Over 80% of smartphones are now enabled with NFC (Near-Field Communication). As the technology grows in popularity, companies are exploring ways to implement NFC in their customer journeys.
In this article, we’re digging deep into NFC chips, their history, the pros and cons of NFC-based verification and the compliance issues that they raise.
To attract customers, businesses need fast, seamless, and remote onboarding processes. Otherwise, competitors will be able to quickly take advantage.
At the same time, more and more states are opting for chip-based ID documents to enhance security and prevent fraud. And it’s expected that the number of national eIDs, including chip-based IDs, will total 3.6 billion in 2021.
Therefore, there’s a rapidly-growing market for NFC-based ID verification, with many companies opting for this method. The question is, should you follow suit? And, if you do, what’s the best possible approach? Below, we’ll answer these questions.
NFC is a contactless technology that enables objects to communicate at a range of about 5 cm. Usually, one of these objects has an NFC-integrated circuit embedded (also known as a “chip”). The other is capable of reading the NFC chip. This allows communication between objects like payment terminals and payment cards or chip-based ID documents and smartphones.
The NFC chip combines with an antenna to form a self-contained, functional device—an NFC tag. The antenna allows the chip to interact with an NFC reader, such as a smartphone, by generating an electromagnetic field. NFC chips can use this field for the wireless communication of data.
The receiving device is given access to the sent data, as well as instructions on what it should do with it. For example, making a phone call, opening a webpage, storing data or establishing a data connection.
Here’s what an NFC chip looks like
NFC chips come in handy when a few bits of digital information need to be exchanged. The applications of this technology are practically limitless, but some of the main ones are:
NFC chips can engage consumers in various ways. That’s why brands are starting to use them to deliver more personalized and interactive customer experiences. This is also true for the identity verification industry.
This method authenticates customer identities through chip-based identity documents. These documents contain Radio Frequency Identification (RFID) chips that store personal information, such as name, date of birth, address, and sometimes even biometric information. NFC-enabled devices can read RFID data, which makes this sort of verification possible.
NFC-based verification leverages two things everybody has—IDs and smartphones. By tapping an NFC-enabled device against the ID, the RFID data within the NFC chip is extracted and verified (by cross-referencing the information printed on the ID document).
The healthcare, travel, education and finance sectors are among the many sectors that can benefit from NFC-based verification
Here’s our practical advice for building an effective NFC-based solution.
Businesses can integrate a ready-made app (prescribed by regulators or developed by specialized third-parties) to read NFC chips and then use their own software to perform all kinds of verification. At Sumsub, we’ve integrated an NFC reading system into our Mobile SDK.
Businesses need to build a separate verification flow for users that have chip-based IDs and phones capable of reading NFC. The verification flow might look like this:
For other users, businesses need a separate verification flow. This can, for instance, include document screening and face authentication.
NFC-based identity verification provides a range of benefits to consumers and businesses.
However, everything has its drawbacks.
Despite increased security, speed, and convenience, there are some things one should be wary of:
Before you go ahead and opt for NFC identity verification, you should consider these pros and cons. Businesses might need major improvements to introduce it, including, but not limited to, compliance-related updates.
Below, you’ll find a list of the key challenges for client onboarding when using NFC-based verification.
If NFC-based verification is approved by a jurisdiction, then, as a rule, the company using this authentication method must follow local data protection laws. These can be both general data protection laws, as well as special ones aimed at regulating relations in the field of information technology. Here’s an example of the GDPR.
The EU GDPR is technologically neutral, which means that all personal data will be protected regardless of the technology used for their recording or conservation.
Moreover, according to Article 25, “Data protection by design and by default”, the producers of the products, services, and applications, which will process personal data, shall integrate the data protection system into the product or service at an early stage of the design.
In addition, they shall set the settings for maintaining confidentiality by default. That is, the user doesn’t need to take any action to protect their privacy.
No matter which method of data collection you’re using, there’s an identity checking procedure you should follow to stay compliant. Accordingly, there are multiple steps to an effective AML compliance program, including document and PEP checks, face matching, and so on. NFC-based verification is only one of these steps, so it will need to be combined with others to ensure total compliance.
Jurisdictions with additional requirements:
The UK. According to guidance on how to prove and verify someone’s identity with NFC, you can only prove that an identity exists by collecting digital evidence and validating it.
This requires checking the following:
Turkey. The Regulation on Verification Process of the Applicant’s Identity in the Electronic Communications Sector permits NFC-based verification. However, in this case, businesses must conduct a video conference with a customer and confirm their contact information by sending a single-use password or link to the user’s mobile number or e-mail address.
As a rule, reading NFC chip data is only possible with a special app. These apps may be issued by regulators or third-parties.
This isn’t a complete list of applications, jurisdictions and requirements. Overall, compliance challenges are rapidly increasing, and we’ll constantly update them in this article.
The need for high-quality KYC processes is becoming more pressing than ever before. In-person transactions are becoming a thing of the past, and we need advanced solutions to facilitate the move to digital alternatives. This means implementing new technologies, which are emerging day by day.
But, with any new technology, implementation is only half the battle. Businesses also need to be prepared for possible compliance challenges.