Regulations like the Bank Secrecy Act (BSA), 5AMLD, FATF recommendations oblige Fintech players to embed AML/KYC solutions into their solutions.
If you’re building Fintech software for online/mobile banking, loan origination, investment management or payment processing and don’t want to bother developing an identity verification module yourself, try a ready-made solution.
Modern KYC solutions are compliant with current regulations, feature-rich, intelligent and solve a lot of security issues.
To top it off, their integration is stress-free — every vendor claims this, leastwise.
Although, there may be some challenges and considerations on the way. So, our task is to warn you about the pitfalls that may occur when choosing your KYC integration partner.
Security challenges in Fintech that custom KYC solves
First things first. Why can’t you go and release your Fintech software without KYC procedures?
The European Commission identifies the risks of fake/forge identity, non-valid ID documentation, the risk that the identity document is presented by an imposter, risk of false info during onboarding as main KYC issues.
Deloitte and The Paypers name the below security challenges that are to be solved by KYC solutions.
1. Securely collecting clients’ data, checking the accuracy of the information
Before the global pandemic, financial organisations asked for physical IDs docs and ran onboarding manually. COVID-19 forced banks to go digital and make sure that full-cycle online procedure is secure and user-friendly. When signing up, the client passes the identity detection, adds personal details and uploads docs to the profile. Fintech software checks the accuracy of docs using different methods like OCR (Optical Character Recognition). Experts say that, in general, online onboarding could be even more secure than offline processes.
2. Preventing impersonification frauds
The global pandemic boosted online criminal activity, in particular impersonification frauds. To ensure financial institutions that their customers are ‘who they say they are’, KYC tools use Knowledge-based Authentication or Facial Recognition methods. Face or fingerprint identity checks have security holes, but liveness detection solves this problem.
3. Verifying the customer compliance
AML/CTF background checks are based on static customer data.
Manual processes of data collection and verification and enhanced due diligence checks may take several days. Automated tools provide quick results; therefore, experts can focus on deeper investigation and complicated cases. AI/ML technologies help to handle high-volume repetitive cases.
AML modules are used not only for first-time onboarding but also for secondary checks. All clients are categorised by correct risk ratings, and a financial company understands how and where to allocate its resources the most effectively.
4. Ensuring the legal status of documentation
To make the full cycle of the client service more seamless and faster, KYC vendors offer e-signature creation and verification modules. Otherwise, banks have to integrate a third-party solution to ensure the legal status of contracts and documents.
Custom KYC solution integration process
Common integration options of KYC vendors are mobile SDKs, web SDKs, API integration, Cloud-based verification, front-end as a service, etc.
Here are a few examples.
KycHub, for instance, enables clients to run the company services using its backend through two-way Rest APIs. For those who want to integrate KycHub’s service into their app, there’s an option of mobile/remote verification.
Also, KycHub can be used as a front-end as a service solution. The company integrates a plug-and-play solution within their business infrastructure. Another option also available is bulk uploads of client data via the dashboard.
Nets’ ID-Rights functions supporting AML/KYC procedures can be embedded into Fintech software only via development kits. It greatly minimizes custom development for the Fintech company and significantly enhances time-to-market.
Sumsub integration options include web SDK, mobile SDK, and API integration. The vendor provides detailed guides for devs in the SumSub Developer Hub.
Sum&Substance’s API allows businesses to send and receive applicants’ data and documents for verification through simple RESTful APIs.
WebSDK is highly customisable and ideal for those who want to get started instantly. Sumsub dev kit features include a face liveness module, adaptive user-friendly design, ability to continue the flow on mobile.
To embed Sumsub’s mobile kit, clients should do some backup preparations and choose a platform for development (native or mobile application development framework).
Similarly, businesses can embed Veriff features through APIs and Mobile SDKs.
Wavetec offers fully managed services, single-point solutions and API integration.
Benefits and limitations of identity verification solution integration options
If you’re unsure which custom id verification solution integration method will work best for you, check their pros and cons.
Benefits of integrating KYC solution via APIs:
- quick process;
- low downtime and instant response;
- enhance cyber-security provided by the vendor;
- the vendor guides and supports your clients through the KYC process;
- the solution is fine-tuned and well-tested;
- access to new features built by the vendor;
- improved navigation through the business infrastructure (website, platform, mobile app).
Limitations:
- not all API implementations allow liveness detection;
- API-based integrations may lead to lower conversions;
- since APIs are a getaway, they may be a target for criminals.
Advantages of web and mobile SDKs:
- ability to leverage features built-in devices for identity verification;
- more intuitive and streamlined user journeys;
- higher security to compare with APIs;
- faster identity verification;
- customization of the identity verification experience;
- can be used to build a solution from scratch.
Challenges of dev kits:
- getting a solution up and running may take long;
- it may be more expensive than using APIs;
- SDKs are highly specialised and may be hard to tweak.
6 things to consider before starting KYC solution integration
What else should you take into account?
The cost of the project has always been the greatest concern. How can KYC integration services multiply your budget?
Let us show you.
Oftentimes, one single solution lacks features to serve all Fintech business needs. In this case, devs integrate many services in one place.
Recently we’ve finished developing a KYC service in a developing country with a Fintech market at its early stage. The service was composed of Facetec’s liveness detection feature and Regula’s document reader.
The development part was clear and straightforward, but the infrastructure engineering puzzled us over.
The major challenge for us was to meet the requirements for data processing and storage set by the national regulator: the servers where the KYC solution is hosted must be located within the country. At the same time, they have to provide adequate processing capabilities.
Emerging markets typically don’t have huge hosting power. That’s why we decided to host client data on local servers and chose foreign Amazon AWS servers to store SDKs.
Server issues can be crucial for business. The cost of further hosting may be much higher than the development cost.
If you didn’t consider all the future costs, the project might fail due to the lack of budget.
Check these tips before the KYC integration process:
- make sure that the vendor complies with the core requirements of all global and domestic regulators;
- the provider should also offer further support of AML/KYC regulation and implements the best Fintech security measures;
- compliance with ISO standards, in particular ISO/IEC 30107, for companies using biometrics for identity verification is also a must;
- check whether the vendor has their own database and is compatible with other data resources;
- some vendors offer testing modules to see their features in action, and we bet you’d like to give a solution a test drive.
Consider JustCoded as your trusted fintech software development partner
Hello, we’re JustCoded!
For the past decade, we’ve helped many Fintech startups launch projects and mature businesses – scale and expand to new markets.
What we build for Fintech:
- investment platforms for real estate, art, education, p2p lending and other sectors. Key project: Forus:
- crowdfunding portals of different types and models. Key project: CapitalRise;
- p2p lending sites with powerful loan management and third-party solutions. Key project: Invest My Community;
- impact investing portals. Key project: Charm Impact.
The vast experience and knowledge of the Fintech domain spurred us to build an in-house product — LenderKit, a white-label Fintech software for regulated investment business.
Summary
The beauty of ready-made KYC solutions is their easy integration. You’ve got everything you need — well-documented APIs and SDKs, implementation support and testing regime.
But there are also important things that may cause troubles within or after integration and determine the fate of your project.
They include vendor compliance with global KC standards and regulations, requirements to server capacities, support of different identity verification methods, integration options (APIs, SDKs or KYC as a service), lack of vendor’s databases or testing regimes.
