Know your customer

Description of Know Your Customer verification process and the resources involved.

Banking regulations require that financial institutions perform a Know Your Customer (KYCKYC - Know Your Customer. The compliance that financial institutions put into their policies and procedures to verify a customer's identity.) process to verify a customers' identity before they can use their accounts.

Bond provides connections between brands and banks. A brand can have partnership programs with multiple banks, with each program having a unique program_id. Bond Studio provides APIs to perform the customer verification process on behalf of the bank.

In Bond Studio, you initiate the KYC process after you create a customer object representing the consumer who wants to set up an account. The consumer provides the required personal information during the application process.

The customer_id is a required path parameter for the API request to initiate a KYC process. The program_id is a required body parameter.

The combination of these two parameters in the request indicates that Bond will do a verification check on a particular customer on behalf of a particular bank partnered with the brand.

When calling the KYC API, you can optionally include documentation for verifying the identity of the customer. For details see Running KYC.

The KYC request for the customer is asynchronous (meaning that the reply is not always immediate), so you must configure a webhook to listen for KYC events.

Bond provides a kyc.verification.status passed/failed response to the callback_url (for example, www.brandurl.com/bond-kyc) configured in the webhook.

If the kyc.verification.status is passed, the customer's information has been validated and they are eligible to access the services provided by the bank. You can now create a card for the customer.

If the response returned is failed, a KBAKBA - Knowledge Based Authentication. A form of identity validation done by prompting the user to answer questions based on their private information. Performed in the event that the KYC process fails. Generally KBA is interchangeable with OOW. For example, "Out of these 4 addresses, in which have you resided previously?". (Knowledge Based Authentication) request is triggered. The KBA process prompts the customer to respond to multiple-choice questions that are easily answered by them, but difficult for others. If the KBA process fails, customer verification has failed and you can't issue a card.

Idempotency

📘

Note

The KYC endpoint is idempotentidempotent - Has the same result when called multiple times with the same idempotent key and repeated requests using the same Idempotency-Key within a 24 hour period will fail.

Once a customer has successfully passed the KYC process, no further KYC attempts are allowed. Any further call for KYC authentication responds with an error and returns the timestamp of the previously successful KYC process.

Idempotency is a Web API design principle that prevents you from running the same operation multiple times. Because a certain amount of intermittent failure is to be expected, you need a way to reconcile failed requests with a server, and idempotency provides a mechanism for that. Including an idempotency key (an optional string) makes POST requests idempotent, which prompts the API to do the record keeping required to prevent duplicate operations. You can safely retry requests that include an idempotency key as long as the second request occurs within 24 hours from when you first receive the key (keys expire after 24 hours).


Did this page help you?