Close countries panel

Select country

For solutions in a specific country please visit our local website

Nets is a part of the Nexi Group - The European PayTech. Visit our Group website at

Modularity matters: which emerging technologies will change the KYC landscape?

​Read how KYC and verification must be quick and convenient by design while offering security and legal compliance. The choice to go modular should not be taken lightly when it comes to the newest technologies. It’s essential to focus on skills, knowledge, and expertise, to take different businesses to the next level. ​

​A typical Know Your Customer (KYC) process involves several steps: document collection and validation, data assessment, continuous monitoring of activity and reporting. A sequential approach where each stage is linked and a prerequisite to the other is proven to be a tricky hurdle for banks and businesses unwilling to sacrifice their agility. Constraints and limitations can be overcome by choosing a modular approach to ensure flexibility and success across each stage.

Modularity advantages in KYC
A KYC process starts with collecting personal information in accordance with EU and national regulations as such and relevant official documents. When consumers are asked to submit and validate their data in a disjointed way across mixed channels, the different KYC stages tend to overlap and blend in causing friction.

The goal of modular design is to manage complexity so to avoid a chaotic infrastructure. The best way to understand modularity is to think about building blocks. Following the well-known LEGO bricks analogy, modules can be added or removed without changing the underlying infrastructure. Bottom line is seamless integration and delivery to eliminate any bump in the consumer’s journey.

The game changer is an open ecosystem where different service and technology providers coexist shifting the traditional one-stop-shop model into industry vertical dedicated solutions. It’s a matter of flexibility and time to market. Each module should be as easy as possible to implement, test, deploy, upgrade and maintain.

Banks and businesses can adapt and thrive in such ecosystem without having to disrupt their existing KYC journey and lifecycle management. Legacy systems, disconnected data and complex manual processes should not be a showstopper but rather a starting point to embrace change.

The question is: what happens when you choose a LEGO brick that is unfit for the purpose? ​

​Author/source: {attribution}

​Federico Parola

Federico Parola is a product management specialist responsible for digital identification and signing services, including Nets Passport Reader. He has a legal background and experience from both corporate and start-up environments.​

Digital verification of identity: two security myths busted

Nowadays, banks and businesses can identify their customers at a distance thus eliminating the necessity for face-to-face physical interaction. This initial KYC step can be performed in different ways, either through the usage of highly secure country-specific digital identities (eIDs) or other electronic identification means. The latter typically includes Optical Character Recognition (OCR) technology and video identification with a human operator. These verification methods are thought by consumers to be highly secure, but the reality is that they are far from perfect.

1.       Optical Character Recognition (OCR)

While initially popular for invoice scanning, OCR has gained traction across a wide variety of applications including the scanning of identity documents such as a passports, identity cards or driving licenses. In this context, OCR allows consumers to take a picture of their ID document with a smartphone or webcam to automatically extract its information.

Good OCR engines are trained to detect the type of document used and even overcome some of the challenges posed by the reading of blurred images and text.

Pain point: OCR in 2021 is still far from perfect and can be both corrected and benchmarked against human operator review. Conversion rates are typically low and OCR isn't the answer to a digital first approach, given its lack of data quality and reliability.

New generation OCR solutions combine deeper AI and machine learning to cross-check the validity and authenticity of a document.

Pain point: The validity checks chain can be invasive accessing consumer data from the mobile device used and/or other sources, ultimately going beyond a standard KYC identity verification stage in order to increase its security and minimize the need for a human-assisted flow.

These comprehensive solutions can be ingenious. However, such a heavily dependent chain of trust can be invasive accessing consumer data from the device used multiple other sources, ultimately going beyond a standard KYC identity verification module in order to increase its security and minimize the need for a human-assisted flow.

2.       Video identification with an operator

This method is similar to an onsite identity verification and document check with a human operator – so similar that the only actual difference is the fact that the process is conducted over the internet (telecommunication) instead of at a local branch. Though different degrees of automation or AI assisted flow may be in place, it is ultimately the human operator who oversees the whole decision-making process.

Pain points: Very similar to the problems associated to onsite identity verification. It's time consuming, costly, dependent on manual verification and therefore prone to human error. All these weaknesses are even further challenged in case of poor connection and other issues affecting the image quality of the video call. ​

'Your Honour, I object!'

