KYC vs eIDV: what are the differences and how to combine them?
The common confusion: KYC and eIDV, two complementary building blocks
When you launch a high-volume identity verification project, you encounter two acronyms: KYC and eIDV. Some vendors sell both as a single offering. Others sell them as competing solutions. Neither stance is accurate.
KYC (Know Your Customer) is a regulatory framework — a set of processes, governance and monitoring that spans the entire client relationship. It is rooted in AML/CFT regulation (anti-money-laundering and counter-financing of terrorism — the rules against financial crime) and unfolds over months or years inside financial institutions.
eIDV (electronic Identity Verification) is a technology: an API call that confirms, at a given moment, that the user in front of you is who they claim to be. It is a building block, not a framework. A financial institution that wants to meet its KYC requirements can integrate an electronic identity verification as one of its controls, but the KYC process doesn't stop there.
Understanding the difference helps you avoid two pitfalls. The first: believing that a 4-week eIDV integration brings you into compliance with AMLD6 (the 6th EU Anti-Money Laundering Directive). The second: over-investing in a full KYC program when all you need is anti-fraud identity verification at onboarding.
KYC is a regulatory framework. eIDV is one of the tools that serves that framework.
KYC: a global framework covering the entire client life cycle
The KYC process is structured around four pillars, formalized by the recommendations of the FATF (the Financial Action Task Force, the international reference body for anti-money-laundering) and then transposed into European law through the successive AMLD directives, up to AMLD6 (the 6th EU Anti-Money Laundering Directive), whose French transposition was finalized in June 2025. This framework structures the due-diligence activities of financial institutions toward their clients.
The first step is customer identification: who is this person? Civil status for an individual, company registration and beneficial owner for a business. At this stage, you collect declarative information: first name, last name, date of birth, address. This is the definition of KYC (Know Your Customer) in its purest form.
Next comes the verification of that information. KYC documents (ID document, proof of address, company registration extract) are the historic approach. Remote identity verification can now rely on alternative solutions: digital identity, biometric authentication, transactional data. This is where eIDV intervenes as a modern technical method of identity verification.
The third pillar is client risk assessment through CDD (Customer Due Diligence — the standard diligence applied to every client) and, for sensitive profiles, EDD (Enhanced Due Diligence). Is this client a politically exposed person (PEP)? Do they reside in a country under sanctions regime? Does their profile match their declared behavior? Financial institutions build a risk level that determines the applicable diligence level — simplified, standard or enhanced. CDD is the central gear of the KYC AML framework.
Finally, the KYC process does not stop at onboarding. Ongoing monitoring tracks transactions, detects anomalies, feeds the KYC AML process and, where necessary, triggers suspicious-activity reports to Tracfin (the French financial intelligence unit). KYC data must be kept for 5 years after the end of the client relationship — a requirement set by the French Monetary and Financial Code.
::: callout-info In brief The KYC process is an organizational and technological framework, not a product. It mobilizes your compliance, operations, audit and IT teams across the company. It sits within an anti-money-laundering matter regulated by the ACPR (French prudential supervisor) and the AMF (French financial markets regulator) in France, fully aligned with the European banking sector and financial services. :::
eIDV: a technical building block that proves an identity
eIDV (electronic Identity Verification) verifies a person's identity remotely, in real time, through an API. It is an automated identity verification process that returns a response in seconds and can be integrated into any onboarding, payment or subscription journey. eIDV stands out as one of the most dynamic identity verification solutions in the financial services market.
Three broad families of identity verification methods coexist:
- Document verification: capture of the ID document (passport, national ID), OCR analysis, security-feature check, validation that the documents are not forged. This method delivers a solid level of assurance for standard document verification.
- Biometric verification: facial recognition with liveness check, compared against the photo on the document. It is sensitive to deepfake and face-swap attacks, which makes ISO 30107-3 (passive PAD) countermeasures essential. It is the preferred path to reach the eIDAS high assurance level.
- Transactional-data verification: identification through the real-life footprint of an individual (verified purchase transactions, government sources, telecoms, media). This is our eIDV approach, and our approach is a necessary complement to the other KYC stages (biometric or document verification).
Each method answers a specific use case and a target assurance level. A multi-mode strategy increases confidence without degrading the user experience.
