Autenti's clients in implementing remote identity verification solutions on a daily basis:

"The KYC procedure may result primarily from:

• Anti-Money Laundering (AML) and Anti-Terrorist Financing (CTF) regulations or other sector-specific legislation, such as electronic communications law,

• the level of risk or value of the contract, in order to safeguard the interests of both parties,

• the security rules adopted in a given organization,

• the nature of the contract being concluded or the services being provided.

At the same time, it should not be forgotten that organizations implementing identity verification processes must also meet requirements related to the protection of personal data, including, above all, respecting the principles of minimization, adequacy and accountability. The challenges in this area are many, including accessibility and ease for the recipient himself. Designing identity verification processes therefore requires a holistic approach to safeguard every aspect and the interests of both parties.

There are many online identification options on the market today, each with a different level of security as to identity, which should be considered as part of the risk analysis. Most of the methods are subject to regulations and standards, such as the eIDAS Regulation, for trust and electronic identification services. It all boils down to the need to implement secure and reliable methods for confirming customers' identities."

In this article, we discuss the most common identity verification methods used in KYC processes:

• video verification,,
• identification using an ID card or other document containing an electronic layer,
• identity confirmation through online banking or Trusted Profile...,
• identification using a qualified signature,
• identification using electronic identification means.

So as to make it easier for your company to choose the right method.

Key findings

• Customer Identity Verification (KYC) can be a regulatory obligation under AML or other sector regulations, as well as be implemented in organizations due to the high level of risks associated with the established relationship.
• Each verification method differs in the level of security, the scope of data to be verified and user convenience. The choice should depend on the purpose of the process and the level of assurance required.
• Solutions such as the Autenti platform make it possible to implement the entire process fully online.

Remote verification: is it possible?

Until a few years ago, verifying a customer's identity involved physically presenting documents and providing a signature.

For example, let's compare the process of opening a bank account.

It used to require preparing the relevant documents, signing them on paper and physically visiting the branch to show the identity document. Today, we will handle the entire process in a few minutes from home, confirming our identity through, for example, video verification.

Remote identity verification carried out using solutions such as those available from Autenti makes it possible to choose different identification methods depending on the nature of the business process, the level of security required and the user's preferences.

The process takes place completely online and usually takes no more than a few minutes.

The customer receives an invitation for verification, performs the required actions, for example, logs into online banking or confirms the data with an identity document, and the identification result is automatically sent to the company.

Identity verification methods at Autenti

Using Autenti's identity verification services as an example, we'll go through seven methods for confirming a customer's identity.

Video verification or selfie

Starting with one of the simplest methods available on the market.

Video verification is a method of confirming a user's identity remotely by taking a photo of the user's face or a short video recording, during which appropriate head movements must be made and the image compared to that person's identity document.

The process uses biometrics and liveness detection mechanisms to verify that there is a live, real person on the other side, rather than a photo or recording.

The tools are equipped with mechanisms for detecting so-called "deep fakes," i.e. attempts to use someone else's identity, including through artificial intelligence. In addition, the tools analyze the presented identity document for its veracity.

Requirements

• valid identity document:
• ID card
• passport
• or driver's license
• device with a camera (smartphone, tablet or computer) and Internet access

How to verify identity through video verification or selfie?

1. Start the verification process online and choose the method through video verification.
2. Take a photo of your chosen identity document from the front and back.
3. Take a selfie or record a short video according to the on-screen instructions (depending on which method you have chosen to request identification).
4. The system will automatically compare the image of your face with the uploaded photos of the document and confirm (or not) your identity.
5. Wait for the result.

The entire process usually takes from tens of seconds to a few minutes.

Tips

• take photos in a well-lit area, without strong light behind your back,
• make sure your document is legible and not obscured by anything,
• remove sunglasses or headgear,
• hold your phone steady while recording,
• use the current version of the browser or software on your phone.

Verification using an ID card or other document that contains an electronic layer

Another method we will discuss in this article, which is a common part of efficient KYC processes, is verification of a customer's identity using an e-card.

Such verification involves confirming user data using the electronic layer of an identity document equipped with an NFC chip. This method allows direct reading of the data stored in the document and its cryptographic confirmation.

It sounds like a complicated process, but in fact it is one of the simplest methods of identity verification, as you will soon see for yourself.

Requirements

• For Polish citizens, an ID card with an electronic layer, issued in Poland after 2019, or a passport.
• For citizens of other countries, an adequate identity document that includes an electronic layer - most European Union countries now issue documents that have a chip that can be read remotely via NFC,
• eDO App, if the method provided by the Polish Security Printing Works (PWPW) is used,
• a smartphone equipped with an NFC module.

How to verify identity using a document with an electronic layer and NFC?

1. Start the identity verification process online.
2. Choose to verify using an e-card or other document that includes an electronic layer.
3. If you use the PWPW method - install the eDO App and register if required.
4. Apply the e-card or other document to the back of the phone according to the on-screen instructions to read the data from the document.
5. Wait for the automatic reading of the data stored in the document's chip.
6. Receive a notification that verification is complete.

The process usually takes tens of seconds.

Tips

• Make sure your phone supports NFC technology,
• remove the phone's case if it makes it difficult to read the document,
• hold the proof steady for a few seconds,
• use the current version of your phone's operating system,
• prepare the eDO App in advance to speed up the process.

