2024-13: "KYCID, an operational OAuth2 integration of eKYC"
In this bachelor thesis Yann Doy presents his implementation of a concept of eKYC (electronic Knwo Your Customer procedure).
Introduction video
Abstract
This bachelor’s thesis, carried out by Mr Yann Mickael DOY and advised by Mr Emanuel BENOIST with the expertise of Mr Daniel VOISARD, explores the creation of an identity verification service platform (Know your customer, eKYC) called KYCID for "Know your customer’s ID".
The service enables third-party applications (client apps), such as GNU Taler, a payment platform, to perform eKYC procedures, which verify either the telephone number via a code sent by SMS, or by checking identity papers, or both.
ID papers verification is carried out by taking a photograph of the ID card or passport and other images of the person in different positions using his camera or webcam. This enables an administrator to verify that the documents in question belong to the indi- vidual in question and to validate their account.
In light of the aforementioned considerations, it is clear that security is of paramount importance. This is why the integration between the client app and KYCID is done with OAuth2. OAuth2 is a protocol and a set of specialised practices for delegating autho- risation over HTTPS. In its version 2, it is technically mature and widely used in the industry.
OAuth2 enables third parties (client applications) to request access to a protected re- source on a service. In this case, the resource is the user’s identity, and the service is KYCID. OAuth2 is not merely a protocol; it is also a framework that provides the tech- nical knowledge to enable its implementation in a secure manner.
Furthermore, KYCID incorporates a comprehensive array of security measures, includ- ing password protection, an anti-brute force system, and filters to prevent SMS plump- ing, which involves the use of premium rate numbers to extort money from the service.
The KYCID functionality enables customers to register with an email address and verify it (to prevent the use of fake emails), verify a phone number and verify identity docu- ments. Furthermore, KYCID allows customers to carry out an eKYC procedure without first creating an account. This account will be created automatically at the end of the eKYC procedure.
The code has been developed in accordance with the principles of clean architecture, which facilitates scalability and testability. This has been achieved by implementing a comprehensive suite of automated unit, acceptance, and integration tests.