The European legal framework for eIDV is set by the eIDAS 2.0 regulation (electronic IDentification, Authentication and trust Services — the EU regulation on electronic identity, EU Regulation 2024/1183, in force since May 20, 2024, with progressive implementation through the end of 2026). It defines three assurance levels for digital identity services:
- Low: limited impersonation risk, light controls
- Substantial: the reference level for most financial services
- High: required for the most sensitive operations (online banking, qualified electronic signature, access to health data)
The eIDAS regulation now requires all 27 Member States to offer their citizens an EUDI Wallet (European Digital Identity Wallet). Operational rollout runs from 2025 to end of 2026 for universal availability, and November 2027 for the acceptance obligation on large platforms (fintechs, social media, e-commerce).
The EUDI Wallet stores verified attributes (PID, diplomas, licenses) and supports the issuance of qualified electronic attestations of attributes (QEAA) and strong user authentication on major platforms. It is a sovereign wallet, interoperable across Member States, that repositions eID at the heart of European financial services. Confidence in digital interactions now relies on widespread wallet adoption by banks, fintechs and regulated companies.
Deepfake face-swap attacks have multiplied since 2024. The Sumsub Identity Fraud Report 2025 puts AI-generated fraud at 15-20% of all attempts in the identity verification (IDV) market. Biometrics alone become vulnerable: a synthetic face can pass non-certified PAD checks. The biometric counter-move is to harden liveness checks and apply ISO 30107-3.
Transactional-data eIDV follows a different logic. It doesn't ask to see a face — it queries the proof an individual leaves through real life (verified purchase transactions, government data, telecoms, media) across 4,000 sources worldwide and 197 countries of coverage. An AI-generated face has no transactional history. It is a fraud prevention method that complements classic identity verification solutions.
Everything can be forged, except real life.
This is the philosophy behind our approach, which remains a necessary complement to the other KYC stages (biometric and document verification first): we do not replace biometrics, we cover the residual risk on profiles where facial recognition fails or hesitates.
Comparison table: KYC vs eIDV across 7 dimensions
| Dimension | KYC | eIDV |
|---|---|---|
| Nature | Regulatory framework | Identity verification technology |
| Scope | Full client life cycle | One verification transaction |
| Legal framework | AML/CFT, AMLD6, CDD, FATF | eIDAS 2.0, low / substantial / high levels |
| Engagement level | Organizational process | API call, technical integration |
| Internal stakeholders | Compliance, operations, audit, IT | Tech, product, internal users |
| Cost | Total cost of ownership (resources, solutions, audit) | Pay-per-call or subscription |
| When to use it | Always, in a regulated sector | As a KYC building block, or as anti-fraud for e-commerce |
::: callout-info Quick read
- You are a regulated bank or fintech: you need the full KYC process, in which eIDV is only one building block.
- You are an unregulated e-merchant wanting to reduce fraud: a well-sized eIDV is enough for your onboardings.
- You are a crypto-asset service provider (CASP): MiCA (Markets in Crypto-Assets) and the Travel Rule (TFR) require a full KYC, with eIDV as the pivotal technical piece.
:::
How to combine eIDV and KYC into a coherent framework
A complete KYC strategy mobilizes several technical building blocks:
1. eIDV as proof of identity at onboarding (initial KYC, client identification) 2. PEP and sanctions list screening (OFAC, UN, EU) at onboarding and in ongoing monitoring 3. Risk scoring based on business scenarios, fed by client data and CDD 4. Post-onboarding transaction monitoring (detection of atypical transactions, money laundering, illicit financing) 5. Periodic KYC refresh, modulated by client risk profile
eIDV kicks in at step 1, and sometimes at step 5. Its quality conditions the quality of the overall framework. A faulty identity verification at the start contaminates the entire downstream chain: false positives, useless alerts, low-quality suspicious-activity reports.
For an unregulated use case (premium e-commerce, marketplace, short-term rental platform), eIDV can be deployed standalone: there is no KYC requirement, but fraud exists. Our transactional-data approach is particularly suited to high-friction, high-volume international companies, where document verification would be perceived as intrusive.
