Across the expanse of modern-day Australia, it is often hard to open a bank account. Anti-Money Laundering (AML) and Counter-Terrorism Financing legislation (CTF) require banks to know their customers (KYC). To identify a customer they must collect and verify their full name and either their residential address or date of birth. ReadID allows them to do this remotely and in a manner compliant with the rules that underpin the Australian Transaction Reports and Analysis Centre (AUSTRAC).
ReadID-driven KYC for identification
According to the AUSTRAC customer identification and verification guidelines, the verification process is split between two standards. A bank can either use documentation-based verification or electronic data-based identity verification, or both.
When using a documentation-based verification procedure, a process that is backed by an official identity document, the standard specifies only one source of reliable and independent information is required. Electronic data identity verification, on the other hand, isn’t backed by an identity document and requires two sources of reliable and independent information.
"ReadID allows Australian Financial Services industry to remotely and easily verify customers in a manner compliant with the AUSTRAC rules."
For the documentation method, AUSTRAC states that the passport is an acceptable and original primary photographic identification document. With more than one billion ePassports in circulation, it can be considered the most popular identity document globally. ReadID reads and verifies the chip in an original passport, where it is required to collect the full name and date of birth of the individual. It should be considered a document-based verification procedure. Consequently, a single source-based KYC process can be utilised by the bank. A process that can be easily executed remotely via a mobile app and is far more efficient and user-friendly compared to the dual source standard.
Note that a similar KYC approach is described in the Good Practice Guide 45 in the UK where a single official identity document that has been verified to be authentic and valid already offers a sufficient level of assurance.
Furthermore, an Australian bank is also required to determine whether the document produced about an individual may have been forged, tampered with, cancelled, or stolen. ReadID automates this via security mechanisms, specifically passive and active authentication, which are used to match government-issued country and document signer certificates to ReadID’s server-based list of government-issued public certificates. It also determines if a chip has been tampered with or cloned.
Then, by utilising face matching and liveness detection against the high-resolution picture embedded in the chip as a second step, it can be determined if the owner of the document is present and alive, and thus that the document has not been stolen. If facial verification is not performed, then the reporting entity will be required to perform the lost/stolen check.
AUSTRAC also states that the passport is acceptable up to two years after expiry, but all other documents need to be current. ReadID also reads the passports’ expiry date and makes this data available via its comprehensive library of APIs.
Finally, ReadID excels in 'new to country' and 'no digital footprint' customers. By leveraging the ePassport as a single authoritative source for automated identity verification purposes, ReadID readily solves the current Visa Entitlement Verification Online (VEVO) issues that are due to human errors in handwritten Visas.
Given the importance and sensitivity of the whole remote KYC process, the security of the data processing is of utmost importance. InnoValor’s KYC verification processes are highly secure as we meet the following certifications:
- ISO27001 and ISO27701 for Information security and privacy management.
- Service Organization Control 2 (SOC2) type 2, the gold standard for data security.
- eIDAS module certification for Qualified Trust Service Providers and for eID/assurance level High by TÜV Trust IT Austria.
- Cyber Essentials certificate of assurance for the UK government-backed scheme focusing on five important technical security controls.
To summarise: ReadID can meet the Australian AML and CTF requirements regarding KYC and in particular the verification of the authenticity of the personal data and the identity document used in this process. Moreover, when using an official identity document (i.e., a biometric passport), a sufficient level of identity assurance can be obtained and there is no need to use a second source for the verification of the applicant’s identity. This makes ReadID easy to use for the applicant at any time and any place and at the same time it brings straight-through-processing opportunities for the banks.