KYC-UX: reduced friction

1) KYC-UX principles

Risk-based by design: the lower the risk, the less friction; signal-only escalation.
Progressive disclosure: show exactly what you need now (minimum fields/screens).
One-tap re-entry: preserving context, summarizing unfinished checks.
Multi-source signals: documents + liveness + behavioral/network features.
Separation of goals: KYC (who you are) ≠ SoF/SoW (where the money comes from) ≠ AML/sanctions (additional filters).
Explainability: short reasons, understandable user actions, predictable timing.

2) Risk-base levels (approximate matrix)

3) Reference KYC flow (mobile-first)

1. The threshold trigger (for example, the first output) → a screen with a brief cause and benefit: "Let's check the identity to open the outputs and raise the limits."

2. Document selection (passport/ID/driver) with "what's best" advice for the country.
3. Shooting: auto-crap, background blur, glare/contrast illumination, sharpness control.

4. OCR/MRZ/NFC: instant progress, do not block UI; at NFC - animated "bring the document to the phone."

5. Liveness: 3-4 simple actions (head turn/blink) or passive liveness 2-3 frames.
6. Auto-validation (background) + visible SLA timer (e.g. "up to 2 minutes").
7. Result: + approved → limits/status; → exactly one point and examples need to be supplemented; - refusal → understandable reason and path to appeal.

4) "Soft" step-ups and context

Geo-conflict (IP≠KYC) → GPS/SIM request or proof of address (L2).
High-risk BIN/issuer → forced liveness when trying to deposit.
Velocity/multiaccounting → repeated selfie + SoF on output.
APP/sanctions (fuzzy) → L3 with SoF/SoW and manual verification.

5) Micro-UX: How to reduce friction

Before the step: "What to cook? ~ 2 minutes, passport/ID and good lighting."

Document capture: mask frame, glare detection, green check stamps "photo readable/even angle."

Local OCR preview: Highlight read fields for visual inspection.
NFC tips: info on the location of the chip for a specific country/form.
Liveness navigation: simple tasks without text - icons + short phrase.
Retry without pain: repeat the step without losing progress; limit of attempts with timer.

Privacy gatehouse: "The photo is stored encrypted. No data in EXIF/UI logs."

6) Localization and availability

Complete translation of instructions, sample documents, and acceptable formats.
Support for RTL, large fonts, 'aria-labels', keyboard navigation.
Validation by country (address format, ID-mask), for phones - E.164.

Examples in the local language: "Example: st. Pushkin, d. 10, apt. 5."

7) Privacy, storage and consent

Clear consents: purpose (KYC/AML), retention period, removal/appeal rights.
Data minimization: store tokens/hashes where possible, hide PAN/EXIF.
Removal/retention policy: L0-L1 shorter L2-L3 longer by law/license.
Audit-trail: who/when watched/decided; immutable logs.

8) Engineering: events and data model (minimum)

kyc.sessions (
kyc_id PK, user_id, level_target, started_at, status, provider, country, risk_score, conflict_flags, sla_eta_at
)
kyc.documents (
doc_id PK, kyc_id FK, type, side, ocr_json, mrz_ok, nfc_ok, quality_score, captured_at, storage_ref
)
kyc.liveness (
kyc_id FK, type, result, confidence, frames_ref, captured_at
)
kyc.sanctions_pep (
kyc_id FK, list, match_type, score, reviewed_by, reviewed_at, decision
)
kyc.proofs (
kyc_id FK, kind -- POA      SOF      SOW,
file_ref, parsed_json, status, requested_at, received_at, reviewer
)
kyc.decisions (
kyc_id FK, level_granted, result -- APPROVED    MORE_INFO    REJECTED,
reason_code, comment, decided_at
)

9) Policies in pseudo-DSL (example)

yaml policy: "kyc_v2_risk_based"
triggers:
- name: "first_withdrawal"  -> target_level: L1
- name: "limit_5k_month"   -> target_level: L2
- name: "sanctions_fuzzyhit" -> target_level: L3 escalations:
- if: geo_conflict_score >= 2 then step: "POA"
- if: issuer_risk in ["high","unknown"] and method == "CARD" then step: "liveness"
- if: velocity_deposits_24h > 3 then step: "liveness"
timeouts:
L1: "PT10M" # ожидание авто-проверки
L2: "PT30M"
L3: "P3D"
ux:
show_timer: true resume_link: true

10) Metrics and dashboards

Conversion/speed

KYC Start → Auto-Pass → Manual Review → Approved

Median/95p time-to-KYC by tier and country

Auto-pass% (OCR/MRZ/NFC/liveness) and share of manual

Quality/risk

Mismatch rate (IP≠KYC/SIM) and escalation rate

False Reject% (appeals → reverse)

