+34 93 398 85 89 info@bioidenti.com

How to incorporate a Digital Onboarding solution and succeed

by | Sep 19, 2024 | Blog | 0 comments

It is becoming increasingly common for services to require identity verification. Since the pandemic, a multitude of services have emerged, trying to adapt to the new reality and regulations by incorporating digital onboarding solutions, identity verifiers (IDV), know your customer (KYC), or other equivalent terms. The goal of these solutions is to capture a live image of the person and verify their identity based on an identification document using facial recognition (FR) and document authenticity verification (DV).

At Bioidenti-Cell, S.A., we are experts in integrating digital onboarding solutions and providing SaaS services for both DV and FR. We also offer web components that can be integrated into web applications to solve the complexity of live facial and document capture. With over 20 years of experience, we have encountered many technical challenges that we have overcome, and we want to share our insights to provide a comprehensive view of how these services work.

It is common for websites offering these services to not function as well as users would like or deserve. To complete an onboarding process, users often have to spend a lot of time, and in many cases, they are unsuccessful and have to look for alternative solutions or even travel to complete the verification in person.

From a technical perspective, the main challenges of these solutions are that they must work with a wide range of identity documents (DNI, NIE, TIE, CI, passport, etc.) and be compatible with all types of devices (tablets, smartphones, laptops, or desktop computers), with various validations, resolutions, and cameras.

Companies that need to implement a digital onboarding solution must carefully consider the strategy to implement a good solution and succeed.

First, it is essential to identify the various actors involved in these types of solutions:

  • The application: Where we want to integrate identity verification into certain registration processes.
  • DV: A service that must verify the document using images and a pattern database that may be global and needs to be continuously updated.
  • FR: A service that must perform facial recognition between the live image captured from the client’s camera and the image extracted from the document.
  • Facial capture: An interface for capturing the client’s live facial image.
  • Document capture: An interface for capturing one or both sides of the identification document (DNI, passport, driver’s license, TIE, etc.).

How to Address the Adaptation or Implementation of the Application

The priority should be the availability of the service and its ability to evolve. External system impacts should not affect the application’s development, so systems should be decoupled. The project should be approached with in-house resources or with the IT provider responsible for the information systems, maintaining control over the system end-to-end and resolving each integration by minimizing impacts and interdependencies.

From the service provider’s perspective, they must take responsibility for sensitive data and store and process it with all necessary guarantees. This is the most critical and delicate point in the entire digital onboarding process. Being responsible for managing personal data is a high responsibility, and the system should not be complicated by creating replicas in external services. It is highly advisable to ensure that the DV and FR service providers certify that images are not stored.

It is likely that some images will need to be stored. In this case, security measures, including encryption and access control, as well as traceability, must be considered.

Given that clients may operate from multiple platforms, it is essential to establish cross-platform requirements for the digital onboarding application. One solution is to orient the application around web components that integrate image capture and quality control solutions.

How to Choose a DV and FR Provider

The cost of the service must be taken into account. Typically, these providers offer services through SaaS (Software as a Service), so the cost depends on the number of transactions per year.

For DV, a provider capable of maintaining document pattern validity over time with a global perspective is essential. Although the initial scope may seem national, exceptions can add complexity. Therefore, starting with a scalable service based on the number of documents and transactions per year is ideal.

For FR, algorithms certified by NIST that guarantee an acceptable level of reliability should be sought. There are many certified solutions, but there are also many uncertified ones, making it crucial to choose a solution with certified reliability.

Another important consideration is data protection (GDPR). If operating in Europe, it is advisable to work with providers whose services are hosted in the EU to avoid potential GDPR violations. We will discuss more on this topic later.

From an IT integration perspective, providers should offer solutions that are SDK-oriented, allowing interaction with services directly and ensuring control over the application. This point is crucial to avoid dependency on third parties and proprietary solutions, ensuring the possibility of changing providers without significant difficulties.

