Products

Electronic signing and identification solutions for all types of organizations.

Electronic Signature

Send out contract in seconds.

Digital Identifying

Remotely verify identities.

Pricing

See and compare various packages and prices.

Integrations

API

Easily integrate Signhost into your own system with our REST API.

Mobile App

Sign and send documents quickly, easily and securely with the Signhost app.

Third-Party Integrations

Find out whether Signhost integrates with the third-party software you currently use.

Documentation

Go to our REST API documentation.

Pricing

Insights

Blog

Read more about digital signatures and e-identification subjects.

FAQ

Find answers to common inquiries about our e-signature and e-identification solutions.

Glossary

Explore key terms related to digital signatures and digital identification.

Company

About us

Signhost is Entrust's cloud signing and identification solution.

Entrust

The global leader in identities, payments, and digital infrastructure.

How to Design a User-friendly Customer Identity Verification Process

Team Signhost

August 9, 2024

Facebook

Copy

A 2022 study found that 31% of internet users in the European Union had been the targets or victims of phishing scams. This involves tricking consumers into parting with sensitive data that the criminals can then use to access their financial information, among other outcomes. In fact, the survey found that EU citizens had lost around €27 billion as a direct result of phishing.

With statistics like this, it is clear to see why legislators are keen to encourage businesses to implement a robust customer identity verification process. In turn, businesses can benefit from a user-friendly online verification workflow that reduces friction in the onboarding or sales process.

This article explains the requirements for businesses in this regard and how you can develop a process that reduces the user experience challenges of some identification procedures.

The growing importance of customer identity verification

The exponential growth of internet shopping shows no signs of slowing down. Digital Market Insights expects 586 million EU citizens to participate in e-commerce by 2027. When you add to this the fact that, increasingly, people are taking out loans and mortgages online and entering into other such transactions and contracts remotely, it is easy to see why keeping users and their data safe is essential.

The EU’s update of the Electronic Identification and Trust Services (eIDAS) Regulation – referred to as eIDAS 2 – encourages interoperability between member states when it comes to accepting electronic identifications across borders. This provides opportunities for businesses, opening up the potential for reaching customers across the bloc. However, these additional remote transactions require establishing secure customer identification principles.

Being able to verify the identity of customers accurately is essential and requires organizations to implement the most intuitive processes they can.

Other identity verification elements of eIDAS 2 that will affect businesses include:

The introduction of a European Digital Identity Wallet (EUDIW)
Additional trust services, such as electronic ledgers and archiving services
Alignment with the General Data Protection Regulation (GDPR) and the European Cybersecurity Act to allow consumers more control over the communication of their data.

Elements of the customer identity verification process

The process of customer identity verification typically runs in this order:

Data collection

The consumer fills in their personal data on a form, which could include their name, address, date of birth, and anything else deemed relevant to the transaction. The business should ensure the form meets GDPR requirements for data security and privacy.

Data validation

This step involves checking the information to ensure it is accurate and complete. Use a solution that references the data with public records, utility bills, Social Security details, credit bureaus, or other trusted online databases. The aim is to spot any errors early on in the process, which could be an indication of fraud, identity theft, or other illegal activity.

Identity verification

Next, the validated data is used to confirm that the customer is who they claim to be. This step involves comparing it against high-assurance sources such as government-issued IDs, passports, and other such documents. It can also use biometric verification such as fingerprint scanning or facial recognition processes.

Risk assessment

An additional element of customer due diligence is often necessary for interactions with regulated services, such as banks and other financial institutions. These Know Your Customer checks (KYC) are required by legislation such as the updated Payments Services Directive (PSD2) and the various Anti Money Laundering Directives (AMLDs).

You should check for any sanctions against prospective customers, whether they appear on any watchlists or in negative press, and if they are deemed to be a politically exposed person (PEP). These can all create additional risks for your business being associated with them, with the potential for their accounts to be used for money laundering or terrorist financing.

Decisioning

Having received, validated, and verified data from the customer, as well as assessing the information for additional risks, you can approve or decline the account or transaction depending on the outcomes. This is often automated, based on your thresholds for acceptable risk within your organization.

Types of customer verification

Here are some of the most popular identity verification and authentication methods:

Type	Explanation
Two-factor authentication (2FA) or multi-factor authentication (MFA)	As well as entering a password to enter an account, the user has to confirm their identity further by providing a piece or pieces of information that only they can possess. The additional information should be: Something you know (passwords, personal information, etc.) Something you have (a smart card, etc.) Something you are (a fingerprint, facial recognition, etc.)
Knowledge-based authentication	This can be used as part of 2FA or MFA. The customer provides a piece of knowledge that they possess and which they entered when they set up the account. This can include their mother’s maiden name, place of birth, first pet’s name or similar, in addition to their password.
Age verification	The customer provides an official document, such as their birth certificate, a passport, driver's license, or ID card to verify their date of birth and age.
Credit bureau-based authentication	Credit agencies hold a range of data on individuals, making it a rich source for conclusively verifying a customer’s identity.
Online document verification	An online platform performs a liveness check scan, comparing a user’s identifying documents against a deep scan of their face. Once this is established to be correct, the app scans the NFC chip in the customer’s document and sends a validation report for your records.
One-time password (OTP)	Another element of 2FA and MFA, the business sends an OTP to the customer’s phone. They input this into the website and it proves that they have possession of that phone and are, therefore, likely to be the owner.

