fidentity logo

Digital Onboarding: Identity verification as a critical step

Requirements and common pitfalls in digital identity processes

Digital onboarding is already established across many organizations. However, the way identity verification is implemented varies significantly depending on the use case and has a direct impact on process stability and completion rates.

Organizations therefore face the challenge of balancing security, usability, and regulatory requirements. This article outlines what to consider and highlights common pitfalls in digital onboarding processes.

Portrait Franziska Ackermann, Head of Communications
Franziska Ackermann
12.3.2026

Identity verification as a critical step in onboarding

Digital onboarding processes are now operational in many organizations. The challenge is no longer whether identity can be verified digitally, but how to do so in a way that is reliable, auditable, and free of process breaks. In many cases, this involves sensitive processes such as financial services, healthcare data, or legally binding agreements.

This creates a dual requirement: the process must be fully digital while ensuring that an individual can be clearly and reliably identified.

As a result, identity verification becomes a technically and regulatorily demanding component of digital onboarding processes.

Why digital identity verification is complex

Reliable identity verification becomes necessary as soon as processes carry legal or regulatory significance.

Many digital approaches therefore require users to capture or scan an official ID document and take a selfie. These steps serve a clear purpose:

  • verifying that a valid document is used
  • confirming that a real person is present
  • matching the document to the individual

In practice, this often leads to uncertainty. Users may question whether the document was captured correctly or why a selfie is required. The handling of sensitive identity data and biometric images also raises concerns.

If guidance is unclear or technical issues occur, this can quickly result in repeated verification attempts, support requests, or abandoned processes.

How digital identity verification typically works

1. Capture of an official ID document
2. Verification of document authenticity
3. Extraction of document data (e.g., MRZ / VIZ / NFC)
4. Selfie capture with presence detection
5. Biometric matching between document photo and individual

Each of these steps must function reliably to ensure the process remains both secure and stable.

Read more in this article

When process breaks disrupt digital onboarding

Complexity also arises when parts of the identity process take place outside the core digital workflow.

Typical examples include:

  • reference payments
  • in-person identification at a verification office
  • additional document submissions via email or postal mail

Such process breaks extend timelines and increase the likelihood that onboarding is not completed.

The more identity verification, data capture, and contract execution are integrated into a single, continuous workflow, the more stable and efficient digital services become.

Digital identity as a long-term infrastructure component

Identity verification is not an isolated step in onboarding, but part of a broader digital infrastructure.

While it is initially used during onboarding, there are many situations throughout the lifecycle where identity must be verified again.

Typical examples include:

  • password recovery
  • device changes in secure applications
  • access to additional services
  • digital signing of new contracts or contract amendments

Organizations that treat identity as infrastructure follow a more consistent approach:

Identity verification, authentication, and electronic signatures are understood as interconnected building blocks that are integrated and reused across the entire lifecycle.

This reduces operational complexity and provides a stable foundation for scalable, consistent digital processes.

Traceability, compliance, and auditability

Beyond identity verification itself, internal traceability plays a critical role—particularly in regulated environments.

Digital identity verifications and signatures must be documented, archived, and verifiable when required, for example in audits or regulatory reviews. What matters is not only that a process works, but that it can be fully reconstructed and understood after the fact.

In practice, this is often where issues arise: identity verification, signing, and downstream checks are implemented across separate systems, making traceability more difficult and increasing operational overhead.

In regulated processes, identity verification is typically only the first step. It is followed by additional checks—such as AML, KYC, or PEP screenings—that depend on a reliable and consistently documented identity foundation.

Typical requirements include:

  • tamper-proof documentation of identity verifications
  • traceable signature processes
  • transparent process logs
  • secure document archiving

Organizations that implement these requirements in isolation often introduce additional complexity. An integrated approach, by contrast, enables consistent documentation and ensures processes remain fully traceable over time.

Conclusion

Onboarding is the first point of interaction between an organization and its users and lays the foundation for the ongoing digital relationship.

Not every process requires the highest levels of security and compliance typically found in banking environments. What matters is that an identity solution operates in a transparent, traceable, and reliable way. Well-structured processes build user trust while reducing support effort, repeated verification attempts, and onboarding drop-offs.

The level of digitalization is not the same in every case. The IFZ Retail Banking Study 2025 by the Lucerne University of Applied Sciences and Arts shows that while simple interactions are primarily handled digitally, more complex transactions and finalization steps still often involve personal touchpoints. The key is therefore not to fully shift all processes to digital channels, but to effectively combine digital and in-person steps where appropriate.

At the same time, organizations should consider scalability early on. As usage volumes grow, so do the requirements for stability, integration, and the long-term maintainability of identity processes.

Identity verification and signing in a unified process

Digital identity verification delivers the most value when it is part of a consistent process model.

fidentity’s IDENT and SIGN solutions combine identity verification and electronic signatures within a single platform. This enables onboarding, contract execution, and downstream processes to be handled within a continuous digital workflow—traceable, tamper-proof, and scalable.

This approach is particularly suited for organizations with higher requirements for security, regulatory traceability, and stable processes at scale.

Learn more about fidentity’s identity verification and signing solutions

FAQ

When is digital identity verification required?