Pending on local geographies, the above-mentioned statements may come as a surprise or even a 'harsh' attack against technologies, which are the country 'de facto' standard for remote identity verification. After all, OCR is widely accepted internationally and video identification is regulated by several Country Supervising Authorities in Europe, including for example BaFin in Germany and FMA in Austria.

In the light of this, why and how could regional banks and businesses take advantage of more innovative and secure mobile-first AI-based solutions, should they even exist?

A mixed approach based on a combination of OCR with video identification or similar biometrics can be regarded as highly secure, but this is not due to a technology assessment per se. Their dependence and reliance to human-based validation is the deal-breaker in terms of security assessment. These technologies cannot be regarded as fully digital modules.

It is important to understand how cross-border acceptance is harmonized by legal framework for trusted digital identities. The European electronic identification and trust services initiative (eIDAS regulation) benefits are highlighted in our recently published whitepaper Rethinking KYC, where we explore the current legal and regulatory landscape in Europe when it comes to fully digital identity verification solutions.

​Emerging technologies reshaping identity verification and the fight against fraud

1.       Near Field Communication (NFC)

"By 2023, 85% of organizations will be using document-centric identity proofing as part of their onboarding workflows, which is an increase from approximately 30% today." Id​entity Proofing is taking the NFC route | ReadID

NFC (Near Field Communication) technology is a trending topic and it is supported nowadays by millions of devices, which allows e.g. contactless payments.

Most government-issued identity documents (e.g. passports or ID cards) have an embedded NFC chip containing personal and sensitive data, which is digitally signed and encrypted. Compared to OCR, NFC-based document verification can be used for KYC documentary identity verification raising the bar in terms of security and authenticity along with better user experience and conversation rates.

2.       Face Recognition  

Even highly publicized biometric systems, like Apple's Face ID, which leverages a 3D infrared camera system and claims to be the most secure biometric security in the consumer mobile market, was subject to a public spoofing by, among many others, security firm, Bkav, that bypassed the 3D feature fairly easily using a mask with a paper face glued to it. (source: FaceTec_PAD_Testing_Whitepaper.pdf (

The facial recognition market is growing at an unprecedent rate. Similarly to NFC, biometric features are now offered as a standard package in many smartphones and comes with different security levels.

Facial recognition together with liveness detection can be used in a KYC identity verification context to replace video identification with an operator. However, not all biometric authentication is equal, ranging from deeply invasive to non-intrusive mobile technology, from 2D to better performing 3D technology and face matching algorithm. 

The difficulty of AI benchmarks
Physical presence per se should not be a benchmark – the assumption (and misconception) is that a manual verification process can be more secure than a digital one. Quite the opposite, while commonly accepted as secure, physical verification is not always evaluated against specific metrics and test cases. A human operator required to check the identity of the person in front of him can commit mistakes due to variables such as behaviour, training skills, awareness, bias, etc.

Benchmarking AI-based solutions with a human operator is a tricky one - a false premise especially when it comes to world-leading algorithms going beyond OCR security and/or outperforming existing biometric standards based on e.g. false acceptance and false rejection rates. 

The auditing of new technologies is possible, but only when performed on a standalone service (modular evaluation) against both national and international applicable standards.

Choosing the right technology solutions

KYC and digital identity verification must be quick and convenient by design while offering security and legal compliance. On top of that, each country and business will have its own requirements and preferences.

The choice to go modular should not be taken lightly when it comes to new technologies. Choosing a LEGO brick unfit for purpose cannot be easily replaced putting a burden on banks and businesses, ultimately hindering scalability into new geographies and rollout of new use cases.

Therefore, it is essential to partner with a technology service provider with the skills, knowledge, and expertise, to take different businesses to the next level.

Read more about Nets and our KYC offer consisting of APIs and customisable SDKs (software development kit) for truly modular deployment here.

​Watch our webinars series "Rethinking KYC" to hear more:

Rethinking KYC part II: Amaze your customers with a mobile-first onboarding solution

Rethinking KYC part I: Improving the customer journey and satisfaction with seamless and digital identity verification