eKYC and Digital Identity Verification: The Complete Guide

A complete eKYC workflow consists of multiple distinct technical steps, executed in sequence with risk-based decisions at each stage. Modern platforms execute the entire sequence in under 30 seconds for the majority of customers.

The customer captures images of their identity document — typically passport, driving licence, or national identity card — through a mobile camera or webcam. The capture interface must guide the customer to produce images of sufficient quality (correct lighting, document fully in frame, no glare) and reject low-quality captures before they enter the verification pipeline.

The captured document is parsed and validated. Document authentication checks include: confirming the document is a known type from a known issuing authority; validating security features (holograms, microprinting, MRZ checksum, embedded chip data where present); checking for evidence of tampering (font replacement, image manipulation, digital cropping); and verifying that the document has not expired. Modern document libraries cover thousands of identity documents from over 200 jurisdictions.

The customer captures a live selfie or short video. The capture is used both for biometric matching against the document photograph and for liveness detection. Capture interfaces typically include real-time guidance to ensure the face is correctly positioned and lit.

Liveness detection defeats presentation attacks — fraudsters attempting to verify using a printed photograph, a screen recording, a deepfake, or a 3D mask. Modern liveness systems use a combination of passive (analysing the captured image for signs of being a recapture) and active (asking the customer to perform a randomised action such as turning their head) techniques. The standards to look for are ISO 30107-3 PAD certification at Level 1 minimum, ideally Level 2.

The selfie is compared to the photograph extracted from the identity document using face-recognition algorithms. The output is a similarity score; the platform applies a threshold tuned to balance false-rejection (legitimate customers being flagged as non-matches) against false-acceptance (fraudsters being flagged as matches). NIST FRVT benchmark data is the most reliable indicator of algorithm quality.

In parallel with document and biometric verification, the verified identity is screened against sanctions lists, PEP databases, and adverse media sources. See our sanctions screening guide and PEP screening guide for the full screening framework.

All major AML frameworks accept eKYC, provided the methods used satisfy specific reliability requirements. The relevant provisions:

• FATF — Recommendation 10 requires verification using reliable and independent source documents, data, or information. Digital verification methods qualify provided they meet this reliability standard. FATF's 2020 Digital ID Guidance specifically endorses eKYC using regulated digital identity systems.
• EU (AMLD 6) — Article 13 explicitly permits identification using electronic identification means, electronic trust services, or other secure remote or electronic identification processes regulated under the eIDAS Regulation.
• UK (MLR 2017 / JMLSG) — JMLSG Guidance Part 1 Chapter 5 covers electronic verification in detail, recognising it as an acceptable verification method when supported by appropriate data sources and controls.
• US (FinCEN) — FinCEN guidance on the use of "non-documentary" verification methods has been progressively expanded to accommodate biometric and digital verification where reliability can be demonstrated.
• Singapore (MAS) — MAS has been an active proponent of eKYC, with Singapore's Singpass / Myinfo system providing a regulated digital identity infrastructure that financial institutions can rely on for verification.

eKYC for individuals is well-established. eKYC for corporate customers — verifying the entity itself plus its directors and ultimate beneficial owners — is more complex and less standardised. A complete corporate eKYC workflow integrates:

• Authoritative corporate registry lookup for the entity and its directors / shareholders.
• UBO unwrapping through any layered ownership structures.
• Customer-facing portals through which directors and UBOs complete eKYC remotely.
• Sanctions and PEP screening of all identified individuals and the entity itself.
• Document management for incorporation documents, ownership records, and trust deeds where applicable.

Our customer onboarding platform integrates all of these into a single workflow — the corporate is verified through KYB, identified UBOs are routed into individual eKYC through portals, and the resulting case file presents the analyst with a complete view ready for risk rating.