Resources › Identity and regulation
Identity and regulation

KYC and digital onboarding: identity verification methods

Guide · 3 min read

Onboarding a customer remotely is now the norm. The hard part isn't collecting their data, it's verifying they really are who they say they are. That's KYC. We cover what regulation requires and which methods exist to verify identity during digital onboarding, along with their pros and cons.

What KYC is and why it's mandatory

KYC ("Know Your Customer") is the set of processes for identifying and verifying a customer before and during the relationship. For banking, fintech, insurance, gaming or investment, it isn't optional: anti-money-laundering regulation (in Spain, Law 10/2010 and its implementing rules; at EU level, the AML package) requires reliable identification and retention of due-diligence documentation.

Methods for verifying identity remotely

Not all methods offer the same level of assurance or the same friction:

The regulatory and technical trend points the same way: less trust in the photo, more verification at the source (document chip, bank data) and liveness detection to close the deepfake flank.

How to choose

The choice depends on your case: risk level, customer type and applicable regulation. Many businesses combine methods — for example, NFC ID card reading plus biometrics for sign-up, and verified bank data when they also need to confirm account ownership or ability to pay. The key is to rely on data verified at the source and keep an auditable record of due diligence.

Identity verification ready for your onboarding

YOiD covers the range: NFC ID card reading with optional biometrics (ID Verify) and bank data verified at the source (Bank Data), to build a reliable, compliant onboarding flow.

See ID Verify (NFC) →

Frequently asked questions

Are KYC and AML the same thing?

They're related. AML (anti-money-laundering) is the regulatory goal; KYC is the set of identification and due-diligence processes that help meet it.

Is a photo of the ID card enough?

Less and less. A photo is data supplied by the user and easy to manipulate. Verifying the document at the source (NFC) and adding liveness detection provides far stronger assurance against fraud.

What does NFC reading of an ID card add?

It lets you verify information directly from the document's chip, with greater assurance than an image supplied by the user.

Do I have to keep proof of the verification?

Yes. Due-diligence regulation requires retaining documentation evidencing the identification for the legally established period.

Keep reading

What the ENISA remote identity verification guide says → EUDI Wallet: what the European digital identity wallet is →

Sources: Law 10/2010 on the prevention of money laundering and European AML regulation (SEPBLAC); ENISA "Remote ID Proofing — Good Practices" report (2024). Informational content, not legal advice.