PEP/Sanctions hit rate and TAT on solution

UX/Errors

Abandonment на шагах (Doc Capture, Liveness, Upload, Review)

Retry-rate and causes (glare/blur/NFC fail)

Mobile vs Desktop: Delta of Success and Time

11) Alerts and thresholds

Abandonment spike on step (up> X bps per hour)

OCR quality drop (quality_score p50

NFC fail surge by country/blank

Auto-pass collapse: fall> Y% d/d

Manual backlog: TAT> SLA (red zone)

Sanctions provider down: timeouts, switching to backup

12) SQL templates

12. 1. KYC funnel

sql
SELECT stage, COUNT() AS users
FROM (
SELECT user_id, 'start' AS stage FROM kyc.sessions WHERE started_at BETWEEN:from AND:to
UNION ALL
SELECT user_id, 'doc_captured' FROM kyc.documents WHERE captured_at BETWEEN:from AND:to
UNION ALL
SELECT user_id, 'liveness_done' FROM kyc.liveness WHERE captured_at BETWEEN:from AND:to
UNION ALL
SELECT user_id, 'approved' FROM kyc.decisions WHERE decided_at BETWEEN:from AND:to AND result='APPROVED'
) s
GROUP BY stage ORDER BY 1;

12. 2. Time to Auto Verification

sql
SELECT level_target,
PERCENTILE_CONT(0.5) WITHIN GROUP (ORDER BY EXTRACT(EPOCH FROM (COALESCE(decided_at, now()) - started_at))) AS t_median_sec,
PERCENTILE_CONT(0.95) WITHIN GROUP (ORDER BY EXTRACT(EPOCH FROM (COALESCE(decided_at, now()) - started_at))) AS t_p95_sec
FROM kyc.sessions
LEFT JOIN kyc.decisions USING (kyc_id)
WHERE started_at BETWEEN:from AND:to
GROUP BY 1;

12. 3. Quality of frames and causes of retrays

sql
SELECT reason_code, COUNT() AS cnt
FROM (
SELECT CASE
WHEN quality_score < 0.6 THEN 'low_quality'
WHEN mrz_ok = FALSE THEN 'mrz_fail'
WHEN nfc_ok = FALSE THEN 'nfc_fail'
ELSE 'other'
END AS reason_code
FROM kyc.documents
WHERE captured_at BETWEEN:from AND:to
AND doc_id IN (SELECT doc_id FROM kyc.documents GROUP BY doc_id HAVING COUNT() > 1)
) t
GROUP BY 1 ORDER BY cnt DESC;

13) Anti-fraud signals (without "sticks in wheels")

Device-graph and recurring selfies/documents → a quiet escalation on the L2/L3.
Geo-velocity → re-liveness without re-OCR.
BIN-geo mismatch → liveness on deposit, not breaking the entire KYC flow.
VPN/Proxy/Tor → soft request for alternative signal (GPS/SIM) before ban.

14) Best practices (short)

1. Design for the event: KYC is exactly where the user receives value (deposit/withdrawal/limit).
2. Auto-Capcher + Live-Tips; OCR/NFC and passive liveness where possible.
3. Step-up only on signals (geo/conflict/velocity/sanctions) and threshold amounts.
4. Strong resume experience: "Continue from the same step," deep links in letters/SMS.
5. SLA timers and honest statuses are everywhere.
6. Localization/a11u: texts, examples, formats, RTL.
7. Privacy: minimization, encryption, understandable consent, retention policies.
8. Telemetry and quality alerts (glare/blur/NFC).
9. A/B copyright/instruction/step order tests with guardrails on failures.
10. Appeal and manual review docking procedures with clear TAT.

15) Implementation checklist

• L0-L3 level matrix, triggers and step-ups.
• OCR/NFC/liveness/sanctions providers with backups.
• Instruction screen + quality hints; auto-capcher, frames, glare-detection.
• Passive liveness by default, active as fallback.
• Resume mechanics, deep-links, reminders.
• Localization, RTL, a11y, examples of documents by country.
• Privacy/consent, retention, audit-trail.
• Dashboards: step conversion, auto-pass, TAT, frame quality.
• Alerts: abandonment/OCR/NFC/auto-pass/backlog.
• Appeals and manual decision procedures, SLAs.

Resume Summary

Low friction KYC-UX is a risk-based escalation, smart capture technologies (OCR/NFC/liveness), localized instructions, and a strong resume experience. Add transparent deadlines, data minimization, and predictable step-ups - and you simultaneously increase deposit/withdrawal conversion, accelerate compliance, and lower transaction costs for manual checks.