post

Footer About

Footer Contribute

Footer Get Involved

Footer Links

Mind the Product

Guest Post

How to build a companion product and win user trust

mission statement

Deep dive: Crafting your product vision and mission

B2B product management

Artificial Intelligence (AI) & Machine Learning (ML)

Building Product Teams

Business Strategy

Data Driven Product Management

Digital Transformation

Diversity and Inclusion

Minimum Viable Product

OKRs

Prioritisation

Product Design

Product Research

Product Development Process

Product Ethics

Product Discovery

Product Leadership

Product Management Career

Product Strategy

Stakeholder Management

🌎 <a href="https://www.mindtheproduct.com/world-product-day/" style="color:#FFFFFF;text-decoration:underline;">Happy World Product Day!</a> Be sure to celebrate product, yourself, and your peers today! 🎉

Join us at #mtpcon London in 2025 – mark your calendars

Connecting fans to creators at Spotify (Dariusz Dziuk, Product Lead, Spotify)

Why teams often struggle with OKRs: A conversation with Jeff Gothelf

5 ways to invent and simplify as an AI/ML product manager

Quentin, a seasoned product professional, leads with innovation in the ever-evolving tech landscape. With a foundation in business from Solvay Business School and a background as a management consultant at Accenture Strategy, he brings a wealth of strategic prowess to his role as Head of Product. Combining his strategic insights with a knack for user-centric design, he has led transformative products developments that have allowed young companies to scale up and industrialize.

