Over 80% of smartphones are now enabled with NFC (near-field communication). As the technology grows in popularity, more companies are exploring ways to implement NFC in their customer journeys. Right now, the emphasis is on remote identity verification and customer onboarding.
As NFC takes on a larger role in our daily activities, it’s especially important to understand the pros and cons of NFC-based verification. In this article we dig deep into NFC chips, their history, the new opportunities they’ve created for the identity verification industry, and the compliance issues they raise.
Why should you read this?
Today’s customers are more demanding than ever before. Fast, seamless, and remote onboarding is a must-have for any business today. Otherwise, competitors will quickly stake an advantage.
At the same time, more and more states are opting for chip-based ID documents to enhance security and prevent fraud. And it’s expected that chip-based national IDs will total 3.6 billion in 2021.
Clearly, there’s a rapidly-growing market for NFC-based ID verification, with many companies opting for this method. The question is, should you follow suit? And, if you do, what’s the best possible approach? Below, we’ll help you answer these questions.
- What are NFC chips and how do they work?
- What NFC chips are used for
- NFC chips and identity verification
- Compliance challenges
- The optimal KYC process
- AI as an alternative to NFC-based verification
What are NFC chips and how do they work?
NFC or “near-field communication” is a contactless technology that enables objects to communicate at a range of about 5cm. Usually, one of these objects is an item that has an NFC-integrated circuit (also known as a “chip”) embedded, while the other is capable of reading the NFC chip. This allows communication between objects like payment readers and payment cards, for instance.
The receiving device is given access to the sent data, as well as instructions on what it should do with this data. This could be to make a phone call, open a webpage, store data or establish a data connection.
What NFC chips are used for
NFC chips come in handy when a few bits of digital information need to be exchanged. The applications of this sort of technologically are practically limitless, but some of the main ones are:
- Connecting wireless components to a desktop or mobile device;
- Accessing digital content by using an NFC-reading device—like a smartphone—to read a “smart” poster;
- Making contactless transactions, including those for payment and ticketing.
NFC chips can engage consumers in various ways, thus brands are starting to use them to deliver more personalized and interactive customer experiences. This is especially true for the identity verification industry.
NFC chips and identity verification
What is NFC-based verification?
This method authenticates customer identities through modern, chip-based identity documents. These documents contain Radio Frequency Identification (RFID) chips that store personal information, such as name, date of birth, address and sometimes even biometric information. NFC-enabled devices can read RFID data, which makes this sort of verification possible.
NFC-based verification leverages two things everybody has—IDs and smartphones. By tapping an NFC-enabled device against the ID, the RFID data within its NFC chip is extracted and verified (by cross-matching against the information printed on the ID document).
NFC-based identity verification provides a range of benefits to consumers and businesses.
- It’s simple: NFC interactions require no more than tapping two devices together, providing a simple and intuitive user experience. Today, NFC is available as standard functionality in many mobile phones. So the same NFC chip that allows for mobile payment also empowers mobile identity verification.
- It prevents fraud: NFC can detect forged documents and fraudsters in real-time. The chances of onboarding fraudsters diminish, making it easier for companies to comply with regulations.
- It’s secure: Data can be read directly from an ePassport chip. Since this chip cannot be tampered with, businesses can securely onboard legitimate customers by validating all the data within it.
- It’s fast: NFC speed up transactions and the customer validation process, boosting efficiency and customer acquisition rates.
However, everything has its drawbacks.
Despite increased security, speed, and convenience, there are some things to be wary of.
- It’s pricey: Like any advances in technology, there are costs attributed to development and implementation. Due to high costs, the introduction of NFC chips is likely to be limited to wealthier jurisdictions.
- It’s unfamiliar: NFC-based verification is still a relatively new technology. Many people don’t know what the technology is, and wouldn’t understand if it’s secure enough to use.
- Sometimes, it actually isn’t so secure: It’s important to note that mobile phones are vulnerable to hacking. As more and more people become reliant on their mobile phones, these devices have transformed into handheld computers. And just like computers, they are susceptible to viruses and hackers.
- No demand from customers: Since we’re still in the early stages of adoption, customers may not be able to justify the implementation costs and ongoing expenses, as is this case with Sumsub. Sometimes it’s better to free up some resources and allow your business to focus on tasks more in line with customer needs.
Before you go ahead and opt for NFC identity verification, you should consider these pros and cons. Your business might need major improvements to introduce it, including, but not limited to, compliance-related updates.
