eKYC Solution: a Buy vs. Build Analysis
An electronic Know-your-Customer (eKYC) solution is an essential feature of modern banking applications. eKYC allows potential customers to create new accounts in just a few steps. It frees them from the trouble of visiting physical branches. For banks, an eKYC solution reduces the influx of customers to physical branches. This helps them to reduce the costly need for opening new branches
When it comes to eKYC solution, banks have two approaches: Build and Buy.
On the one hand, build requires banks to develop and integrate various point features (those that serve one purpose only) together. As we will learn in this article, trying to connecting disparate features for an eKYC can lead to many problems related to accuracy and functionality.
On the other hand, partnering with and purchasing an integrated eKYC solution from a third-party provider can offer some advantages.
Key considerations when banks decide whether to build or buy an eKYC solution include:
When taking the build approach, the bank shoulders all the costs associated with the eKYC solution. That could be the initial buildout, ongoing maintenance, bug detection & fixes, upgrades, migration.
Moreover, banks may not be able to foresee what features they need in the eKYC suite. Due to the lack of direction and experience, they just build one point feature at a time. It’s the thought “let’s build Face Matching first, and Liveness Detection”, then “we need Anti-Money Laundering too”, and eventually “Fraud Detection is also important”.
This is not to mention the inevitable costs of hiring new professionals (software architects, consultants, or banking experts) or outsourcing the workload to another agency.
All these costs will quickly add up.
On the contrary, by taking the buy approach, a bank can have the vendor clarify and justify all the costs that go into making eKYC up and running. This makes it easier for banks to foresee and plan ahead; either it’s for upfront license costs, the charges for consulting, or the later upgrading and maintenance fees. Some eKYC providers will also help customize or scale up all features of the eKYC solution as required, which reduces the need for internal IT resources.
To balance between an effortless onboarding process and meeting KYC policy (making sure users are who they claim to be) is banks' top concern regarding eKYC solution.
Usually, incumbent banks lack the necessary experience to build such a fast and secure electronic ID verification experience for users. An effective eKYC process needs to have as few steps as possible to save time for users. It should also provide clear instructions and account for environmental factors such as blurry images or poor lighting.
To ensure their homegrown eKYC solution meet regulatory standards, banks are obliged to build a process of control and risk assessment for security purposes. On top of that, banks must introduce other measures to validate user information and biometric data.
Therefore, a better approach to customer onboarding is by engaging a partner that offers a full-packaged eKYC solution. As all the features are to be integrated, banks can provide a seamless eKYC experience, where users can verify their identity within a couple of steps with a high level of security. In addition, the vendor will perform audits on the eKYC and work with regulators to ensure that it meets KYC requirements.
Today's fraudsters are growing sophisticated with more forms of data breaches and online attacks. To cope with this, an eKYC solution needs to be intelligent enough to detect if an ID has been falsified or make sure that the user is physically there in front of the camera.
However, banks often underestimate the complexity of developing fraud detection systems. The time, costs, and bandwidth associated with maintaining and upgrading are also worth considering.
That's why purchasing a third-party eKYC suite integrated with intelligent fraud detection is now the norm. Most eKYC providers leverage advanced Artificial Intelligence (AI) and Machine Learning (ML) algorithms to detect frauds quickly and accurately. Furthermore, they can offer liveness detection features to identify even the most sophisticated manipulations. Some even hire cybersecurity experts to safeguard the solution against the evolving cybercrime practice.
Banks usually buy sample data to train AI/ML algorithms for their eKYC solution. This is one reason why in-house eKYC solution has unacceptable FRR and FAR. What’s wrong with this approach is that off-the-shelf data is not even close to production data that is mined and used in the real world; plus the volume is usually too small to effectively train the algorithms, or the data can even be improperly tagged. As a result, biases are introduced into the AI models.
Banks are better off partnering with an established vendor that provides sufficiently large production data achieved from real-world verifications. Typically, these eKYC vendors have teams of data scientists to help banks pursue a higher level of verification accuracy and reduce data bias.
Banks are required by regulators to periodically review their eKYC solution to ensure and improve verification accuracy.
Therefore, banks that build non-face-to-face onboarding processes such as eKYC in-house must contract with an auditory agency, who will examine the eKYC process to see if it meets the current regulatory standards
By partnering with a 3rd-party vendor, banks are free from both the technical and also regulatory headaches of eKYC. The vendor will regularly audit to ensure that the solution complies with eKYC standards, and also offer reports to demonstrate banks’ due diligence.
It is imperative to ensure that the eKYC solution provider conducts regular audits and provides standard reports to demonstrate customer due diligence. This means providing verification details and decision rationale for every transaction. This type of audit trail is imperative to demonstrating ongoing compliance with a variety of regulatory mandates.
Many large banks have an aspiration to extend to global markets. Therefore, their eKYC solution must be able to scale across geographies. Banks need to localize it to support the languages, ID types, and regulations of the targeted user community. It’s not just about driver’s licenses, ID cards, and passports — the eKYC solution must also support all the different versions of each country’s ID documents (e.g., student IDs and older versions of ID types).
A full-suite eKYC service often offers global coverage of various ID types, but also offers ancillary identity services, AML screening, and strong fraud deterrence. These combined services help growing enterprises quickly scale without putting undue pressure on internal systems and manual review teams.
Implementation and Support
Operating and Managing multiple homegrown solution can eat up banks’ time and resources. Cobbling these software together also makes it difficult to perform integration testing, diagnose defects, or conduct root cause analysis. Software testing is the key challenge of DIY solutions since they require the deployment of multiple support teams to perform routine debugging due to interdependencies.
As eKYC solution has multiple features, each requires a subject matter expertise, banks would need to hire experts.
Working with one vendor allows banks to save time, effort, and even costs since they can solve most of the problems of homegrown solution including implementation, maintenance, and support. The vendor will take full responsibility for issue resolution, product updates, and functional interdependencies.
Banks are sitting on a treasure trove of customer data that requires the security level of the military. Most often, vendors of eKYC solution are audited by third-party such as PCI-DSS or ISO27001. These certification indicates that the vendor has the standard processes and controls to ensure the confidentiality, integrity, and availability of all verification data. The vendor will help with validating how sensitive data is encrypted in transit and at rest within data centers using AES256.
When banks build their own solutions, the onus is on the purchasing organization to vet each solution provider from a security perspective. How is the data securely captured? Where is that data stored? How is the data encrypted? Have their security protocols been certified? The more features, the more vetting that is required. Many fully integrated eKYC solutions have been certified as PCI-DSS or ISO27001 compliant which should provide some assurance that your consumer data is being protected 24/7.
Building homegrown eKYC process out of their internal resources, banks risk delivering an inferior product that's better off being left to another party dedicated to solving their problem. The build approach also exposes banks to regulatory complications and spoofing attacks. By purchasing an integrated eKYC that leverages technologies such as AI, OCR, computer vision, biometrics, banks can achieve the three pillars of effective eKYC: user experience, security, and compliance.
In case you are looking to purchase an eKYC solution from a trusted IT provider, KMS Solutions can be a great option. With 14 years of industry experience, we've helped multiple financial institutions seamlessly integrated advanced eKYC product into their digital banking app, enhancing the overall user experience. Contact us today to get a free consultation and explore how this innovative solution can fit into your banking ecosystem.
*Note: KMS Solutions' eKYC solution can only be applied to enterprises within the Vietnam market