Not every digital process requires the same level of security. In simple use cases, verifying personal data may be sufficient. This involves matching user-provided information—such as name, address, or date of birth—against existing data sources, without confirming whether the person is actually present.

For processes with legal implications, a higher level of identity verification is typically required. This involves verifying an official ID document and matching it to the person present, ensuring both the existence of the identity and the actual presence of the individual.

What are the typical steps in a digital identity verification process?

Digital identity verification typically follows a structured sequence of steps:

1. Capture of an official ID document
2. Verification of document authenticity
3. Extraction of document data
4. Selfie capture with presence detection
5. Biometric matching between the document photo and the individual

The quality of each step directly impacts both the security of the process and the likelihood that users successfully complete it.

What happens during document verification?

The system must determine whether a document is genuine, manipulated, or simply a copy or screen image. At the same time, relevant data is extracted from the document.

Two areas are typically used:
- MRZ (Machine Readable Zone) – the machine-readable section
- VIZ (Visual Inspection Zone) – the visible data such as name or date of birth

If available, additional data can be read from the document’s NFC chip, which increases reliability.

The challenge lies in accurately recognizing documents from many different countries, extracting data consistently, and reliably detecting manipulation.

What role do selfies and liveness detection play?

After document verification, the user captures a selfie. The system then checks whether a real person is present and not a photo, video, or deepfake.

Modern systems combine several methods, such as:

- liveness detection
- presentation attack detection (e.g., photos or masks)
- injection attack detection (e.g., manipulated camera feeds)

The selfie is then biometrically compared to the photo on the ID document to confirm that both images belong to the same person.

Automation or human verification?

Identity verification systems follow different approaches. Fully automated systems rely on machine learning models to make decisions. They are highly scalable and enable fast processing, even outside business hours. When ID documents include an NFC chip, identity can often be verified fully automatically, as structured and verifiable data can be read directly.

For documents without NFC, hybrid approaches are commonly used. Automated systems handle most of the process, while human analysts review edge cases in the background without direct interaction with the user.

Other methods rely on direct interaction, such as video calls with an agent.

Each approach has its advantages and trade-offs. While human review can add an extra layer of assurance, it also increases complexity, cost, and operational dependencies.

What should be considered when handling sensitive identity data?

Digital identity verification involves processing personal data, including ID information and biometric data. Organizations should assess:

- where data is processed and stored
- how long it is retained
- whether it is used for fraud detection or model training
- what level of control exists over storage and deletion

In regulated environments, transparent and compliant handling of such data is essential.

What role do certifications and assurance levels play?

Different use cases require different levels of assurance.

In regulated environments—particularly in financial services—identity verification methods must comply with defined regulatory requirements and be supported by appropriate certifications or audits. In Switzerland, for example, FINMA regulations define the conditions under which digital identification is considered sufficient.

Organizations should evaluate:

- the required level of assurance for the specific process
- whether the solution meets recognized standards and regulatory requirements
- how compliance is documented and demonstrated

Not every process requires the same level of rigor. The key is to strike the right balance between regulatory requirements and practical implementation.

How important is the user experience in identity verification?

In addition to security, process stability plays a key role. Identity verification involves multiple steps—such as document capture, selfie capture, and biometric matching. If these steps are unreliable or require repetition, the likelihood of process drop-offs increases.

Key indicators of quality include:

- how often documents need to be recaptured
- how reliably selfie and liveness checks perform
- how many users successfully complete the process

A well-structured and stable process reduces drop-offs and improves conversion.

How easily can the identity verification solution be integrated?

Identity verification should integrate seamlessly into existing systems, such as:

- customer onboarding platforms
- government services
- HR workflows
- contract and signing platforms

Solutions with clear APIs, flexible workflows, and prebuilt integrations reduce implementation effort and ongoing operational complexity.

How important is future readiness for identity solutions?

Digital identity ecosystems are evolving rapidly. New regulatory frameworks and technologies—such as digital identity wallets or national eID initiatives—will continue to shape identity processes.

Organizations should consider:

- which ID documents and countries are supported
- how new identity formats can be integrated
- whether the solution can adapt to future regulatory requirements

A flexible and future-ready architecture makes it easier to accommodate these developments over time.

Share article:

Get in touch.

Portrait René Greiss, Head of Sales and Business Development
René Greiss
Head of Sales and Business Development
Interested in learning more about IDENT, SIGN, and ONBOARD? Get in touch now. I’m happy to assist you.
Contact me
KI generiertes Bild, zwei schwarz gekleidete Figuren stehen um ein Smartphone, umgeben von Schlüsseln und Sicherheitssymbolen.
Security
News

8.1.2026

Protection against fraud attacks: How fidentity secures digital KYC
Mann hält Daumen hoch, Titelbild zum Blogbeitrag "Maximale Konversion garantiert"
News

16.5.2022

Maximum conversion guaranteed
Ein Mann sitzt an einem Laptop, er ist am Smartphone beschäftigt. Nebem ihm liegt ein Schweizer Reisepass.
Technology

8.9.2025

An identity for the internet: what the e-ID has to offer
Read more news