Below, you’ll find a list of key challenges for client onboarding via NFC-based verification:
If NFC-based verification is approved by a jurisdiction, then, as a rule, the company using this authentication method must follow local data protection laws. These can be both general data protection laws, as well as special ones aimed at regulating relations in the field of information technology.
- The EU GDPR is technologically neutral, which means that all personal data will be protected regardless of the technology used for their recording or conservation. Moreover, according to Article 25, “Data protection by design and by default”, the producers of the products, services, and applications, which will process personal data, shall integrate the data protection system into the product or service at an early stage of the design. In addition, they shall set the settings for maintaining confidentiality by default. That is, the user does not need to take any action to protect their privacy.
- The Turkish Regulation on Verification Process of the Applicant’s Identity in the Electronic Communications Sector directly indicates the need to comply with the Law on the Protection of Personal Data numbered 6698 (“Law No. 6698”), particularly in the case of obtaining applicants’ explicit consent before verification. The regulation comes into force on December 31, 2021.
No matter which method of data collection you’re using, there’s an identity checking procedure you should follow to stay in compliance. Accordingly, there are multiple steps to an effective KYC compliance program, including document and PEP checks, face matching, and so on. NFC-based verification is only one of these steps, so it will need to be combined with others to ensure full compliance.
Jurisdictions with additional requirements:
According to the Guidance on how to prove and verify someone’s identity with NFC, you can only prove that an identity exists by collecting digital evidence and validating it.
This requires checking the following:
- that the claimed identity has existed over time, has not been canceled, expired, reported lost or stolen;
- that the identity belongs to the person who’s claiming it;
- whether the claimed identity is at high risk of identity fraud.
The Regulation on Verification Process of the Applicant’s Identity in the Electronic Communications Sector permits NFC-based verification. However, in this case, the following is also mandated:
- a video conference;
- confirmation of contact information by sending a single-use password or link to the user’s mobile number or e-mail address.
Special app usage
As a rule, reading NFC chip data is only possible with a special app. These apps may be issued by regulators or third-parties.
- The Swiss Financial Market Supervisory Authority FINMA amended Circular 2016/7 requires a special mobile app for reading chip data.
- The German government AusweisApp2 enables consumers to use public services, open a customer account, or submit a funding application, as well as securely identify themselves to an online service provider.
- The French Alicem smartphone app is designed to securely authenticate citizens using NFC passport readings to any of the 500-plus services available via FranceConnect, a government-backed online services gateway used by government agencies and private-sector companies.
This is not a complete list of applications, jurisdictions and requirements. Overall, compliance challenges are rapidly increasing, and we will constantly update them in this article.
The optimal KYC process
Here’s our practical advice on building an effective NFC-based solution:
NFC chips digitally verify the validity of document data without the risk of any optical character recognition or typing mistakes—an important first step.
You can, for instance, integrate a ready-made app (prescribed by regulators or developed by specialized third-parties) to read the chip, and then use your own software to perform all kinds of verification. This should be done in a safe environment to keep user data safe and secure.
Verify that the document belongs to the person presenting it and not someone else. To do this, you’ll need to perform face-matching.
The software used for this task should be strict enough to have almost no false positives, but sophisticated enough to deal with beards, signs of aging, and differing lighting conditions. You may work with Sumsub as a partner. We do both liveness detection and face matching.
AI as an alternative to NFC-based verification
AI-driven KYC solutions with advanced liveness can reduce verification time down to seconds.
Together with liveness detection—which provides smooth biometric checks by comparing a person’s facial movements to photos on their submitted ID—AI-driven KYC solutions have proven to stand up against the most advanced fraud vectors, while maintaining a reliable, high-conversion verification flow.
Artificial intelligence (AI) automates data collection and eases the analysis stages, boosting time-efficiency and cost-effectiveness. This is instrumental in reducing human error in the fight against fraud and terrorist financing.
Sumsub is always here to provide you with such a solution. Reach out to give us a try.
The need for high-quality KYC processes is more pressing than ever before. In-person transactions are becoming a thing of the past, and we need advanced solutions to facilitate the move to digital alternatives. This means implementing new technologies, which are emerging day by day.
But, with any new technology, implementation is only half the battle. The more difficult task is deciding exactly when to implement it. And while there are certainly positive outcomes in being ahead of the curve, there are also inherent risks for early adopters, especially during the experimentation phase.
NFC-based verification is relatively new and accordingly presents a risk for first-movers. Therefore, as a minimum, companies that decide to implement it should always be mindful and prepared for possible compliance challenges.
So, to stay fully compliant with all the current regulations, we recommend that you still use proven solutions, while continuing to monitor the latest trends in identity verification technology.