In case of more complex products or services, we are required to identify the client before we make an offer - and here comes into play so called digital onboarding.
In the opening chapter of this series, we talked about the general topic of digital transformation. One of the first steps for its successful implementation is the establishment of a space for existing clients, where they can simply place their service requests within the client zone, e.g. a list of contracts. Once the company is able to identify the user thanks to logging into one of the systems, we can simply work with their data and offer additional products through cross-sell and up- sell. High-speed service can be offered also to unlogged users, which helps us get their details when closing a deal. Yet, in case of more complex products, we are required to identify the client before we make an offer - and here comes into play so called digital onboarding.
The standard model of servicing a client at a branch, such as a when dealing with a current account, is becoming obsolete for two main reasons - it is slow and costly, both for the company and for the client. A new trend, besides the aforementioned service task, is the effort to "onboard" new clients using online tools so that clients do not have to go to a branch and can close contracts from virtually anywhere. Speed and comfort are crucial in a market where the vast majority of products are easily replaceable. Therefore, digital onboarding concentrates on the opportunity to confirm the authenticity of the person and make a new contractual relationship without personal contact. However, this goal can be reached by various ways, all of which have pros and cons.
Main onboarding methods
OCR – document scanning
The easiest (and cheapest) way is to use OCR software (Optical Character Recognition) that is capable of recognizing individual characters in texts. Such applications have been used for several years to digitize old texts; and, recently have been adopted by larger companies to identify new clients (e.g. Airbnb). In such a scenario, the user enters basic data and then is asked to take a photo of one or more identification documents (with a camera on your smartphone or using a webcam) from which the software reads the necessary information and, where appropriate, through the so-called API of various registers, e.g. insolvency register, confirms we are not dealing with an untrustworthy person. The next step is verification by a text message, where the user confirms the entered data is correct and adds a virtual signature.
However, the relative simplicity and low cost of the whole service are offset by lower security. As we deal with static images, the programme does not know what happens between taking the individual photos. So it is not possible to confirm that the person uploading the ID card is the same as in the ID card picture, i.e. it could have been stolen or fraudulently used. Likewise, the security of uploading photos into the application is more demanding due to the use of integral and standardised files than it would be with for instance streamed videos. So the communication could be captured and the document misused for the purposes of another service, or to edit the metadata of the image such as the date and time stamp of the photo (which should be very close to the time of sending it to the server).
The main advantage, however, remains in high availability of this service, which is offered by many providers such as SaaS solution (Software-as-a- Service, thus as a (cloud) service charged for the number of uses). Solutions IDCheck.io or IDscan.com are the examples of it.
Picture: basic scheme of IDCHECK.io functionality. Source: IDCheck.io.
Video broadcast with an agent
Safer, but significantly more expensive, is to extend the above model by a direct video link with an agent. The agent contacts the user at the other end of the line and provides the necessary instructions. Such a personal check if the user is not a robot, and if they are not trying to scan fraudulent personal documents is more reliable than the former approach. Yet, the costs for running a service involving agents are not insignificant, and it is necessary to consider whether the company has the capacity to ensure agents in such centres, and if not, how to legally secure a business relationship with a third party outsourced contact centre. To illustrate IDNow is such a provider.
Automated Facial Recognition
Golden mean between the former approaches can be video streaming with no agent. The video is analysed in real-time by a face recognition software. This procedure is then often combined with a sequence of several face grimaces the user must perform in front of the camera - for example, smiling, winking with the left eye, opening mouth, etc. By default, approximately 3-5 steps are used with random grimaces. This way, the user can not know exactly what grimace to be ready for and the transition between the facial expressions must be smooth, as well as it is required the face and the head are in the same position in front of the camera. The software is then able to distinguish between unexpected transitions (such as changing a fraudulent photo in front of the camera) and whether a real person - the applicant is sitting in front of the camera. As a security option, it is possible to be redirected to an agent if the software is unable to make a clear decision whether it is dealing with a fraud or not. Amazon Rekognition, OpenCV or Kairos are examples of such platforms.
3D Reconstruction - Photos, Videos, Stereoscopy
The latest technology is 3D face scanning. This most complex, complicated, and mostly expensive way is designed with the use of several approaches, some of which are somewhat bizarre. 3D model can be composed of a series of photos or a video when the user circles smartphone around their head until the application has enough data (not from only pictures, but also from other internal devices such as a gyroscope, accelerometer etc., thanks to which the application is able to determine the depth of the image). The record created is then converted into a 3D skeleton of the facial features and wrapped in a texture composed of single images. This service is already provided, for example, by application 4DFace. Another, even newer way, comes with the introduction of the first stereoscopic cameras placed on the front of smart phones - such as the new versions of iPhones. Apple itself will use their latest version of FaceID instead of fingerprints. Therefore, it is to be expected that other smartphone suppliers will also use similar technology as part of their competition efforts, which will massively extend use of such identification.
Picture: source 4dface.org
However, the common denominator of these innovations remains the cost of the service when it is implemented. Many of the products that deal with the issue are more likely to be at the stage of introductory prototypes and are still trying to find their way through. However, the advantage of adopting a solution of this sort can make a company not only rapidly get ahead of the competition and help to be the next market leader, but it can also help save costs, as using the service itself means there would be no need for interaction with an agent.
Legislation being the biggest implementation challenge
In the previous chapters, we generally described the individual options of digital onboarding, but one of the biggest challenges is the compliance with the existing legislative framework, which regulates the so called remote client identification. This framework is also different in different European countries and there is no universal solution.
If we limit ourselves only to the Czech Republic, the issue of remote client identification is newly regulated in Section 11 Article 7 of Act no. 253/2008 Coll. on Certain Measures against Money Laundering and Terrorism Financing (AML - Anti Money Loundering Act). Briefly, this method of identification must be in addition to the production of two ID documents (preferably electronically, which is not stated in the Act) also complemented by a verification of payment from the client’s bank account. The Act does not specify the direction and amount of this payment, but in practice we usually see verification payments in the amount of "CZK 1", which is a great deal in contradiction with the logic of ‘smooth’ digital onboarding (regardless what method), because the client is forced to quit the process and make a payment, which in most cases leads to incomplete onboarding.
This follows, it is clear new client identification methods will require finding a path that will ensure compliance with this legislation. And, it cannot be ruled out that the current legislation will have to change. Therefore, the legislative aspect of the solution is one of topics not to be neglected if we are to comprehensively grasp the issue of digital onboarding.
Data Security and User Experience
Another pitfall of all the listed approaches is naturally safety, and people's willingness to share such sensitive data with service providers. Therefore, it is necessary to correctly handle the communication of benefits to the end customer, once the company starts addressing this issue. One major benefit for both parties is the speed and convenience when concluding new contracts - these two factors are dealt with by so-called User Experience (UX). We will talk about this topic in the future chapters.