eSIMs: The KYC Challenge & Self-Service Identity

In many countries around the world there is a regulatory requirement to capture and authenticate name and address data for every mobile phone subscription; be it contract or pay-as-you-go [PAYG], with or without a new device included in the deal (e.g. SIM only). Typically, this ‘Know Your Customer’ [KYC] regulation needs a document check of a valid government issued form of Photo Identification; Passport, Driving Licence, or ID Card for example.

With traditional SIM cards this was relatively easy because every order, even SIM only, required either physical presence in a retail store (with documents in hand), or a physical delivery to a specified address, where the courier is able to check an ID at the point of delivery. In future, with the introduction of eSIMs, there may not be a requirement for a physical delivery when someone registers onto a network -  and therefore no opportunity for physical interaction with the customer for ID verification or authentication.

The Future of eSIMs

Most mobile operators are working hard to move as much of the customer journey to self-service via fully automated on-line channels, so the idea of new customers using fully automated provisioning via eSIMs rather than coming to a store for an identity check is highly attractive. For those working to a regulatory regime that requires a robust KYC check this creates a bit of a problem. To overcome this challenge, mobile operators need to consider all aspects of the customer journey, from proposal right through to the document authentication process.

Example Existing Customer Process  

Step 1 of any registration process should be an ‘existing customer’ check. If you are dealing with an existing customer, and an ID document is already on file, then simply initiate the User Authentication Process, using previously authenticated data from within your customer identity systems. For stronger KYC, this can include a multi-factor authentication process, for example entering an existing username/password combination followed by a one-time-password sent to a registered mobile device.

 

Diagram - Customer Known

A typical 'existing customer' process should look a little like this

 

Example New Customer Process  

If on the other hand you are dealing with a new customer, then the process required will be slightly more complex. Legally required data such as name and address is gathered before initiating  an ‘Attribute Assurance’ Process - verifying data are genuine through comparison with e.g. a credit bureau, or a bank account verification. Following Attribute Assurance, an ‘ID document’ process takes place, verifying the user against a digitally scanned form of government photo ID, checking both that the ID is genuine, and the person using it is authentic. With customer consent, a copy of this identification can be archived before activating the eSIM.

 

Diagram - Customer Unknown

What a new customer registration process might look like in an eSIM world.

 

 

Intelligent Authentication from ForgeRock is designed to enable innovative customer journeys that bring your Digital Transformation strategy to life. To find out more about ForgeRock's market leading Customer Identity and Access Management platform for Communications and Media click here.

To read the article in full, see Tim Barber's post on LinkedIn.


 

Who Is Tim Barber?

Who’s Tim? In his past, he worked with some big names like Pitney Bowes Software, Experian, and SurfKitchen. These days he serves as the VP of the Communications and Media Industry here at ForgeRock where his mission is to understand what major problems and cool opportunities telecoms and media companies are working on, figure out how ForgeRock can help them, and then lead them down the path to success. Sound easy? Well that’s just Tim’s childhood magician skills being put to work.

Recent Posts:

IAM owner? We've got your back.

Identity and Access Management (IAM) is a compelling tool and can be even more effective when used strategically.  The extent of the value depends upon how available you make identity to the business applications and services used in achieving business goals.

Open Banking: Are You Ready, Australia?

“Future money will know where it has been, who has been using it and what they have been using it for.

User Login Analytics & Metrics: The Deeper Dive

As login journeys become more complex, the need to effectively monitor their performance becomes more important.