Article

What is KYC? A guide for product teams

Understand Know Your Customer requirements for your product and services, from ecommerce to crypto

In an increasingly borderless online economy, money moves fast. It is important to know where goes and who is involved in a transaction, either in fiat or cryptocurrencies, or virtual assets to prevent money laundering, fraud, terrorist financing, and illicit use of funds. Know Your Customer (KYC) is a set of identity verification standards created, initially in financial services, to help protect businesses and consumers.

Complying with KYC standards for Anti-Money Laundering (AML) is now legally mandated for a growing number of industries outside the financial sector, including crypto companies and virtual asset service providers. However, leading companies no longer think of KYC as just a checkbox to appease regulators. Using identity verification services is now a core part of security, conversion, customer success, and fraud prevention strategies.

To understand KYC verification standards, why they’re important, and how they can work for you to improve your conversion rate, we will give you an overview of industry terms and concepts. With this regulatory context, you will be better equipped to integrate identity verification successfully to make your internal teams more effective and your customers feel secure about your service.

What is Know your Customer (KYC)?

Know Your Customer (KYC) standards are in place to aid organizations in verifying the identity of a customer before forming a business relationship with them. This helps your business avoid transacting with, for example, someone on a sanctions list or unwittingly facilitating money laundering. KYC processes establish a customer’s identity and assess the risk of money laundering associated with them to understand the financial activities that a customer might be engaged in. KYC processes also help to ensure that funds are being transferred between legitimate sources.

KYC is meant to protect your business as well as your customers. Even if you’re in an industry that doesn’t require adhering to KYC standards now, adopting the procedures has benefits like decreasing the risk of exposure to fraud, increased transactional security, and increased customer confidence.

A KYC Lexicon

In addition to KYC, there are some abbreviations that can be useful for you as a product manager, CTO, CISO or risk manager who needs to integrate identity verification solutions for your organization. Here’s a breakdown:

  • AML refers to anti-money laundering and there are regulations that businesses, often referred to as obliged entities, must comply with. The list of obliged entities continues to grow thanks to new regulations like the EU’s 6th Anti-Money Laundering Directive (6AMLD).
  • CDD refers to customer due diligence, or the actions taken by an organization to perform the necessary background checks on a potential client to assess risks and establish their identity. Failure to do CDD could result in fines or other legal sanctions and in some cases even incarceration.
  • CIP in the US stands for customer identification program or the method an organization uses to confirm the identity of a customer, which can be a private individual, a partnership, a corporation, or any other legally-recognized business entity. The purpose of an organization’s CIP is to collect sufficient information about a customer to have reasonable proof that they are who they claim to be and that their funds and financial activities are not cause for suspicion.

How do you sufficiently “Know Your Customer”?

Sufficient customer due diligence isn’t just a part of a robust KYC process. It allows companies to protect themselves from legal liability, ensures the legitimacy of business relationships, and also serves to protect not only the company but also its customers from fraud or other financial harm.

The CDD process involves many steps that online identity verification can now take care of:

  • collecting information about an individual such as a government-issued photo ID like a passport or driver’s license and other supporting credentials
  • performing identity verification through information on those documents (name, DOB, etc.)
  • matching the face in the ID to the face of the device’s user (taking a video selfie)
  • cross-referencing the identified person against watchlists, sanction lists, and databases of politically exposed persons (or PEPs)

Doing this due diligence helps a company do a more accurate risk assessment. For example, you can still due business with a politically exposed person, but you will first have to do some enhanced due diligence and will have to implement ongoing monitoring.

The steps required to successfully verify identity online aren’t trivial. In the past, point-based solutions that just focused on KYC for customer onboarding forced teams to build their own tech stacks for compliance, incorporating everything from facial recognition for selfies to database check services. Modern IDV solutions like Passbase allow development teams to integrate and test all these features immediately with SDK or API integrations. Choosing the right identity verification service is critical for your company to ensure it complies with different markets and is easy to use or maintain for various teams.

How identity verification solutions help with KYC procedures

There are a variety of solution providers for identity verification, identity access management, RegTech, and cybersecurity. While there may be considerable overlap in the services different organizations offer, understanding your specific needs will help you to successfully identify which one is right for you.

Begin by mapping out your needs from a compliance perspective and finding out if a provider’s market and document coverage meets your needs. For example, you may want to process documents from Nigeria or support for proof of address documents. Ensuring that your provider collects the necessary documents is critical. Find out what advanced AML compliance features are available and whether they can be easily activated, such as multiple verification flows or ongoing monitoring. This helps your compliance team easily implement additional KYC features without needing to take up engineering resources.

Next, map out product features that build a better customer experience. You may also need multilanguage support and want a branded verification flow that is easy for non-technical teams to update.

Finally, a KYC program is only as good as it is usable. A fraud prevention team will be more likely to use the solution you implement if they can easily check verifications and or add new checks if they feel that a customer is high risk. Your colleagues doing conversion rate optimization will be more keen to do A/B testing if they can easily update the verification flow copywriting without engineering support.