Separating the FR service from the DV service helps decouple services and maintain control of the application by using different providers.

For both DV and FR, choosing a provider certified in cybersecurity (ENS, ISO 27001) is important, ensuring that images are not stored beyond what is necessary for synchronous service delivery. Companies should ensure that facial and document images are not hosted on client stations or external servers beyond what is required for effective management.

How to Handle Live Photo Capture and Validation

Experts in developing web solutions, based on React, Angular, and other user interface frameworks, can enable live facial capture via a web component that integrates into the application. Outsourcing this component is advisable due to the complexity of these solutions. If, in the future, the IT department responsible for the entire application’s development has time and resources for innovation, it should be done gradually, starting from an already operational solution.

The complexities of this solution include:

  • Various camera resolutions and models.
  • Device camera selection (front, rear).
  • Control over mobile or tablet orientation.
  • Integration of facial detection libraries.
  • Distance control.
  • Detection of multiple exposed faces.
  • Controls for overexposure and different skin textures.
  • Detection of blurry images or reflections.
  • Control over open or closed eyes.
  • Control over facial expressions.
  • Shadow control.
  • Control over whether the image is live and not a fixed photo, mask, or video (liveness).

Depending on the service’s importance, some of these points may be more or less critical. In any case, it is crucial that users can easily and accurately capture an image, minimizing verification errors. If the photo is to be included in a document, it must comply with ICAO 9303 specifications.

How to Address Document Capture and Validation

The recommended strategy is similar to that for facial capture: integrate a web component that resolves its complexity in the first phase.

Beyond the complexities shared with facial capture, the document capture component must also address:

  • Margin detection.
  • Various document sizes and proportions (TD1, TD2, TD3).
  • Reflection or blurry area detection.
  • Real-time feedback to improve capture.
  • Capture with a timer to facilitate positioning and centering.
  • Control over size by incorporating frames that help position the document.
  • Light calibration to optimize quality.
  • Detection of the document side and the machine-readable zone (MRZ).
  • Control over capturing one or two sides depending on the document type.

How to Integrate the Application with Each Identified Component

The solution lies in decoupling services to maintain control and scalability, avoiding future dependencies.

The application should clearly separate the user interface from the service controller. For the interface, web components should be integrated for facial and document capture to ensure all interface-related validations, with well-defined input/output points. A single entry and exit point for all captures can be used, or they can be managed separately. Ultimately, the final result should be 2-3 images, the final validation results, and, if necessary, live videos that store capture evidence, which can be reviewed from the application’s back-office. This will depend on the solution’s scope.

At the controller level, an interface with external services must be prepared. These can also be managed as a single service or separately. While managing them separately offers more control, integrating a single service may be more cost-effective. The expected outcome is a service that returns whether the document is valid, whether the facial recognition produces a HIT, the scores obtained, and the extraction of all document data with respective verifications.

It is important to note that verifying a document only through the captured image (white light) cannot provide absolute certainty, as some verifications using UV and infrared are lost. However, for most uses, verification through an image will be sufficient if integrated with national services that allow document status verification (stolen, lost, etc.).

For greater authenticity control, NFC reading of the document’s chip can be integrated. This option ensures the extracted data is more reliable by cross-referencing the OCR-extracted data with those registered in the chip, reducing errors caused by poor photo capture, which can only be verified against the MRZ.

To integrate document verification services, collaboration with providers offering multi-level verification is necessary to scale the company’s digital onboarding solution.

The complete process should aim to optimize live image capture, minimizing service errors. Increasing controls and providing a user-friendly interface with clear messages helps ensure digital onboarding is achieved on the first attempt. Any asynchronous errors that need to be managed later create high workloads and cause user frustration, risking lost business opportunities due to delays in onboarding.

For those needing to contract onboarding services, this article aims to outline some of the challenges and considerations to keep in mind during decision-making, and we recommend consulting experts like Bioidenti to ensure success.