AWS Partner Network (APN) Blog

Solving the Challenge of Customer Verification and Security with Digital Onboarding

By Apurv Doshi, Sr. Solutions Architect – Infostretch
By Tanmay Baxi, Sr. Solutions Architect – Infostretch
By Shabir Rupani, Sr. Partner Solutions Architect – AWS

Connect with Infostretch-1

With financial institutions engaged in a continuous rollout of digital products that make the process of banking faster, more efficient, and in tune with the demands of the connected society, the retention of existing customers and the ability to attract new ones has become an overarching priority.

While this sector has always been one of the more traditional industries in terms of enacting change, the need to keep pace with technology and the requirements of its account holders has encouraged decision makers to look at faster and more secure ways of customer onboarding.

According to Forbes, the rise of digitization across the financial institutions sector has made the desire to change banks even less likely. Although millennials are thought to be the ones that prefer to conduct financial transactions virtually, the black swan event of 2020 encouraged all age groups to bank online.

The key thing to remember is that financial institutions are more than aware that customer loyalty is often a lifetime commitment. That longevity makes it vitally important that when a new customer signs up, the process of both onboarding and ongoing service is simple and painless.

In this post, we’ll walk you through the use case of one of the largest financial institutes of Europe for whom Infostretch provided a substantial breakthrough to onboard the customers digitally.

Infostretch is an AWS Advanced Consulting Partner, pure-play digital engineering services firm, and full spectrum AWS integrator with deep expertise in cloud computing.

Onboarding Challenges

Customer onboarding remains a challenging and time-consuming process for most banks. Both digital and traditional processes are often overly complex, resulting in lower conversion rates and higher cost of acquisition.

In addition, the onboarding processes can be lengthy, encompassing several steps such as manual processes, document submission and verification, a branch visit followed by online application, and approval waiting. All of this contributes to delays and inconvenience for the customer.

To overcome these challenges, numerous financial institutions have started customer onboarding online. It’s worth noting that while online applications have been a norm for some time, end-to-end onboarding is a relatively recent trend, albeit one that has been accelerated by the ongoing pandemic.

Digital onboarding for customers on a banking platform has its own set of challenges that range from seemingly mundane elements like identity verification to compliance and security issues.

Customer Success Story

On the plus side, the financial sector is eager to alleviate these barriers to effective customer acquisition.

When a large-scale institution in Europe reached out to Infostretch with a defined problem with its workflows, we designed and delivered a customized customer onboarding process that is highly scalable, pluggable to any systems, secure, and has human-like accuracy that needs less actual human intervention.

The problems presented to Infostretch by the European financial institution highlighted a distinct set of challenges, namely:

  • An ability to securely upload and store the documents.
  • Automated facial verifications.
  • Integration with third-party APIs for cross-verification of the data.
  • Industry compliance.
  • Achieve human-like accuracy.

Solution Overview

Onboarding is often considered to be one of the more labor-intensive processes in terms of bringing both new and existing customers into a digital banking ecosystem, even more so when you factor in that not all customers may be digital natives.

Taking the disparate customer base and their engagement with digital banking apps into account, we wanted to design a solution that delivered the personally identifiable information (PII) data required for effective onboarding and was seamless for the end user.

The workflow that Infostretch integrated into this AWS-focused solution can be seen below.


Figure 1 – Infostretch solution workflow.

The client-facing application (mobile and web frontend) fetches the static content from Amazon Simple Storage Service (Amazon S3) buckets via the Amazon CloudFront content delivery network. This content includes web pages, images, and static documents.

From here, end users would start the registration process from the frontend applications, providing their email address and phone number.

User verification and the uploading of documents, images, and videos is processed in two diverse ways:

The user is verified for the phone number and email address, which are entered using the frontend application. AWS Lambda then triggers Amazon Simple Email Service (SES) for email verification and Amazon Simple Notification Service (SNS) for mobile number verification.

Once the user is identified successfully, another Lambda function would be triggered to process the uploaded documents.

Next, the user uploads the documents using the frontend application, which will again use Application Load Balancer and Amazon API Gateway.

These uploaded documents are pre-processed to make sure the image has a minimal amount of noise. The cleaned image will be passed to Amazon Textract to extract the vital information from the eID in key-value format. To confirm the retrieved data, Lambda is triggered to call the third-party APIs for verification purposes.

Once the textual details are verified, the live photo is captured using the frontend application. This is checked against the photo on the document. The entire process is handled using AWS Lambda, which leverages Amazon Rekognition to compare the faces.

It should be noted that by setting proper thresholds for identification, the desired results can be quickly achieved. Additionally, successful verification of the document and user photo will trigger further steps to verify the user.

By using video analytics, the system avoids the risk of morphing (which can easily be done by holding the photo). It also secures the system against identity theft—such as a person using someone else’s eID to bypass the security protocols—since the video analytics requires a live video of the person.

The system will request the user start the video and perform the following instructions, which can be dynamically configured during system setup:

  • Show end user face clearly in front of the camera.
  • While showing the face, system requests user to hold the eID in front of the camera.
  • System requests the user perform certain gestures (such as blink eyes X number of times, smile without showing teeth, waving hands, or show numbers with fingers).

Amazon Kinesis Video Stream data will be parked to S3 using Kinesis Data Firehose.

As soon as the video arrives in S3, it publishes the message to Amazon Simple Queue Service (SQS) which then triggers the video analytics microservice:

  • Here, the microservice extracts facial and gesture information.
  • Once extracted, this information gets compared with system configurations along with timestamp.

