Securely Sharing KYC Data in Consortia and Ecosystems

The Challenge of Repeat KYCBusinesses in consortia and partner ecosystems frequently require users to undergo repetitive KYC processes, leading to friction and high abandonment rates.

Strategic B2B Data SharingSecurely sharing verified KYC data between trusted partners via API can eliminate redundant checks, streamline onboarding, and foster stronger business relationships.

Compliance is ParamountImplementing B2B data sharing requires a clear legal basis, robust data sharing agreements, and explicit user consent to ensure full compliance with regulations like GDPR and eIDAS2.

Didit's API-Driven SolutionDidit's 'Share KYC via API' feature enables secure, server-to-server transfer of verification sessions, allowing partners to import data and choose their level of trust, all within a modular, AI-native framework.

The Growing Need for Seamless Identity Verification in Ecosystems

In today's interconnected digital landscape, businesses often operate within complex consortia, partner networks, and broader ecosystems. Think of financial service groups, e-commerce platforms with integrated payment providers, or even healthcare networks. A common pain point across these environments is the repeated need for Know Your Customer (KYC) verification. Users who are already verified by one entity within an ecosystem are often forced to undergo the same rigorous checks when interacting with another, leading to frustration, delays, and a significant drop-off in conversion rates. This not only degrades the user experience but also increases operational costs for businesses.

The traditional approach to KYC, where each entity acts as an isolated silo, is becoming increasingly unsustainable. There's a clear demand for a more intelligent, collaborative approach that allows for the secure and compliant sharing of verified identity data. The goal is to verify once and leverage that verification across multiple trusted touchpoints, without compromising security or regulatory adherence.

Understanding 'Share KYC via API' for B2B Collaboration

Didit addresses this critical need with its 'Share KYC via API' feature, designed specifically for secure, server-to-server data sharing between trusted business partners. Unlike user-controlled Reusable KYC, where the end-user initiates the sharing, 'Share KYC via API' is initiated by businesses. This is particularly powerful for established partner ecosystems where a user's identity needs to be portable across related platforms, such as a banking group sharing KYC between its investment arm and its retail banking division.

The process is straightforward yet highly secure:

1. Generate Share Token: The originating service (Service X), which has already verified the user, makes an API call to Didit to generate a secure, short-lived share_token for that user's verification session. This token is specifically designated for the partner service (Service Y).
2. Pass Token to Partner: Service X securely transmits this share_token to Service Y through a pre-arranged backend channel.
3. Import Session: Service Y then uses the received share_token to make its own API call to Didit, importing a complete copy of the verification session. This includes all documents and checks, directly into Service Y's environment.

This streamlined process, facilitated by Didit's robust API, ensures that the user's verified data is transferred efficiently and securely, eliminating the need for a fresh verification from scratch. Didit's ID Verification, Passive & Active Liveness, and 1:1 Face Match capabilities ensure the initial verification is of the highest standard, making the shared data reliable.

Strategic Advantages and Compliance Considerations

The benefits of implementing a 'Share KYC via API' model are profound. For businesses, it translates to significantly faster user onboarding, reduced operational costs associated with redundant verification, and higher conversion rates as friction is removed. For users, it means a much smoother, more convenient experience across an ecosystem of services they trust. This fosters stronger customer loyalty and engagement.

However, implementing such a system demands meticulous attention to compliance. Sharing personal user data between different organizations is subject to stringent legal and regulatory requirements, such as GDPR in the EU and UK GDPR, and the upcoming eIDAS2 framework. Organizations are responsible for ensuring full compliance:

• Legal Basis: A legitimate legal basis for sharing data must be established, often requiring a comprehensive data sharing agreement between partner organizations.
• User Consent: Users must be properly informed and provide explicit consent for their data to be shared. This is typically handled within the user's terms of service with the initial business.
• Data Minimization and Security: Only necessary data should be shared, and it must be protected with end-to-end encryption and robust security protocols.

Didit's architecture is built with compliance in mind, offering features like structured identity data and complete audit trails to support regulatory requirements. The ability to import sessions with an 'In Review' status, rather than automatically trusting the original review, gives the importing partner fine-grained control over their risk posture and compliance obligations.

Import Options and Workflow Flexibility

When Service Y imports a shared session, Didit provides crucial flexibility through specific import options:

• trust_review: This boolean parameter allows Service Y to decide whether to trust the original review status (Approved/Declined) from Service X. If true, the user is instantly onboarded or rejected based on the original status. If false, the session data is copied, but the status is set to 'In Review', allowing Service Y to conduct its own internal review using the pre-collected documents and data. This is vital for businesses with specific internal risk policies or different regulatory obligations.
• workflow_id: Service Y must specify which of its own verification workflows to associate with the imported session. This ensures that the imported data aligns with Service Y's internal processes and configurations, leveraging Didit's modular architecture.
• vendor_data: Service Y can assign its own internal user identifier to the imported session, seamlessly integrating it into their existing systems.

These options ensure that while the core benefit of eliminating repetitive data collection is achieved, each partner maintains control over their specific onboarding processes, risk assessment, and compliance workflows. Didit's AML Screening & Monitoring capabilities can be applied to imported sessions, further enhancing the importing partner's compliance posture.

How Didit Helps

Didit is at the forefront of enabling secure and efficient identity verification sharing within consortia and partner ecosystems. Our 'Share KYC via API' feature is a testament to our AI-native, developer-first approach, providing clean APIs and a flexible, modular architecture that integrates seamlessly into any business logic.

With Didit, businesses can:

• Leverage Free Core KYC: Start verifying identities with our robust core features, reducing initial investment and making advanced capabilities accessible.
• Streamline Onboarding: Utilize 'Share KYC via API' to significantly reduce onboarding time and friction for users within trusted partner networks.
• Ensure Compliance: Benefit from a platform designed with regulatory requirements in mind, including robust ID Verification, Passive & Active Liveness, and AML Screening & Monitoring, providing the necessary tools for audit trails and secure data handling.
• Maintain Control: The granular import options (trust_review, workflow_id) give businesses complete control over how shared data is processed and reviewed within their specific risk and compliance frameworks.
• Build Future-Proof Solutions: Our modular identity layer allows you to compose verification workflows that adapt to evolving business needs and regulatory landscapes, without setup fees.

Didit empowers businesses to move beyond siloed identity verification, fostering collaboration and enhancing user experience across entire ecosystems, all while maintaining the highest standards of security and compliance.

Ready to Get Started?

Ready to see Didit in action? Get a free demo today.

Start verifying identities for free with Didit's free tier.