How to design a user-friendly customer verification process

Simplify the user journey

You need to find a balance between a safe and secure process, and one that causes the least friction in the customer journey. Too many document verification procedures can be too labor-intensive or time-consuming, which can lead to abandonment and incomplete transactions.

Reduce the number of steps needed for verification using an intuitive design to guide users through the process. Make the process clear to customers, providing succinct instructions and feedback.

Consider implementing single sign-on (SSO) technology, which creates an authentication token that remembers the verification of customers, allowing them to combine several application login screens and only enter their credentials once.

Provide clear communication

Any additional process a customer must enter into before they can make a purchase is disruptive by its nature. As well as working to reduce the disruption to the bare minimum, provide clear communication to explain exactly why it is necessary. Explain the regulatory requirement as well as the security benefits for the customer. Be transparent about how you will use the data and keep it safe.

This will allow you to build trust with the customer, who will better understand the reasons for the process taking place.

Leverage advanced technologies

Verification platforms can now use advanced processes to really understand who is trying to make a transaction. By requiring fingerprint scans, facial recognition, and voice recognition, you can provide a secure process that is automated, making it safe, efficient, and effective for customers. This also increases trust in your business, as these processes make it much more difficult for bad actors to access their data.

Optimize for mobile

With 90% of EU citizens accessing the internet through mobile devices, in contrast to just 31% of usage from desktop computers, it is essential that your verification process is designed with a mobile-first mindset.

This is where your customers feel most comfortable and represents the method that provides the most convenience. Create a responsive design that adapts to different screen sizes and orientations, including different brands of smartphones and tablets.

Allow for mobile document capture so that customers can present all the information you need using their smartphone camera. Also, ensure it provides real-time feedback on aspects such as image quality to prevent stalling the process and improve the chances of success.

Ensure data privacy and security

When you choose a platform for identity verification, you should be sure that it meets all of the relevant data security requirements. You should maintain compliance with GDPR at all times by ensuring you employ robust encryption and other security measures to protect user data throughout the verification process.

Provide instant verification

When accepting electronic signatures or verifying documents, use a solution set up to perform an identity verification, or strong authentication if the signatory has already been onboarded and verified. This speeds up the process and enables the system to provide an instant response.

The result is a smoother experience for users, reducing the need for them to manage long-term digital certificates. There is no need for in-person verification, but rather it is all part of an intuitive process that achieves the aims of both the organization and the customer.

FAQ

What is eIDAS 2, and how does it impact customer identity verification?

eIDAS 2 is the updated regulation proposed by the European Commission to enhance the existing eIDAS framework. This regulation aims to broaden the scope of digital identity and trust services across the EU, making digital verification processes more unified, secure, and accessible. For businesses, eIDAS 2 means adapting to new standards for digital identification and trust services, ensuring that their verification processes comply with EU-wide requirements for security and interoperability.

How can organizations balance security with user experience in digital verification?

Balancing security with user experience involves implementing robust verification methods that are also quick and non-intrusive. Strategies may include using biometric verification for its security and ease of use, employing risk-based authentication to adjust security levels dynamically based on the context, and optimizing verification processes for mobile devices.

Keeping users informed about why certain data is required and how it will be protected can also help balance security concerns with a positive user experience.

How often should you verify a customer's identity?

Digital identity verification should primarily occur at account opening, before processing high-value or unusual transactions, and in response to any changes in customer information or suspicious activity. Additionally, regulatory compliance may dictate periodic re-verification, such as annually or bi-annually, depending on the industry and the nature of the transactions involved. Balancing the need for security with minimizing customer friction is essential, with the goal of protecting against fraudulent activities while ensuring a positive user experience.

Conclusion

Tying together security with convenience and optimal customer experience is the key to a successful customer identity verification process. Using Entrust Signhost as your digital identification partner gives you access to a simple but powerful verification workflow. Whether you use the web portal or integrate Entrust Signhost into your website, you gain access to a robust system that accepts IDs from more than 249 countries. The simple, three-step process ensures a smooth user experience that complies with all relevant data protection legislation.

Learn more about identity verification.

References and further reading

*Disclaimer: This content does not constitute legal advice. The suitability, enforceability, or admissibility of electronic documents will likely depend on many factors such as the country or state where you operate, the country or state where the electronic document will be distributed, as well as the type of electronic document involved. Appropriate legal counsel should be consulted to analyze any potential legal implications and questions related to the use of electronic documents.