Insights Into Austria’s Biometric KYC Onboarding [2022 Updates]

Biometric authentication is considered a convenient approach for onboarding online customers that is completed entirely or partially by automated electronic procedures without the intervention of a human. This means that, unlike video identification, a natural person will no longer be required to be present during the onboarding process. Businesses can expect that the new biometric identification technology will make operations smooth, easier and faster. In comparison to conventional remote identification processes, it should also help save money. 

The use of biometric KYC procedures is contingent on a number of factors, including the use of cutting-edge, constantly updated biometric techniques, proper security measures, thorough documentation of customer information and maintaining records of the verification results. In compliance with Austria’s current data protection regulations, businesses need to implement the biometric verification procedure.

Overview of Biometric KYC Onboarding in Austria

Biometric technology has been permitted for online client onboarding in Austria since 2021. Let’s take a look at what this means for businesses operating in Austria. Despite being located in one of Europe’s most crucial financial centers, Austrian businesses took a long time to onboard consumers manually. This was a concern because traditional Know Your Customer (KYC) methods were time-consuming, error-prone, and necessitated a significant investment of both financial and human resources.

The Austrian Financial Market Authority (FMA) made video-based identification for onboarding new clients mandatory for financial as well other businesses on January 3rd, 2017, as it was the country’s first move toward digitization. This assisted financial institutions particularly banks to onboard clients remotely by authenticating their identities through video chat.

However, the Austrian Financial Market Authority (FMA) has also issued an amendment to the Austrian Online Identification Regulation (“Online-Identifikationsverordnung“) in November 2021, allowing fully automated biometric procedures for identity verification under the Austrian Anti-Money Laundering Act (Finanzmarkt-Geldwäschegesetz). This means that banks, financial institutions, and other companies subject to AML legislation can now use biometric identity verification in addition to other methods of identification.

New Changes In Austria’s Digital Onboarding Requirements 

In the context of the amendments, the FMA’s legal provision on Online Identification Regulation describes the following terms:

• Document Authentication: an official photo identification document with optical security measures at least as good as holographic elements.
• Capturing Image: Electronic data processing generates and stores a graphical representation. As a visual component of the online identification procedure, it reproduces the content displayed on the screen. For verification and documentation purposes, the quality of the screenshot adheres to the applicable criteria. There is no need to store screenshots if a consumer delivers electronically-signed photo identity documents for verification.
• Third-Party Verification Vendor: a  legal person, public authority, agency, or other body that processes personal data on the behalf of financial service providers.
• Automated identification processes: Automatic online identification techniques that do not require the input of a team member totally or partially.

Updated Requirements for Biometric Authentication in Austria 

Customers need to be onboarded by financial service providers via operator-assisted video identification. Financial service providers can now integrate fully automated biometric verification solutions for online identity verification without requiring the need of human involvement.

The biometric identification method, according to the modifications, includes a presence check, a multi-step customer verification process that includes a liveness check, collecting government-issued identity documents embedded with NFC chip data instead of taking pictures and agreement to biometric data processing. Furthermore, the procedure must be technologically advanced and adhere to the same security standards as “in-person” identification.

Presence Check

1. To verify whether the customer is present at the time of the onboarding process, clients are required to place their faces in front of the camera for authentication. However, biometric solutions embedded with lioness detection features are best at filtering out bad actors at this stage.
2. In case, the customer is flagged as a potential client, in addition to liveness detection, the serial number of identity documents and the string of characters that are provided by the banks is to be provided to the firm.
3. The compliance officer then records a video of the whole biometric authentication procedure as per FMA requirements for presence checks.

NFC-based ID Verification

Only NFC-based identity documents issued by the government can be used for biometric verification. Instead of images of the ID, data from such ID documents are to be retrieved using NFC readers. In addition to the data recording, the FMA still recommends storing electronic copies of the front and back of IDs.

In addition to this, from January 1st, 2023, all financial firms operating in Austria are required to validate the electronic signature’s legitimacy as well as the data’s integrity from NFC-based documents. 

Client Сonsent 

Under Article 9 (2) a) of the EU GDPR, if financial institutions need to use customers’ biometric information to fulfill KYC verification procedures, they must get consent from the customers and seek their agreement to the use of biometric data legally.

Ways Financial Institutions Can Stay Compliant 

For businesses, there are a few crucial points to keep in mind in order to stay put with Austria’s biometric identification requirements. Financial service providers are obliged to perform the following to onboard consumers online using biometrics in accordance with the FMA’s online identification regulation:

• Implementing Rigid Security Measures: Banks and other financial service providers including cryptocurrency exchanges need to take effective steps to ensure the integrity and security of verification measures stay preserved, including ongoing monitoring of customers’ activities on a regular basis. This will help them to detect and deter any kind of suspicious activity. 
• Liveness Detection: This process will permit businesses to determine if the customers are present during the onboarding procedure or not. To stay put with the requirement, banks must record a video of the presence check process.
• Record-keeping: Biometric identification processes must be documented in a clear and understandable manner by financial service providers. This includes archiving recordings made for online identity purposes, such as opening a bank account or other transactions; and storing records of the presence check procedure.

How Shufti Can Help

Biometric authentication is one of the best ways to combat financial crimes, especially 2D and 3D masks, and deep fakes. Skin texture analysis, 3D mapping, depth sensing, liveness detection, and other techniques have enhanced the accuracy of biometric authentication.

Shufti’s state-of-the-art facial biometric verification solution is powered by thousands of AI models to authenticate customer identities and verify the live presence of the customer, helping businesses to meet Austria’s new identity verification requirements. With 98.67% accuracy, our solutions ensure that your company stays safe from facial spoof attacks. 

Want to know more about facial biometric authentication for financial services?