Head of Product

Quentin Denis

<p>When you operate a marketplace business, you know the challenge: how to make sure that the right person is carrying out the gig? Far too often, you will face the situation where somebody else is acting and you start being confronted with quality and compliance issues, in the worst case, even fraud. At Shippr, a marketplace for B2B same-day deliveries, we are working with a fleet of independent couriers who have quickly developed the habit of sharing user accounts in the courier app. The solution to this challenge comes down to firstly verifying the identity of the person at registration, and, secondly regularly re-verifying the identity on the job. In technical terms, it means performing a know-your-customer (KYC) check at enrollment and prompting a biometric (or face) authentication before starting the job process.</p>
<p>Clearly, the deployment of such tools is generally not your core competency, and you would turn to third parties who specialize in this identity verification business. Surprisingly, the market is very saturated with numerous players focussing on either identity verification at registration (e.g. Dotfile), or biometric authentication (e.g. Keyless), and others covering both for a complete process (e.g. Sumsub or Onfido). While the integration of a solution provider is somewhat costly and somewhat locking in the (end)customer, often the commercial agreements add additional constraints by requiring long-term contracts and volume discounts, making it more difficult to change your mind along the way.</p>
<p>While the most common approach of vendor selection comes down to breaking down comparison points on price, technology and functionalities, it is a lot less straightforward than one could expect when it comes to KYC providers. Our experience has told us that each of these categories requires in-depth analysis.</p>
<p>Because the process of selecting the right vendor is, as it turns out, a tedious process, it is crucial to be prepared to ask the right questions during the introductory and demo calls so that you quickly disqualify the irrelevant vendors and focus as soon as possible on a short list.</p>
<h2>The cost and pricing model</h2>
<p>It is striking how expensive the list prices are, especially for a market full of competition. Typical <a href="https://www.mindtheproduct.com/nichole-mace-products-pricing-and-pitfalls/" target="_blank" rel="noopener">pricing models</a> include a price per transaction, a minimum commitment per year and upfront payment, with sometimes extra costs for additional features or support. The biggest lesson is that all prices are highly negotiable, by a lot! This is the reason why non-disclosure agreements are signed with most vendors. In hindsight, given that enormous room for negotiation, you should not disqualify any vendor because of its expensive list prices, not even the most expensive one! Typically, you can expect a KYC transaction cost of no more than one euro and a biometric authentication transaction cost of a dozen euro cents.</p>
<p>Some providers, such as Onfido, have a pricing model in which they price per user, making it worthwhile to evaluate in a business case when the number of transactions per user is fluctuating, uncertain or simply very big.</p>
<p>The scope of your verification can greatly affect your cost. While in our case, we had to balance the unit cost for a document ID verification and re-verification transactions, you might require more verifications such as a proof of address check, an AML screening check or a check with 3rd party databases such as credit agencies or governmental authorities.</p>
<h2>The technical aspects</h2>
<p>This is where the engineers need to be involved in the assessment, especially by reading the document and developing <span style="font-weight: bold;">proofs-of-concepts</span>. The latter is very important for the shortlisted solutions because we have encountered plenty of challenges at technical level and a working prototype also allows you to appreciate the functional aspects and run real test cases with ID documents and faces.</p>
<p>Depending on your product, it can make great sense to consider only solutions with a software-development-kit (<span style="font-weight: bold;">SDK)</span> for your platform. They will allow you to get started with all the, amongst others, UX/UI features off-the-shelves and the complete workflow readily coded. In our case, a React Native SDK for our mobile app was a strict requirement which disqualified quite some vendors. Integrating other SDKs, such as app native ones with a bridge, require a lot more development and maintenance efforts and WebSDKs would have disrupted the user experience in our app. A well-functioning and documented SDK can drastically speed up the integration. Such was the case with Persona and Veriff for their clean SDK which comprised both flows, the KYC enrolment one and the biometric authentication one.</p>
<p><span style="font-weight: bold;">On-device and on-server</span> solutions. While the KYC usually involves a number of verifications and sometimes connection with third parties which are better handled on-server, some biometric solutions can be performed on-device, such as Keyless. This choice is very much architectural and can be a disqualifying criterion or not. If GDPR concerns you, most on-cloud solutions have proper data-redaction functionalities and data-centers also in Europe. Always make sure to also sign the <a href="https://www.mindtheproduct.com/storytelling-and-driving-accountability-with-data/" target="_blank" rel="noopener">data</a> processing agreements to have you covered because you have little means to verify the actual location of where your data is stored.</p>
<p><span style="font-weight: bold;">API and webhooks</span> are part of the considerations for integration. They will allow you to run logic in your own product based on the KYC process responses, retrieve information from the verification (such as the status, the check details or the pictures) or even to trigger actions on the KYC platform. Most serious vendors have, luckily, everything needed. Beware that certain features may be payable or that some details are missing (on purpose?) to force the use of upsold features. Such is the case with the web workflows at Persona which are the only way to trigger manual review processes.</p>
<h2>The functionalities and user experience</h2>
<p>The core functionality of these solutions is simple: perform identity verification and potentially re-verifications. However, testing the actual <span style="font-weight: bold;">accuracy of verification</span> is crucial because, astonishingly, several providers, such as Shufti Pro and Sumsub, have returned both false positive and false negative results. It is often not public information which technologies are used behind the scenes but we have clearly observed a variety of results. I do therefore recommend using the demo accounts and a proof of concept to perform real tests with colleagues, fools, and family! These tests should include person tests, in particular same-person and different-person tests at the different process steps, i.e. ID document against selfie at enrollment and biometric authentication (see below table). Amongst the rock solid providers, GBG has shown not a single false result.</p>
<p>Note that it is worth checking with the vendor which face the picture is taken as <span style="font-weight: bold;">reference picture</span> for reverification checks: it can be either a) the document picture provided during the enrollment (e.g. Onfido), b) the picture originally taken during enrollment (e.g. Veriff) or c) the latest selfie picture taken with the previous reverification (e.g. Persona, ComplyCube). Should your reference document be an old driving license, it might be more difficult to do the face reverifications against that reference.</p>
<table>
<thead>
<tr>
<td>Enrollment document</td>
<td>Enrollment face</td>
<td>Reverification face</td>
<td>Expected outcome</td>
<td>Comment</td>
</tr>
</thead>
<tbody>
<tr>
<td>Person A</td>
<td>Person A</td>
<td></td>
<td>Success</td>
<td>False negatives can happen</td>
</tr>
<tr>
<td>Person A</td>
<td>Person B</td>
<td></td>
<td>Fail</td>
<td>False positives can happen</td>
</tr>
<tr>
<td>Person A</td>
<td>Person A</td>
<td>Person A</td>
<td>Success</td>
<td>Usually works well</td>
</tr>
<tr>
<td>Person A</td>
<td>Person A</td>
<td>Person B</td>
<td>Fail</td>
<td>Usually works well</td>
</tr>
<tr>
<td>Person A</td>
<td>Picture of person A</td>
<td></td>
<td>Fail</td>
<td>The liveness check can fail</td>
</tr>
</tbody>
</table>
<p>A KYC or biometric authentication process must be <span style="font-weight: bold;">user-centric</span> and foolproof. A neat user interface for the best possible user experience will pay off at the deployment. Noteworthy features are: assistance with document and face framing, object recognition and autocapture, fast liveness capture, and customizable screens (text and design). If frequent re-verification is a use case, make sure to assess the loading speed of the different steps in the SDK.</p>
<p>The degree of <span style="font-weight: bold;">customization</span> can, in many cases, be interesting to best fit into your product. The most basic customization concerns the branding and styling to match the look and feel of your app, as well as modifying text to be as specific and relevant as possible. However, most solutions take this into account and lack of basic customization is rarely a deal breaker. For multilingual businesses, bear in mind that the vendors have different approaches to localisation, ranging from automatic (device) language detection in the SDK (e.g. Persona) to a fully controlled language locale passed as parameter to the instance (e.g. Veriff) or even the translations passed on the fly (e.g. ComplyCube). In our case, we even ended up with the original multilingual copy. More advanced customization could allow the flow to be changed and configured with extra rules. Here again, the <a href="https://www.mindtheproduct.com/7-habits-of-highly-effective-product-ops/" target="_blank" rel="noopener">job-to-be-done</a> is usually the same across the different solutions and few to no flow adaptation is usually needed (or justifying additional expenses).</p>
<p>It is more than useful to follow the verifications in a user-friendly <span style="font-weight: bold;">online dashboard</span>. Many vendors offer dashboards which either have a transaction-based information display (e.g. Veriff) or a person-based one (e.g. Persona, ComplyCube). While it is very useful to have a detailed dashboard to follow up on the first verifications yourself, the set of required features is rather a question of what the future operator will need to do in their daily work. For instance, automatic workflows can both simplify the lives of the operators and save a lot of in-house development work, and GPS location information can complement some deeper analysis without having to build location tracking into your product. It will not just be useful, but also fun to see how account-sharing people are at two different places while trying to get past the KYC enrolment… until the re-verification comes!</p>
<p>Bottomline, in your sales discussions, first ask for a demonstration (to assess the overall solution, both of the app and the dashboard), then request a sandbox to create a POC and perform real verifications (it might require the vendor to activate some production environment credits/quotas) and finally negotiate the price big time!</p>
<p><span style="font-style: italic;">Note: All things considered, we have shortlisted 3 vendor solutions which met our selection criteria: Veriff, Persona and ComplyCube. Should your criteria vary from ours, a wide range of other vendors could be considered. Our non-exhaustive long list of vendors was the result of many web searches or recommendations from my network and included the following: (…)</span></p>
<p>&nbsp;</p>

How to see through the ‘know your customer’ jungle

Quentin Denis

Read more

Comments