All blogs
Digital Identity Verification at Scale

Digital Identity Verification at Scale

20.06.2024

Customer onboarding in financial services requires robust identity verification. We explore how to implement ID verification that balances security, compliance, and user experience at scale.

The Identity Verification Imperative

Financial services regulations require knowing who your customers are. Beyond compliance, robust identity verification protects against fraud, money laundering, and identity theft. Get it wrong and you face regulatory penalties, fraud losses, and reputational damage.

But verification creates friction. Every additional step in onboarding loses potential customers. The challenge is implementing thorough verification while maintaining conversion rates.

Verification Methods

Document Verification

Customers submit photos of identity documents (passport, driving licence). Verification includes:

  • Document authenticity: Checking security features, detecting forgeries
  • Data extraction: OCR to read document details
  • Database checks: Verifying document numbers against issuer databases

Biometric Verification

Matching the person to their document:

  • Selfie matching: Comparing selfie to document photo
  • Liveness detection: Ensuring a real person, not a photo/video
  • Active liveness: User performs actions (blink, smile, turn head)
  • Passive liveness: Detecting liveness without user action

Database Checks

Verifying identity against authoritative sources:

  • Credit bureau: Address and identity history
  • Electoral roll: Address verification
  • Mortality registers: Detecting deceased fraud
  • PEP/sanctions lists: Screening for high-risk individuals

Provider Landscape

The identity verification market has matured significantly. Key providers include:

  • Onfido: Document and biometric verification
  • Jumio: AI-powered identity verification
  • Veriff: Video-based verification
  • IDnow: European focus, video and automated
  • GBG: Data-centric verification, strong UK coverage

Evaluation criteria:

  • Document coverage (which countries/document types)
  • Accuracy (false accept/reject rates)
  • Speed (verification turnaround time)
  • User experience (mobile SDK quality)
  • Pricing (per-verification costs)

Architecture for Scale

┌────────────────────────────────────────────────────────────┐
│                 Identity Verification Flow                  │
├────────────────────────────────────────────────────────────┤
│                                                             │
│  ┌──────────┐   ┌───────────┐   ┌──────────┐   ┌────────┐ │
│  │  Client  │──▶│ Capture   │──▶│ Provider │──▶│ Review │ │
│  │  App     │   │ Service   │   │ API      │   │ Queue  │ │
│  └──────────┘   └───────────┘   └──────────┘   └────────┘ │
│                       │               │             │      │
│                       ▼               ▼             ▼      │
│                 ┌──────────────────────────────────────┐   │
│                 │         Orchestration Layer          │   │
│                 │  - Retry logic                       │   │
│                 │  - Multi-provider routing            │   │
│                 │  - Result aggregation                │   │
│                 └──────────────────────────────────────┘   │
│                                                             │
└────────────────────────────────────────────────────────────┘

Multi-Provider Strategy

Don't depend on a single provider:

  • Primary provider for most verifications
  • Secondary provider for failures/edge cases
  • Fallback to manual review when automated fails

Async Processing

Verification isn't instant. Design for async:

  • Return immediately with "pending" status
  • Webhook notifications when complete
  • Allow customers to continue setup while verification processes

Optimising Conversion

Reduce Steps

  • Combine document capture and selfie in one flow
  • Pre-fill fields from document OCR
  • Clear instructions at each step

Handle Failures Gracefully

  • Specific error messages ("Document glare detected—please retake")
  • Allow retries without restarting
  • Offer alternatives (different document types)

Mobile-First Design

Most onboarding happens on mobile:

  • Native camera integration
  • Clear framing guides
  • Haptic feedback on capture
  • Offline capability for poor connectivity

Fraud Prevention

Verification must detect:

  • Document fraud: Forged, altered, or stolen documents
  • Presentation attacks: Photos of photos, screen recordings, masks
  • Synthetic identity: Fabricated identities combining real and fake data

Combine verification providers with fraud signals:

  • Device fingerprinting
  • Behavioural analysis
  • Velocity checks (same document used multiple times)

Compliance Requirements

UK AML regulations require:

  • Identity verification before establishing business relationship
  • Risk-based approach (enhanced due diligence for higher risk)
  • Ongoing monitoring and periodic re-verification
  • Record retention (typically 5 years after relationship ends)

Conclusion

Effective identity verification balances security requirements with user experience. A multi-provider architecture with robust fallbacks handles the reality that no single solution works for every customer. Continuous optimisation of capture flows and failure handling improves conversion while maintaining the verification integrity that compliance requires.

Previous blog Next blog
Cryptocurrency Custody for Regulated Firms
Cryptocurrency Custody for Regulated Firms
Navigating FCA Compliance in Fintech
Navigating FCA Compliance in Fintech
ISO 20022 Migration: Preparing Your Payment Systems
ISO 20022 Migration: Preparing Your Payment Systems