::: callout-success Illustration: European online bank On 60,000 yearly onboardings modeled, introducing a data-driven eIDV as the first step brought the funnel-abandonment rate down from 25% to 5%. In parallel, the overall KYC framework was industrialized: PEP screening, scoring, monitoring. ROI measured over 18 months reached 220 to 1, mainly driven by gained conversion and lower operational compliance costs. :::
Which assurance level should you choose for your project?
The rule is simple:
- Regulated financial service (bank, insurance, payment, crypto): you must build a full KYC process, with eIDV as the identification building block. Substantial or high assurance level depending on transaction sensitivity.
- High-stakes B2B service (qualified electronic signature QES, access to medical data, high-value contracts): high level under eIDAS 2.0, EUDI Wallet recommended, QEAA attestations for sensitive attributes.
- E-commerce, marketplaces, rentals: a properly calibrated eIDV is enough. Substantial level for transactions above the risk threshold.
- Edge cases (unregulated fintech, peer-to-peer lending): start with a regulatory audit of your obligations before any technical choice. European compliance is evolving fast — today's gray zone becomes tomorrow's mandate.
Transactional-data eIDV is a mature European solution, complementary to facial recognition, that meets the KYC AML requirements of most regulated sectors while limiting friction for end users. It is compatible with the rollout of the EUDI Wallet and with the European AMLD6 trajectory for fraud prevention.
Security, EUDI Wallet, and qualified electronic signature
Security of client data in a KYC framework is not limited to initial identity verification. It extends to retention, access, internal-user authentication, and action traceability. Financial institutions must prove to the ACPR and AMF that their processes are compliant with KYC AML requirements as well as CDD (Customer Due Diligence) and EDD rules.
The EUDI Wallet brings a new layer of confidence. The European wallet stores a citizen's verified attributes (PID, proof of address, diplomas), supports the issuance of QEAA (Qualified Electronic Attestation of Attributes), and combines with a qualified electronic signature (QES) for the most sensitive transactions. For banks, fintechs and financial services companies, this is the opportunity to reduce onboarding friction while raising the assurance level.
The trajectory for European services is clear:
- 2024-2025: national adoption of the wallet, first pilots
- 2026: universal rollout of the wallet across all 27 Member States
- 2027: acceptance obligation for large platforms (e-commerce, social media, fintechs)
During this transition, transactional-data eIDV plays a role of continuity solution. Not all client populations will immediately hold a wallet. The KYC process must work for everyone, from day one. That's exactly what a data-driven verification delivers: 100% European coverage, with no dependency on wallet adoption.
eIDV is already deployed in several sectors where fraud prevention and AML compliance are priorities:
- Banking sector: onboarding KYC for online banks, periodic KYC refresh, simplified CDD for standard clients
- Insurance sector: online subscription, verification of policyholder and beneficiaries, fight against claim fraud
- Real estate sector: verification of tenants and landlords, CDD on developers, control of beneficial owners
- Crypto sector (CASP): KYC + Travel Rule + sanctions screening, AMLD6 alignment
- Premium e-commerce sector: transactional anti-fraud, verification above the risk threshold
In each of these sectors, eIDV is one of the most efficient identity verification solutions to reduce fraud without degrading conversion. Fintechs and financial institutions see it as a lever to industrialize compliance.
KYC on individuals (identification + verification + CDD) covers only part of the scope. Corporate clients of financial institutions are subject to KYB (Know Your Business) and to the identification of their beneficial owners (UBO). eIDV intervenes here to verify the attributes of executives and beneficial owners: name, ownership link, powers, possible PEP status.
Data-driven eIDV is particularly suited to this international use case: a French executive of a German subsidiary of a Luxembourg group generates transactional traces across three countries. Classic KYB sources (national registries) cover only one country at a time. Transactional data crosses borders and feeds a robust CDD.
::: callout-info Key takeaway The KYC vs eIDV difference is not an opposition: it is an articulation. KYC is the framework, eIDV is the tool. The EUDI Wallet will be the new European standard. Transactional data remains the continuity insurance throughout the transition. AI-driven deepfake fraud prevention now requires a multi-method approach to preserve end-user confidence. :::
::: cta-final Unsure of the assurance level you actually need? We offer a free audit that clarifies in one hour the regulatory perimeter, the volumes, the methods suited to your case, and GDPR compliance (the EU's personal data law), aligned with your KYC strategy, your CDD, and the European eIDAS trajectory. Talk to our experts :::