Feb 8, 2017

At Finovate Europe 2017 we demonstrated online onboarding for new-to-bank customers by combining NFC to verify the authenticity of identity documents with facial recognition.

Online onboarding is both a major challenge and opportunity. Potential customers want to get a bank account without the bother of a face-2-face identity verification. In addition, banks are closing their brick-and-mortar branches.

Onboarding, of course, has to be very secure (KYC, AML etc) but at the same time user friendly. And since users prefer mobile, and smartphones have camera’s and (often) NFC capabilities, we strongly believe an online onboarding solution should be mobile.

At Finovate Europe we demonstrated a proof-of-concept Android app we developed together with the UK-based facial recognition provider iProov and the Norwegian bank DNB. This app makes it possible to fully automate the online onboarding of new-to-bank customers, using their smartphone, their passport and a selfie.

Two steps: NFC + selfie

The two major challenges for online onboarding are verifying the authenticity of the passport (or identity card) and verifying that the person holding the passport is indeed the rightful owner.

For the identity document verification we use ReadID to verify the RFID chip that is embedded in modern passports. ReadID reads the content of the chip (face image, name etc) using the embedded NFC of the smartphone and then verifies the authenticity by checking the digitally signed content of the chip. ReadID also performs some additional security checks. To be able to read the chip, ReadID first needs to scan the so-called Machine Readable Zone using the smartphone’s camera, since this contains the password to access the chip.

For the holder verification we use iProov to take a selfie, compare it to the high-resolution face image embedded in the passport chip and, very importantly, to check for spoofing. For example, iProov will detect if someone is holding a photo in front of the camera.

The below video/screenshots shows these steps, from left to right, scanning the MRZ, reading the RFID chip with NFC, and spoofing detection. Or watch the screenrecording of the demo (~1:30').

 

Highly secure

By using ReadID we can determine the authenticity of the identity document much more securely than alternative methods out there, e.g., optical verification technologies using a photo of the identity document can be fooled by a forgery and cannot determine if the actual identity document or a copy of this document is present. In addition, the facial matching step works much better with the high-resolution face image from the passport chip than it would using a photo-of-face-image from the passport’s data page.

iProov has a state-of-the-art machine learning based facial matching solution, which checks if the face image from the chip corresponds to the selfie. In addition, it also checks liveness by flashing a unique sequence of colors via the smartphone screen, and analyzing the reflection to detect photo and screen forgeries.

Depending on details of the use case, the risk appetite of the bank in question and requirements from the regulator, additional risk mitigating measures can be used. For example, checking if the passport is stolen or lost is generally a good idea. This is however out of scope for the proof-of-concept mobile onboarding app we are building for DNB.

Guiding the user with animations

The user is guided through the different steps by showing animations. If the app notices something goes wrong or if it simply takes too long, users receive specific feedback to help them on their way.  The overall process (MRZ scan, NFC read and selfie), including watching the different animations, takes less than 1½ minute.

The Finovate Europe 2017 recording of the demo on stage, part of the iProov presentation, starts at 5:10 in this video.