eKYC (electronic Know Your Customer) with video verification and liveness detection represents the advanced tier of identity verification β combining real-time video analysis, AI liveness checks, and biometric face matching to enable fully remote identity verification that satisfies the most demanding regulatory standards. The EU's eIDAS 2.0 regulation, UK FCA remote verification guidance, and FATF Recommendation 10 all explicitly permit AI-assisted video KYC with appropriate controls. For financial institutions, regulated platforms, and enterprises onboarding high-risk customers, video KYC provides regulatory-grade identity assurance without physical presence requirements. This guide covers the technical architecture, regulatory requirements, and implementation approach.
Video KYC Process Flow
Video KYC Session Architecture
A complete video KYC session has five stages: (1) Identity document capture β customer films both sides of their ID document; AI verifies authenticity, extracts MRZ/VIZ data, and confirms security features; (2) Liveness verification β AI passive or active liveness check confirms a live person (not a photo or video replay); (3) Face matching β real-time face comparison between live video frame and document photo; (4) Agent review (for high-risk or borderline cases) β human agent reviews the session recording, AI decision evidence, and approves or escalates; (5) Audit trail generation β session recording, AI decision log, timestamps, and extracted data stored for regulatory retention.
Liveness Detection Methods
| Method | How It Works | Deepfake Resistance | User Experience |
|---|---|---|---|
| Active liveness (prompts) | User performs requested actions (blink, turn head, smile) | Medium β defeated by sophisticated video injection | Interactive β adds 15β30 seconds |
| Passive liveness (microexpression) | AI analyses involuntary facial microexpressions in natural video | High β harder to fake than prompted actions | Transparent β no user action required |
| Injection attack detection | Detects virtual camera, emulated device, video replay API injection | Highest β addresses the attack vector most active/passive miss | Transparent to legitimate users |
| 3D depth map (hardware) | Uses structured light or ToF sensor for 3D face map | Highest hardware-based β cannot be defeated with 2D deepfake | Requires compatible device (iPhone Face ID sensor) |
ISO 30107-3
The ISO standard for biometric presentation attack detection that all production-grade liveness detection should comply with β requires testing against paper/digital photo attacks, video replay, and 3D masks. Specify ISO 30107-3 compliance when evaluating KYC vendors
99.7%
Face match accuracy for leading biometric vendors (iProov, Jumio Biometric Vision) on document-to-selfie comparison β at a false acceptance rate of 0.1%, meaning 1 in 1,000 impostor attempts is incorrectly verified
Injection attacks
The primary 2026 fraud vector for video KYC β attackers inject pre-recorded deepfake video through virtual camera APIs, bypassing traditional liveness checks. Vendors like iProov and Veriff have specific injection attack detection capabilities required for regulated financial services deployment
Regulated Financial Services (High-Assurance)
For banks, payment institutions, and high-risk customer onboarding under EU AMLD5/6 and UK FCA: require ISO 30107-3 certified liveness, injection attack detection, and human agent review capability for all CONSIDER decisions. Vendors: iProov (highest liveness certification), Jumio Biometric Vision, Onfido Motion. Session recording retention: 5 years minimum (EU AML). Integrate with your AML transaction monitoring system via webhook: KYC pass β customer risk profile created β monitor ongoing transactions. Our API integration team connects KYC to AML workflows.
eIDAS 2.0 Wallet Integration
EU Digital Identity Wallet (EUDI) users can present ZK credentials from their wallet for eKYC β proving identity attributes without submitting document images. Wallet-based verification: customer presents EUDI wallet credential β your system queries the credential's issuer verification endpoint β receives cryptographic proof of attribute validity. This eliminates document capture and liveness check for EUDI wallet users β reducing friction while maintaining regulatory-grade assurance. Implement the OpenID4VC (OpenID for Verifiable Credentials) protocol to accept EUDI wallet presentations from 2026.
Asynchronous vs Synchronous Video KYC
Two deployment models: Synchronous (live video call with agent) β highest assurance, highest cost, slowest throughput. Used for: high-value accounts, VIP onboarding, complex AML risk cases. Asynchronous (recorded session reviewed by AI + agent) β faster (customer records session at their convenience), lower cost, scalable. Used for: standard account opening, consumer onboarding at scale. Most enterprise deployments use asynchronous for the majority of customers, with synchronous reserved for escalated cases or high-risk profiles. AI processes async sessions first; agents review AI-flagged exceptions.
Integration Architecture
Mobile SDK β KYC session (document + liveness + face match) β vendor decision API β your onboarding system webhook. Key integration points: (1) Session initiation: POST to vendor API with customer ID and risk tier β receive session URL for mobile SDK redirect; (2) Webhook: KYC result (PASS/CONSIDER/REJECT) + confidence scores + extracted data β POST to your onboarding service; (3) Audit API: retrieve session recording and decision evidence on request for compliance review. Build with vendor SDKs (Jumio, iProov, Onfido all provide well-documented APIs) rather than building video capture infrastructure in-house.
eKYC Video Verification Implementation
Our API integration, ML development, and software development teams implement video KYC solutions for financial institutions and regulated platforms. Book a free advisory session.