Electronic banking (login or verification transfer) or Trusted Profile

An equally frequently used method of confirming a person's identity is to use electronic banking or the Trusted Profile, under the so-called "National Node". For some processes, it is possible to use a method involving a simple verification transfer, however, this method is generally considered to be ancillary, due to the low level of security as to identity.

Logging in to electronic banking, provided by the National Clearing House (MojeID) and the Trusted Profile involves so-called authentication to an electronic identification means, issued by banks integrated with the National Node or by authorized state authorities.

Requirements

• access to electronic or mobile banking/active Trusted Profile,
• a device that allows authorization of a banking operation or signature through the Trusted Profile.

How to verify identity using electronic banking or the Trusted Profile?

Option 1: log in to electronic banking

1. Start the identity verification process online.
2. Select verification using electronic banking.
3. Indicate your bank from the list of available institutions.
4. Log in to e-banking using your standard login credentials.
5. Confirm the transfer of the required identification data.
6. Confirm the operation according to the method used by the bank.
7. Receive information about the completion of verification.

Option 2: verification transfer

1. Start the identity verification process online.
2. Choose verification by bank transfer.
3. Make a verification transfer (PLN 0.01) from your own bank account.
4. Make sure that the transfer sender's details match your personal information.
5. Authorize the transfer in e-banking or mobile app.
6. Wait for an automatic confirmation of data compliance.
7. Receive information about the result of the verification.

Option 3: Trusted Profile

1. Start the identity verification process online.
2. Select verification using a trusted signature.
3. Log in to the trusted signature service.
4. Confirm your identification information.
5. Authorize the signing of the document according to the instructions on the screen.
6. Wait for automatic confirmation of your identity.
7. Receive information about the result of the verification.

Tips

• use only the bank account belonging to you,
• do not change the transfer data during the operation,
• make sure your personal information at the bank is up to date,
• perform the process on a trusted device and on a secure Internet network,
• prepare the authorization method used by the bank (e.g. mobile application or SMS code),
• make sure your Trusted Profile is active.

Qualified signature

The last category of identity verification methods we will go through is confirming our personal information by using a qualified signature.

This method involves confirming a user's data by providing an electronic signature assigned to a specific person.

A qualified electronic signature must be issued by any qualified trust service provider within the European Union, listed on the Trusted List in accordance with the eIDAS Regulation.

This method is based on a previously performed user identification process and allows for unambiguous confirmation of identity in a digital environment.

A qualified electronic signature has a legal status equivalent to a handwritten signature, while a trusted signature is a means of identification used in online public services.

Required documents

• an active qualified signature,
• a device that makes it possible to create an electronic signature.

How to confirm identity using a qualified signature?

1. Start the identity verification process online.
2. Select verification using a qualified signature.
3. Download or open a document that requires a signature.
4. Apply a qualified signature using your certificate.
5. Confirm the operation according to the signature provider's authorization method.
6. Upload the signed document to the system.
7. Receive information about the completion of verification.

Tips

• Make sure that your qualified signature is active,
• check the correctness of the data before signing the document,
• do not share your signature data with third parties,
• use an up-to-date web browser or the signature provider's dedicated application.

What data can actually be verified and which method should I choose?

Depending on the data that the process requires to be confirmed, you can use different methods to verify the customer's identity.

In the table below you will find detailed information about the data verified depending on the method you choose.

How do you choose a method?

Choose video verification when the user/customer does not have an electronic signature and a quick confirmation of identity is required.

Choose e-proof when a very high level of assurance and cryptographic confirmation of the document is required.

Select e-banking when the user has an active bank account and a fast and convenient process is expected.

Choose qualified signature when verification is part of document signing. Qualified signature or trusted signature are also possible to use if at least a medium level of security is required as to identity. A qualified signature guarantees a high level.

If you care about time and at the same time the process requires a qualified electronic signature (e.g., when signing an employment contract with copyright transfer), you can use one-time qualified signatures on a selfie or based on mCitizen identification.

Remote KYC process is not a myth

Remote identity verification is a fast, convenient and secure way to meet your clients or customers, but also to meet regulatory requirements at the same time.

By choosing the right method, video verification, e-ID, e-banking or qualified signature, you can tailor the process to your business needs or regulatory requirements.

Move to digital signatures and digital identity verification with a trusted provider.

Move to the digital power side with Autenti.

FAQ

What is customer identity verification?

It's a process to confirm that the person who initiates a process (e.g., creating an account, signing a contract) is who they say they are.

How long does verification take?

On average, 90 seconds for simple processes. More elaborate verifications can take up to tens of minutes, especially when referring to verification processes related to qualified electronic signatures (QES).

Is the identity verification process secure?

Yes. Data is encrypted and processed according to the highest security standards. All methods are equipped with appropriate technical safeguards to minimize identity impersonation and detect fraud.

What documents are needed?

Depending on the method chosen:

• Video-verification: driver's license, ID card or passport.
• E-ID: ID card with an electronic layer or other document with an electronic layer.
• Electronic banking: an active bank account.
• Qualified / trusted signature: active signature or trusted profile.

Does the process require a physical meeting?

No, all methods work fully remotely.

Which verification method should I choose?

The choice depends on the purpose of the process and available customer data:

• Video Verification: quick verification and confirmation of identity, ideal for new users without an electronic signature, electronic layer document or devices without NFC.
• E-proof: the highest level of assurance and cryptographic confirmation of an identity document.
• E-banking: a fast and convenient process for those with a bank account at selected banks.
• Qualified signature: the best choice when verification is part of signing documents.