EKYC Documentation

Appearance

eKYC Solution

Overview

The eKYC Solution provides an end-to-end framework for digital identity onboarding and verification. It enables organizations to verify an individual’s identity remotely by combining document verification, biometric verification, and liveness detection.

The solution is designed to be embedded into mobile applications, web applications, or onboarding portals. It separates client-side data capture from backend identity processing, allowing integrations to meet regulatory, security, and scalability requirements.

eKYC is typically used as the first step in establishing a trusted digital identity and can operate independently or alongside backend biometric systems such as ABIS.

System Architecture

The eKYC Solution is composed of two primary layers:

  • Client-side SDKs (EkycID) for guided capture of identity documents and biometric data
  • Backend APIs (EkycLens) for identity processing and verification

High-level characteristics of the architecture:

  • Capture occurs on the user’s device
  • Verification and decision-making occur on backend services
  • Components are loosely coupled and can be integrated independently
  • Supports both direct client-to-backend and client–backend–customer-backend models

This architecture enables secure capture, centralized processing, and flexible deployment across industries and regulatory environments.

Core Concepts

Identity Lifecycle

The identity lifecycle describes how an individual’s identity progresses through the system.

Typical stages include:

  1. Capture – Identity documents and biometric data are collected
  2. Verification – Data is processed and validated
  3. Decision – Identity is approved, rejected, or sent for review
  4. Maintenance – Identity may be re-verified or updated over time

eKYC Solution focuses primarily on the capture and verification stages, while downstream systems manage account creation, permissions, or long-term identity storage.

Document Verification

Document verification ensures that a submitted identity document is valid, readable, and consistent.

This process typically includes:

  1. Detecting supported identity documents
  2. Extracting text and data fields using OCR
  3. Validating document structure and content
  4. Preparing extracted data for downstream checks

Document verification is used to establish the claimed identity of the user and serves as the foundation for subsequent biometric checks.

Biometric Verification

Biometric verification confirms that the person presenting the identity document is the rightful owner of that document.

In eKYC Solution, this is commonly performed by:

  1. Capturing a live facial image or video
  2. Comparing it against the portrait photo from the identity document
  3. Producing a similarity or match result

This process is 1:1 verification and does not involve searching across large biometric databases.

Liveness Detection

Liveness detection ensures that biometric data is captured from a real, present human rather than from a photo, video, or other spoofing method.

The eKYC Solution uses prompt-based liveness, where the user is asked to perform specific actions such as:

  • Looking left or right
  • Blinking

Liveness detection acts as a safeguard against replay and presentation attacks and is evaluated before or alongside biometric verification.

Components

EkycID (Client SDKs)

EkycID provides client-side SDKs for mobile and web platforms.

Its responsibilities include:

  1. Guiding users through document scanning
  2. Capturing facial images and liveness videos
  3. Providing real-time feedback during capture
  4. Rendering customizable UI components

EkycID runs entirely on the client device and does not perform identity matching or decision-making.

EkycLens (Backend APIs)

EkycLens provides backend services that process and verify captured identity data.

Its responsibilities include:

  • OCR and data extraction from identity documents
  • Face comparison between document photos and live captures
  • Video-based liveness analysis
  • Returning structured verification results

EkycLens acts as the verification engine of the EKYC Solution and is typically integrated into backend systems.

Integration Flow

Standard Onboarding Flow

The standard onboarding flow is used for fully automated identity verification.

Typical steps:

  1. User captures identity document via the client SDK
  2. User completes biometric capture and liveness checks
  3. Captured data is sent to backend verification services
  4. Verification results are returned
  5. System automatically approves or rejects the identity

This flow is commonly used for low- to medium-risk onboarding scenarios.

Manual Review Flow

The manual review flow is used when automated verification alone is insufficient.

Typical triggers include:

  • Low confidence scores
  • Inconsistent document data
  • Failed or borderline biometric checks

Flow overview:

  1. Automated verification is performed
  2. Identity is flagged for review
  3. Human reviewers inspect documents and verification results
  4. Final approval or rejection is issued

This approach balances automation with regulatory or risk-based oversight.

Released under the MIT License.

Copyright © 2019-present Evan You