By: Jeremy Pedersen
I realize not everybody is familiar with "KYC"...so let's start at the beginning: what is KYC?
In most countries, companies that provide financial services (from banks to crypto startups) are required to make an effort to identify each of their customers.
KYC, or Know Your Customer, is the process that companies go through to do this.
Traditionally, KYC is an offline process. You go to a physical location (like a bank branch), present your ID, and another human being matches you against your ID.
But what happens when meeting in person isn't possible? Enter "eKYC".
Electronic KYC (eKYC) is used when you need to verify someone's identity online.
eKYC was already critical for FinTech startups that have no offline presence, but is also becoming increasingly popular with traditional banks, many of which started adopting eKYC during the worst parts of the COVID pandemic.
Of course, there are other benefits too:
The problem with eKYC is that it's hard. Outside the financial sector, it's enough to collect photo ID for each of your users. This is the approach taken by cloud providers like Alibaba Cloud and Google Cloud.
Unfortunately this is rarely enough for KYC in the financial services sector, where requirements are much more strict.
Designing identitiy verification systems that can meet the needs of the financial services industry is very, very difficult. Luckily, ZOLOZ has already done this work for you!
ZOLOZ is a pre-built solution for more accurate eKYC on mobile devices.
Unlike simple systems that work by having a human being compare a user's photograph to their ID, ZOLOZ includes more sophisticated measures to detect fake and spoofed IDs.
ZOLOZ can read information from ID cards via OCR (optical character recognition), can spot signs of fake IDs, and requires users to move and blink rather than submit a still photo of themselves, making fraud much more dififcult.
Of course, the real secret sauce with ZOLOZ is its large cache of historical data. By comparing verification attempts with IDs, user photos, and transaction history that it has seen before, ZOLOZ can detect fakes more quickly and accurately. Changes to hairstyle, makeup, or environment aren't enough to fool ZOLOZ.
Now the exciting part: I'm going to try all this out myself - on both iOS and Android - and using IDs from two different countries. I'll evey try and fool the system with a fake (printed) ID!
Let's dive in and see what happens!
ZOLOZ can be integrated into an existing mobile app, but obviously we don't have time to write a dummy app just for today's blog, so we'll be using the demo applications that ZOLOZ provides:
For the purposes of today's blog post, I have downloaded and installed both the iOS and Android versions of the demo app.
The Android app was installed on an older Huawei phone, and the iOS version was installed on a recent iPhone using the Mainland Chinese Apple App Store.
The test procedure for both apps was simple:
That's it! Let's go through this process first in iOS:
First, we open up the iOS app:
There are multiple options here, but the one we want to try is Real ID, which will capture both our face and ID card details, and verify whether they match. Clicking on Real ID, we see this page, which lets us know what's going to happen next:
Next, we choose our ID type (in this case it's a Mainland Chinese ID card, called a "身份证" or "Shen Fen Zheng"):
We must now decide what type of verification to perform. ZOLOZ recommends 'Deep Scan + Blink' so we'll pick that:
If you are integrating ZOLOZ into your own application, you can decide what level of verification to perform. The demo app gives us these choices so we can play around with them and decide which level of security we feel is appropriate.
Next, we just need to photograph the front and back of the card. ZOLOZ uses the flash for this, which helps to detect the glossy coating real ID cards and passports have (printouts on standard printer paper won't have this sheen):
The next step is, of course, to scan your face:
This requires opening the front camera, centering your face in the frame, and blinking a few times (don't worry there's a clearer, non-blurred video later on in this post!):
In the screenshot above, "Verification Result: Success" tells us that the ID is valid and the user's photo is a match! Great!
The process is very similar on Android, so I'll skip a few steps and go straight to the ID and face scans:
My name, sex, and nationality are not secrets, so I haven't bothered to blur them out here!
Next, I scan my face:
As before, the checks all pass. We're good to go!
My environment looks a little different in the photo above, because I had to re-run the process: the Android screen recording failed, and the phone wouldn't allow screenshots with the ZOLOZ app open. Whoops!
Let's try to go through the verification process with a fake ID. We will use a sample ID published by the local government in Hong Kong:
After a little bit of printing and scissor work, I ended up with this (admittedly not very convincing) fake ID:
Not surprisingly, matching against my face fails! We'll see more details about the failure in the next section, when I show things from the administrator's perspective.
After logging into the ZOLOZ console, we can see a list of all verification attempts:
Here are the results from the successful iOS Real ID verification process, using a Chinese ID:
We can see the results of our test with Android also:
And also the results for our failed attempt:
Note that from the admin console, we can actually see that there are multiple reasons for the failure. ZOLOZ was able to detect both issues: that the ID was fake and that my face did not match the ID:
So that's it! In this week's blog, we have:
This scratches the surface of what's achievable with ZOLOZ: the SDK is very powerful. Key features include:
ZOLOZ also does in-house R&D, meaning ZOLOZ can support regulatory requirements around "explainable AI". This is an important capability! Many countries now expect AI based decision systems to be able to provide the reasoning behind a decision. This type of transparency is critical to avoid biased AI, a growing threat that many governments are starting to regulate around.
Today we focused mostly on ZOLOZ's existing demo applications, but the real power of ZOLOZ is in its SDK.
Using the ZOLOZ SDK, you can integrate eKYC in your own iOS and Android apps. Here are some handy resources for developers interested in trying things out for themselves:
Great! Reach out to me at
email@example.com and I'll do my best to answer in a future Friday Q&A blog.
You can also follow the Alibaba Cloud Academy LinkedIn Page. We'll re-post these blogs there each Friday.
Alibaba Cloud Indonesia - March 28, 2023
Iain Ferguson - April 4, 2022
Alibaba Cloud Community - March 23, 2022
Alibaba Cloud Indonesia - April 3, 2023
JDP - October 8, 2021
Alibaba Cloud Community - April 7, 2023
Alibaba Cloud provides beginners and programmers with online course about cloud computing and big data certification including machine learning, Devops, big data analysis and networking.Learn More
A Digital and Remote Online Solution for eKYCLearn More
A remote, paperless process that can verify users online anytime and anywhereLearn More
A risk management solution that features real-time analysis and accurate identification and is suitable for all business scenarios.Learn More
More Posts by JDP