Next, the system compares data of video extraction and photo extraction. At this point in the workflow, the microservice would supply more detailed results, such as the following:

  "photoAnalysis": { 
    "facial_comparision_results": "65%", 
    "data_extraction": true  
  "videoAnalysis": { 
    "facial_comparision_results": "70%", 
    "gesture_comparsion_results": "100%", 
    "data_extraction": true // if this is false the customer must go through manual process 

The results are then pushed to SQS for a customer agent:

  • If the customer agent is satisfied with the automated results, they would approve the customer for onboarding.
  • If the customer agent is not satisfied, they would review images and videos for manual processing.

In all cases, the documents, images, and videos which are provided by the end user would be available in the cloud for future audit purposes.

Solution Architecture

To make the solution workflow a reality, Infostretch designed the architecture that leveraged full advantage of the managed services offered within the AWS Cloud platform.

As you can see in Figure 2 below, the architecture needed to align in three distinct parts to be successful: Application Static Resources, Image Processing, and Video Processing.


Figure 2 – Infostretch reference architecture diagram.

These stages can be further expanded upon as follows:

  1. Entire web application-related resources and static contents of the mobile apps is served from Amazon S3 buckets via Amazon CloudFront.
  2. Requests (like images, JSON, etc.) would always reach Amazon API Gateway. All of the streaming requests like video recording would reach Amazon Kinesis Data Streams.
  3. Email and phone number validated against patterns, existing users and OTPs using Amazon SES and SNS services.
  4. The picture taken by end user would be cleaned, eliminating skewing at first. After that, the solution would extract PII information that would be validated against third-party services.
  5. The extracted data from the image and picture taken by end user would be put in for facial recognition using Amazon Rekognition.
  6. After the facial verification, the app would request user to turn on video and perform certain gestures like eye blinking, hand lifting, or showing certain numbers with fingers (depending on user’s physical condition), along with showing the eID used earlier. The video would end up in the S3 bucket via Amazon Kinesis Data Firehose for agents to perform manual verification and future auditing purposes.
  7. As soon as a new object arrives in S3, Amazon CloudWatch would publish a message to SQS which would contain S3 file-path of video and metadata. The subscriber microservice inside an Amazon Elastic Kubernetes Service (Amazon EKS) cluster would start processing the video based on metadata using Amazon SageMaker. The machine learning model used here and residing in S3 bucket is a custom model for gesture recognition and PII data extraction from video frame.
  8. Once the data is extracted successfully, the microservice residing inside the EKS cluster would publish the message to SQS for Lambda to trigger. Lambda would start a comparison and validation of PII information collected from the image and video against third-party service and uploaded documents. Here, Amazon Rekognition would come in handy for image comparison purposes. If the data is validated successfully, Lambda would push a notification to Know Your Customer (KYC) agent with necessary information, documents, and video URLs.
  9. As KYC agent receives notification, they validate the machine calculated comparison scores. If the scores are at par with pre-defined levels, this step is optional. The major purpose of this step is for future auditing purposes.
  10. All of the collected information would be persisted inside Amazon DocumentDB.

Advantages of Solution

Digital onboarding has its own defined benefits for both customers and the banks.

Customers can take advantage of the ease of input and flexibility to onboard at their convenience. Banks benefit by transforming a lengthy and tediously complex process to an immediate and fluid process.

Additionally, video identification equipped with artificial intelligence (AI) and machine learning (ML) provides real-time verification, exponentially increasing conversion rates due to integration of digital onboarding processes.

In fact, this kind of sophisticated digital customer onboarding also helps in fraud detention, as the technologies used to verify that a person is who they say they are will be compliant with the video identification security standards.

Speed is another advantage digital onboarding has over the more traditional format. Digital onboarding only takes a few minutes, while the traditional ones can often take weeks. Thanks to our customer’s internal (and confidential) feedback loop, we were made aware that their customer acquisition has increased by more than 84% after digital onboarding solution introduction.

To deliver such a complex solution, Infostretch’s use AWS managed services and a custom implementation to build a solution which can function at a large scale with close to 90% automation.

In designing the solution for our European financial institution, Infostretch recognized that applying faster customer onboarding is a pain point across several business verticals.

Taking that into account, we believe the delivered and integrated solution could also be used for the following use cases:

  • Successful implementation of PII verification for Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT).
  • Reduce the need for physical and/or manual verification in general. In turn, this expediates the onboarding cycle and improves end-user experience.
  • Increased use of eID makes adoption of automated PII systems to fulfil Customer Identification and Verification (CIV) obligations.
  • Automated PII verification systems can reduce the cost of identifying and accepting new customers drastically.

Infostretch’s proposed (and integrated) solution also solves a few challenges faced by many industries, including but not limited to:

  • Increased customer friction; banks are reportedly taking longer to onboard individual customers.
  • Delayed document verification for KYC initiatives due to unavailability of consumer or service provider helping the process.
  • Verification and types of documents vary from one financial institute to another; a uniform process can therefore be adopted across the board.


With customer onboarding being unavoidable for the financial sector, it was important Infostretch delivered a digital solution that ticked all of the required boxes.

Thanks to a reliable and efficient design, as well as an interactive user experience and touchless onboarding process, Infostretch has been able to supply smooth and transparent onboarding for the customers of our European financial client.

The digitalization of what can be a lengthy process for banks and other financial institutions has helped to generate net-new customers for our client and fill in the gaps that were created by a global pandemic.

This solution shows that even the most traditional of business sectors must digitally transform to maintain customer loyalty.


Infostretch – AWS Partner Spotlight

Infostretch is an AWS Advanced Consulting Partner, pure-play digital engineering services firm, and full spectrum AWS integrator with deep expertise in cloud computing.

Contact Infostretch | Partner Overview

*Already worked with Infostretch? Rate the Partner

*To review an AWS Partner, you must be a customer that has worked with them directly on a project.