Passbase focuses on helping companies identify their customers. In addition to the out-of-the-box identity verification flow that meets global KYC requirements, it has top-tier security features such as liveness detection at no extra cost. Passbase is set up in a way that is privacy-preserving for your customers because the company does not know what your customer is performing the identity verification for, and vice versa your company does not need to hold sensitive personal information while being assured about the identity of the person you are transacting with. This ensures that your company can provide evidence to regulators, should it ever be required, of proper due diligence, without having to also spend the resources securing sensitive data and become a growing target for fraudsters and hackers as your business grows.

How performing identity verification helps your customers

A 2021 report by Liminal conclusively found that the vast majority (88%) of respondents cared about security over speed for accessing an online service. The same report also found that most respondents (58%) give up on an online application process, such as a bank account or car loan, due to friction. This means that product teams integrating KYC verification solutions cannot afford a trade-off between security and usability.

The best identity verification solutions have also now combined security and user friendliness. For example, Passbase’s identity verification is completed in a few simple steps:

  1. Enter an e-mail
  2. Take a photo of a government-issued ID
  3. Follow instructions in the video selfie
  4. Submit

Solutions like Passbase simplify the steps for your customers while extracting the information that matters for your KYC program. The document submission can be used simultaneously for identity and age verification and a video selfie serves as a liveness detection test.

For an end-user, the identity verification process can be completed in less than a minute with just a few steps, which allows for rapid onboarding and improved user experience. For your company, the submitted documents and face matched identity is sufficient for KYC purposes.

Passbase clients can not only secure their business against threats like fraud or money laundering but can also offer substantial convenience to end users by enabling them to leverage their verified digital identities by such things as enabling biometric authentication for quick, password-free sign-ins and transactions and the creation of reusable identity resources for use in other third-party KYC processes.

The business value of KYC

Using identity verification for KYC also helps your business in numerous ways beyond meeting AML compliance requirements. Below are some examples:

  • Reduced fraud risk: verifying customer identity protects your organization from fraud, money laundering, and account or identity theft liabilities
  • Increased organizational security: you can efficiently secure your customers’ personally identifiable information (PII) by removing it from your platform
  • Builds customer trust: customers can be confident that their identity, account information, and financial transactions are secure

What does KYC look like for other sectors?

Beyond FinTech, crypto, and other regulated industries that are legally mandated to comply with AML regulations, numerous businesses are opting to proactively adopt identity verification to know who their customers are. As Passbase powers businesses from crypto to real estate, gaming to online retail, we have outlined how the industries we’ve worked with approach KYC.

KYC for Retail

Online retailers and other e-commerce businesses now have access to bank-grade security tools, and there are a growing number of regulations that reflect this. In the EU, the Second Payment Services Directive (or PSD2)  requires businesses to provide stronger authentication methods before processing transactions. KYC processes also help an organization in age verification efforts related to the age-restricted sale of products such as tobacco, alcohol, vapes, and cannabis.

KYC for Mobility

Identity verification is necessary for mobility for both compliance as well as trust and safety. The integration of an identity verification service enables a business in the mobility sector to quickly check the validity of a driver’s license and other submitted documentation. Ride-share company Uber was stripped of its license twice after regulators found widespread identity fraud among many of its drivers. Having an app allows businesses even for traditional rental companies to scale operations and have efficient bookings.

KYC for Ecommerce and Marketplaces

Successful online marketplaces rely on building and maintaining user confidence. In the competitive e-commerce arena, user trust translates to customer conversion and retention, and using a KYC compliance solution shows customers a business is serious about the safety of their financial data. For example HURR Collective and Nooklyn, from the fashion and property rental markets respectively, use identity verification to build trust amongst users and mitigate fraud.

Online Gaming

Online betting has been subjected to a wide range of regulations, and increased enforcement of these regulations resulted in fines of £24 million ($33 million) by the end of 2021’s first quarter. Online gaming, gambling, and eSports businesses can avoid these fines and ensure regulatory compliance by implementing identity verification solutions and simultaneously meet their age verification requirements.


You and your team can quickly understand how identity verification can integrate into your product by testing in a live environment. You can explore the Passbase API, use our SDKs for iOS, Android, and the web or try setting up a verification on the Passbase Dashboard with a free trial and 50 free verifications. To learn more about the benefits identity verification can provide your organization, try Passbase today for free or book a demo.

Get the latest news from Passbase

Passbase © 2021

KI VERBAND

Passbase is an identity verification solution that makes facial recognition, liveness detection, ID verification and KYC and AML compliance accessible through a suite of flexible developer tools. A zero-knowledge architecture ensures that companies using Passbase can securely verify users from over 190 countries without having to store their data. Built for developers, it can be integrated with just a few lines of code on iOS, Android, and Web.